aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort/help_and_info.php2
-rw-r--r--config/snort/snort.inc2784
-rw-r--r--config/snort/snort.xml17
-rw-r--r--config/snort/snort_alerts.php720
-rw-r--r--config/snort/snort_barnyard.php486
-rw-r--r--config/snort/snort_blocked.php569
-rw-r--r--config/snort/snort_check_cron_misc.inc86
-rw-r--r--config/snort/snort_check_for_rule_updates.php652
-rw-r--r--config/snort/snort_define_servers.php804
-rw-r--r--config/snort/snort_download_rules.php867
-rw-r--r--config/snort/snort_download_updates.php582
-rw-r--r--config/snort/snort_dynamic_ip_reload.php50
-rw-r--r--config/snort/snort_gui.inc54
-rw-r--r--config/snort/snort_head.inc156
-rw-r--r--config/snort/snort_interfaces.php712
-rw-r--r--config/snort/snort_interfaces_edit.php1189
-rw-r--r--config/snort/snort_interfaces_global.php712
-rw-r--r--config/snort/snort_interfaces_suppress.php265
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php352
-rw-r--r--config/snort/snort_interfaces_whitelist.php285
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php614
-rw-r--r--config/snort/snort_preprocessors.php570
-rw-r--r--config/snort/snort_rules.php930
-rw-r--r--config/snort/snort_rules_edit.php186
-rw-r--r--config/snort/snort_rulesets.php361
25 files changed, 7170 insertions, 6835 deletions
diff --git a/config/snort/help_and_info.php b/config/snort/help_and_info.php
index 2a66657c..215a055e 100644
--- a/config/snort/help_and_info.php
+++ b/config/snort/help_and_info.php
@@ -1,6 +1,6 @@
<?php
- require_once("guiconfig.inc");
+require_once("guiconfig.inc");
echo '
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 21f06c21..f8798812 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1,33 +1,33 @@
<?php
/* $Id$ */
/*
- snort.inc
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009-2010 Robert Zelaya
- part of pfSense
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort.inc
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009-2010 Robert Zelaya
+ part of pfSense
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("pfsense-utils.inc");
require_once("config.inc");
@@ -63,13 +63,13 @@ $pfsense_theme_is = $config['theme'];
/* func builds custom white lists */
function find_whitelist_key($find_wlist_number) {
- global $config, $g;
+ global $config, $g;
$whitelist_array = $config['installedpackages']['snortglobal']['whitelist']['item'];
$w_key = -1;
foreach ($whitelist_array as $value) {
- $w_key += 1;
+ $w_key += 1;
if ($config['installedpackages']['snortglobal']['whitelist']['item'][$w_key]['uuid'] == $find_wlist_number) {
return $w_key;
}
@@ -78,13 +78,13 @@ function find_whitelist_key($find_wlist_number) {
/* func builds custom suppress lists */
function find_suppress_key($find_slist_number) {
- global $config, $g;
+ global $config, $g;
$suppresslist_array = $config['installedpackages']['snortglobal']['suppress']['item'];
$s_key = -1;
foreach ($suppresslist_array as $value2) {
- $s_key += 1;
+ $s_key += 1;
if ($config['installedpackages']['snortglobal']['suppress']['item'][$s_key]['uuid'] == $find_slist_number) {
return $s_key;
}
@@ -93,126 +93,126 @@ function find_suppress_key($find_slist_number) {
/* func builds custom whitelests */
function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) {
-global $config, $g;
-
- /* build an interface array list */
- $int_array = array('lan');
- for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
- if(isset($config['interfaces']['opt' . $j]['enable']))
- if(!$config['interfaces']['opt' . $j]['gateway'])
- $int_array[] = "opt{$j}";
-
- /* iterate through interface list and write out whitelist items
- * and also compile a home_net list for snort.
- */
- foreach($int_array as $int) {
- /* calculate interface subnet information */
- $ifcfg = &$config['interfaces'][$int];
- $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
- $subnetmask = gen_subnet_mask($ifcfg['subnet']);
- if($subnet == "pppoe" or $subnet == "dhcp") {
- $subnet = find_interface_ip("ng0");
- if($subnet)
- $home_net .= "{$subnet} ";
- } else {
- if ($subnet)
- if($ifcfg['subnet'])
- $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
- }
- }
+ global $config, $g;
+
+ /* build an interface array list */
+ $int_array = array('lan');
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ if(!$config['interfaces']['opt' . $j]['gateway'])
+ $int_array[] = "opt{$j}";
+
+ /* iterate through interface list and write out whitelist items
+ * and also compile a home_net list for snort.
+ */
+ foreach($int_array as $int) {
+ /* calculate interface subnet information */
+ $ifcfg = &$config['interfaces'][$int];
+ $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
+ $subnetmask = gen_subnet_mask($ifcfg['subnet']);
+ if($subnet == "pppoe" or $subnet == "dhcp") {
+ $subnet = find_interface_ip("ng0");
+ if($subnet)
+ $home_net .= "{$subnet} ";
+ } else {
+ if ($subnet)
+ if($ifcfg['subnet'])
+ $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ }
+ }
if($wanip == 'yes') {
- /* add all WAN ips to the whitelist */
- $wan_if = get_real_wan_interface();
- $ip = find_interface_ip($wan_if);
- if($ip)
- $home_net .= "{$ip} ";
+ /* add all WAN ips to the whitelist */
+ $wan_if = get_real_wan_interface();
+ $ip = find_interface_ip($wan_if);
+ if($ip)
+ $home_net .= "{$ip} ";
}
if($wangw == 'yes') {
- /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
- $int = convert_friendly_interface_to_real_interface_name2("WAN");
- $gw = get_interface_gateway($int);
- if($gw)
- $home_net .= "{$gw} ";
+ /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
+ $int = convert_friendly_interface_to_real_interface_name2("WAN");
+ $gw = get_interface_gateway($int);
+ if($gw)
+ $home_net .= "{$gw} ";
}
if($wandns == 'yes') {
- /* Add DNS server for WAN interface to whitelist */
- $dns_servers = get_dns_servers();
- foreach($dns_servers as $dns) {
- if($dns)
- $home_net .= "{$dns} ";
- }
- }
-
- if($vips == 'yes') {
- /* iterate all vips and add to whitelist */
- if($config['virtualip'])
- foreach($config['virtualip']['vip'] as $vip)
- if($vip['subnet'])
- $home_net .= $vip['subnet'] . " ";
- }
-
- /* Add loopback to whitelist (ftphelper) */
- if($userwips > -1 && $build_netlist == 'netlist') {
- $home_net .= "127.0.0.1 ";
- }elseif ($userwips > -1 && $build_netlist == 'whitelist') {
- $home_net .= "127.0.0.1 ";
- }else{
- $home_net .= "127.0.0.1";
+ /* Add DNS server for WAN interface to whitelist */
+ $dns_servers = get_dns_servers();
+ foreach($dns_servers as $dns) {
+ if($dns)
+ $home_net .= "{$dns} ";
}
-
- /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
- if($vpns == 'yes')
- {
- if ($pfsense_stable == 'yes') // chk what pfsense version were on
- {
- $vpns_list = get_vpns_list();
- }
-
- if ($pfsense_stable == 'no') // chk what pfsense version were on
- {
- $vpns_list = filter_get_vpns_list();
- }
- if ($vpns_list != '') {
- $home_net .= "$vpns_list ";
- }
- }
+ }
+
+ if($vips == 'yes') {
+ /* iterate all vips and add to whitelist */
+ if($config['virtualip'])
+ foreach($config['virtualip']['vip'] as $vip)
+ if($vip['subnet'])
+ $home_net .= $vip['subnet'] . " ";
+ }
- /* never ever compair numbers to words */
- if($userwips > -1)
- {
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+ /* Add loopback to whitelist (ftphelper) */
+ if($userwips > -1 && $build_netlist == 'netlist') {
+ $home_net .= "127.0.0.1 ";
+ }elseif ($userwips > -1 && $build_netlist == 'whitelist') {
+ $home_net .= "127.0.0.1 ";
+ }else{
+ $home_net .= "127.0.0.1";
+ }
- $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'];
+ /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
+ if($vpns == 'yes')
+ {
+ if ($pfsense_stable == 'yes') // chk what pfsense version were on
+ {
+ $vpns_list = get_vpns_list();
+ }
+
+ if ($pfsense_stable == 'no') // chk what pfsense version were on
+ {
+ $vpns_list = filter_get_vpns_list();
}
+ if ($vpns_list != '') {
+ $home_net .= "$vpns_list ";
+ }
+ }
+
+ /* never ever compair numbers to words */
+ if($userwips > -1)
+ {
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
- /* this foe whitelistfile, convert spaces to carriage returns */
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'];
+ }
- /* this is for snort.conf */
- $home_net = trim($home_net);
- // $home_net = str_replace(" ", ",", $home_net); // old code
- $home_net = str_replace(",,", ",", $home_net); // by Thrae, helps people with more than one gateway
- $home_net = "[{$home_net}]";
+ /* this foe whitelistfile, convert spaces to carriage returns */
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
+ $whitelist_home_net = str_replace(" ", "\n", $home_net);
- if($build_netlist == 'netlist') {
- return $home_net;
- }
+ /* this is for snort.conf */
+ $home_net = trim($home_net);
+ // $home_net = str_replace(" ", ",", $home_net); // old code
+ $home_net = str_replace(",,", ",", $home_net); // by Thrae, helps people with more than one gateway
+ $home_net = "[{$home_net}]";
- if($build_netlist == 'whitelist') {
- return $whitelist_home_net;
- }
-}
+ if($build_netlist == 'netlist') {
+ return $home_net;
+ }
+
+ if($build_netlist == 'whitelist') {
+ return $whitelist_home_net;
+ }
+}
/* checks to see if snort is running yes/no and stop/start */
- function Running_Ck($snort_uuid, $if_real, $id) {
- global $config;
-
+function Running_Ck($snort_uuid, $if_real, $id) {
+ global $config;
+
$snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
if(snort_up_ck == ''){
@@ -222,28 +222,28 @@ global $config, $g;
if(snort_up_ck != ''){
- //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
- //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
- //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
+ //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'");
+ //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
+ //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'");
- /* use ob_clean to clear output buffer, this code needs to be watched */
- ob_clean();
- $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'", $retval);
+ /* use ob_clean to clear output buffer, this code needs to be watched */
+ ob_clean();
+ $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'", $retval);
- if ($snort_up_prell != "") {
- $snort_uph = 'yes';
- }else{
- $snort_uph = 'no';
+ if ($snort_up_prell != "") {
+ $snort_uph = 'yes';
+ }else{
+ $snort_uph = 'no';
}
}
return $snort_uph;
- }
+}
/* checks to see if barnyard2 is running yes/no */
- function Running_Ck_b($snort_uuid, $if_real, $id) {
- global $config;
-
+function Running_Ck_b($snort_uuid, $if_real, $id) {
+ global $config;
+
$snort_up_ck_b = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$2;}' | sed 1q");
if($snort_up_ck_b == ''){
@@ -252,115 +252,115 @@ global $config, $g;
}
if(snort_up_ck_b != ''){
-
- //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
- //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
- //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
- /* use ob_clean to clear output buffer, this code needs to be watched */
- ob_clean();
- $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
+ //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
+ //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
+ //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'");
- if ($snort_up_pre_b != '') {
- $snort_up_b = 'yes';
- }else{
- $snort_up_b = 'no';
+ /* use ob_clean to clear output buffer, this code needs to be watched */
+ ob_clean();
+ $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
+
+ if ($snort_up_pre_b != '') {
+ $snort_up_b = 'yes';
+ }else{
+ $snort_up_b = 'no';
}
}
return $snort_up_b;
- }
+}
+
+function Running_Stop($snort_uuid, $if_real, $id) {
+ global $config;
+
+ /* if snort.sh crashed this will remove the pid */
+ exec('/bin/rm /tmp/snort.sh.pid');
- function Running_Stop($snort_uuid, $if_real, $id) {
- global $config;
-
- /* if snort.sh crashed this will remove the pid */
- exec('/bin/rm /tmp/snort.sh.pid');
-
$start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
-
+
$start2_upb_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'");
$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
- if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
+ if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
+ {
+ if ($start_up_s != "")
{
- if ($start_up_s != "")
- {
- exec("/bin/kill {$start_up_s}");
- exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_s != "")
- {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start_up_r != "")
- {
- exec("/bin/kill {$start_up_r}");
- exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
- exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
- }
-
- if ($start2_upb_r != "")
- {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
+ exec("/bin/kill {$start_up_s}");
+ exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
+ exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
}
- }
-
- function Running_Start($snort_uuid, $if_real, $id) {
- global $config;
-
- /* if snort.sh crashed this will remove the pid */
- exec('/bin/rm /tmp/snort.sh.pid');
+ if ($start2_upb_s != "")
+ {
+ exec("/bin/kill {$start2_upb_s}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
- $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
- if ($snort_info_chk == 'on') {
- exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ if ($start_up_r != "")
+ {
+ exec("/bin/kill {$start_up_r}");
+ exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
+ exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*");
}
- /* define snortbarnyardlog_chk */
- /* top will have trouble if the uuid is to far back */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') {
- exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
+
+ if ($start2_upb_r != "")
+ {
+ exec("/bin/kill {$start2_upb_r}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
}
-
+
/* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
}
+}
+
+
+function Running_Start($snort_uuid, $if_real, $id) {
+ global $config;
+
+ /* if snort.sh crashed this will remove the pid */
+ exec('/bin/rm /tmp/snort.sh.pid');
+
+ $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable'];
+ if ($snort_info_chk == 'on') {
+ exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ }
+ /* define snortbarnyardlog_chk */
+ /* top will have trouble if the uuid is to far back */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') {
+ exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q");
+ }
+
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'");
+}
/* get the real iface name of wan */
function convert_friendly_interface_to_real_interface_name2($interface)
{
- global $config;
-
- $lc_interface = strtolower($interface);
- if($lc_interface == "lan") return $config['interfaces']['lan']['if'];
- if($lc_interface == "wan") return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
- $ifdescrs['opt' . $j] = "opt" . $j;
- foreach ($ifdescrs as $ifdescr => $ifname)
- {
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- }
-
- return $interface;
+ global $config;
+
+ $lc_interface = strtolower($interface);
+ if($lc_interface == "lan") return $config['interfaces']['lan']['if'];
+ if($lc_interface == "wan") return $config['interfaces']['wan']['if'];
+ $ifdescrs = array();
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ foreach ($ifdescrs as $ifdescr => $ifname)
+ {
+ if(strtolower($ifname) == $lc_interface)
+ return $config['interfaces'][$ifname]['if'];
+ if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)
+ return $config['interfaces'][$ifname]['if'];
+ }
+
+ return $interface;
}
@@ -370,158 +370,158 @@ ini_set('max_input_time', '9999');
/* define oinkid */
if($config['installedpackages']['snortglobal'])
- $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
-
-/*
-this code block is for deleteing logs while keeping the newest file,
-snort is linked to these files while running, do not take the easy way out
-by touch and rm, snort will lose sync and not log.
-this code needs to be watched.
-*/
+/*
+ this code block is for deleteing logs while keeping the newest file,
+ snort is linked to these files while running, do not take the easy way out
+ by touch and rm, snort will lose sync and not log.
+
+ this code needs to be watched.
+ */
/* list dir files */
function snort_file_list($snort_log_dir, $snort_log_file)
{
- $dir = opendir ("$snort_log_dir");
- while (false !== ($file = readdir($dir))) {
- if (strpos($file, "$snort_log_file",1) ) {
- $file_list[] = $file;
- }
- }
- return $file_list;
+ $dir = opendir ("$snort_log_dir");
+ while (false !== ($file = readdir($dir))) {
+ if (strpos($file, "$snort_log_file",1) ) {
+ $file_list[] = $file;
+ }
+ }
+ return $file_list;
}
/* snort dir files */
function snort_file_sort($snort_file1, $snort_file2)
{
- if ($snort_file1 == $snort_file2) {
- return 0;
- }
- return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array
+ if ($snort_file1 == $snort_file2) {
+ return 0;
+ }
+ return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array
}
/* build files newest first array */
function snort_build_order($snort_list)
{
- foreach ($snort_list as $value_list) {
- $list_order[] = $value_list;
- }
- return $list_order;
+ foreach ($snort_list as $value_list) {
+ $list_order[] = $value_list;
+ }
+ return $list_order;
}
/* keep the newest remove the rest */
function snort_remove_files($snort_list_rm, $snort_file_safe)
{
- foreach ($snort_list_rm as $value_list)
- {
- if ($value_list != $snort_file_safe) {
- exec("/bin/rm /var/log/snort/$value_list");
- }else{
- exec("/bin/echo '' > /var/log/snort/$snort_file_safe");
- }
- }
+ foreach ($snort_list_rm as $value_list)
+ {
+ if ($value_list != $snort_file_safe) {
+ exec("/bin/rm /var/log/snort/$value_list");
+ }else{
+ exec("/bin/echo '' > /var/log/snort/$snort_file_safe");
+ }
+ }
}
function post_delete_logs()
{
global $config, $g;
-
+
$snort_log_dir = '/var/log/snort';
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
{
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value)
- {
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id = -1;
+ foreach ($rule_array as $value)
+ {
- if ($id == '') {
+ if ($id == '') {
$id = 0;
- }
+ }
- $id += 1;
+ $id += 1;
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- if ($if_real != '' && $snort_uuid != '')
+ if ($if_real != '' && $snort_uuid != '')
+ {
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on')
{
- if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on')
- {
- $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
- $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
- if (is_array($snort_list_u2)) {
- usort($snort_list_u2, "snort_file_sort");
- $snort_u2_rm_list = snort_build_order($snort_list_u2);
- snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
- }
- }else{
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
+ $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2.";
+ $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2);
+ if (is_array($snort_list_u2)) {
+ usort($snort_list_u2, "snort_file_sort");
+ $snort_u2_rm_list = snort_build_order($snort_list_u2);
+ snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]);
}
+ }else{
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*");
+ }
- if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on')
- {
- $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
- $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
- if (is_array($snort_list_tcpd)) {
- usort($snort_list_tcpd, "snort_file_sort");
- $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
- snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
- }
- }else{
- exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on')
+ {
+ $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump.";
+ $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd);
+ if (is_array($snort_list_tcpd)) {
+ usort($snort_list_tcpd, "snort_file_sort");
+ $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
+ snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
}
+ }else{
+ exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*");
+ }
- /* create barnyard2 configuration file */
- //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on')
- //create_barnyard2_conf($id, $if_real, $snort_uuid);
+ /* create barnyard2 configuration file */
+ //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on')
+ //create_barnyard2_conf($id, $if_real, $snort_uuid);
- if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on)
- {
- exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats");
- }
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on)
+ {
+ exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats");
}
}
+ }
}
}
-
+
function snort_postinstall()
{
global $config;
conf_mount_rw();
-
-/* find out if were in 1.2.3-RELEASE */
-$pfsense_ver_chk = exec('/bin/cat /etc/version');
-if ($pfsense_ver_chk == '1.2.3-RELEASE')
-{
- $pfsense_stable = 'yes';
-}else{
- $pfsense_stable = 'no';
-}
-/* find out what arch where in x86 , x64 */
-$snort_arch_ck = '';
-exec('/usr/bin/uname -m', $snort_arch_ck);
-if($snort_arch_ck[0] == 'i386') {
- $snort_arch = 'x86';
-}else{
- $snort_arch = 'x64';
-}
-
+ /* find out if were in 1.2.3-RELEASE */
+ $pfsense_ver_chk = exec('/bin/cat /etc/version');
+ if ($pfsense_ver_chk == '1.2.3-RELEASE')
+ {
+ $pfsense_stable = 'yes';
+ }else{
+ $pfsense_stable = 'no';
+ }
+
+ /* find out what arch where in x86 , x64 */
+ $snort_arch_ck = '';
+ exec('/usr/bin/uname -m', $snort_arch_ck);
+ if($snort_arch_ck[0] == 'i386') {
+ $snort_arch = 'x86';
+ }else{
+ $snort_arch = 'x64';
+ }
+
/* snort -> advanced features */
$bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize'];
$bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize'];
$bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns'];
/* cleanup default files */
- if(file_exists('/usr/local/etc/snort/snort.conf-sample'))
+ if(file_exists('/usr/local/etc/snort/snort.conf-sample'))
{
exec('/bin/rm /usr/local/etc/snort/snort.conf-sample');
exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample');
@@ -535,45 +535,45 @@ if($snort_arch_ck[0] == 'i386') {
exec('/bin/rm /usr/local/etc/rc.d/snort');
exec('/bin/rm /usr/local/etc/rc.d/bardyard2');
}
-
+
/* remove example files */
if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0'))
{
exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*');
}
-
+
if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so'))
{
exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*');
}
-
+
/* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */
exec('/usr/sbin/pw groupadd snort -g 920');
exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin');
- /* create a few directories and ensure the sample files are in place */
+ /* create a few directories and ensure the sample files are in place */
if(!file_exists('/usr/local/etc/snort'))
{
exec('/bin/mkdir -p /usr/local/etc/snort');
}
-
+
if(!file_exists('/usr/local/etc/snort/custom_rules'))
{
exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules/');
}
-
+
if(!file_exists('/usr/local/etc/snort/whitelist'))
{
exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
}
-
+
if(!file_exists('/var/log/snort/run'))
{
exec('/bin/mkdir -p /var/log/snort/run');
}
-
+
if(!file_exists('/var/log/snort/barnyard2'))
{
exec('/bin/mkdir -p /var/log/snort/barnyard2/');
@@ -583,7 +583,7 @@ if($snort_arch_ck[0] == 'i386') {
{
exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
}
-
+
if(!file_exists('/var/db/whitelist'))
{
touch('/var/db/whitelist');
@@ -596,12 +596,12 @@ if($snort_arch_ck[0] == 'i386') {
exec('/bin/rm -rf /var/log/snort/*');
touch('/var/log/snort/alert');
}
-
+
/* rm barnyard2 important */
if(!file_exists('/usr/local/bin/barnyard2')) {
exec('/bin/rm /usr/local/bin/barnyard2');
}
-
+
/* important */
exec('/usr/sbin/chown -R snort:snort /var/log/snort');
exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort');
@@ -625,7 +625,7 @@ if($snort_arch_ck[0] == 'i386') {
exec('/bin/mkdir -p /usr/local/www/snort/css');
exec('/bin/mkdir -p /usr/local/www/snort/images');
exec('/bin/mkdir -p /usr/local/www/snort/javascript');
-
+
chdir ("/usr/local/www/snort/css/");
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/colorbox.css');
@@ -656,10 +656,10 @@ if($snort_arch_ck[0] == 'i386') {
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/sortableTable.js');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/row_helper.js');
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/prototype.js');
-
+
/* install barnyard2 for 2.0 x86 x64 and 1.2.3 x86 */
chdir ("/usr/local/bin/");
-
+
update_status(gettext("Installing Barnyard2 for $snort_arch..."));
update_output_window(gettext("Please wait..."));
if ($pfsense_stable == 'yes') {
@@ -669,24 +669,24 @@ if($snort_arch_ck[0] == 'i386') {
if ($pfsense_stable == 'no' && $snort_arch == 'x86') {
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1x86/barnyard2');
}
-
+
if ($pfsense_stable == 'no' && $snort_arch == 'x64') {
exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1x64/barnyard2');
}
update_output_window(gettext("Finnished Installing Barnyard2..."));
-
+
exec('/bin/chmod 755 /usr/local/bin/barnyard2');
-
-
+
+
/* install perl-threaded */
/* TODO: invoke this through pkg_util.inc */
if(!file_exists('/tmp/pkg_s'))
{
exec('/bin/mkdir -p /tmp/pkg_s');
}
-
+
chdir ('/tmp/pkg_s');
-
+
update_status(gettext("Installing perl-threaded for $snort_arch..."));
update_output_window(gettext("Please wait downloading..."));
if ($pfsense_stable == 'yes') {
@@ -696,7 +696,7 @@ if($snort_arch_ck[0] == 'i386') {
if ($pfsense_stable == 'no' && $snort_arch == 'x86') {
exec('/usr/bin/fetch http://files.pfsense.org/packages/snort//8.1x86/perl-threaded-5.12.1_1.tbz');
}
-
+
if ($pfsense_stable == 'no' && $snort_arch == 'x64') {
exec('/usr/bin/fetch http://files.pfsense.org/packages/snort/8.1x64/perl-threaded-5.12.1_1.tbz');
}
@@ -705,17 +705,17 @@ if($snort_arch_ck[0] == 'i386') {
if(file_exists('/tmp/pkg_s/perl-threaded-5.12.1_1.tbz')){
exec('/usr/sbin/pkg_add -f /tmp/pkg_s/perl-threaded-5.12.1_1.tbz');
}
-
+
update_output_window(gettext("Please wait Cleaning Up..."));
if(file_exists('/tmp/pkg_s/')){
exec('/bin/rm -r /tmp/pkg_s/');
- }
-
- update_output_window(gettext("Finnished Installing perl-threaded..."));
-
+ }
+
+ update_output_window(gettext("Finnished Installing perl-threaded..."));
+
/* back to default */
chdir ('/root/');
-
+
/* make sure snort-old is deinstalled */
/* remove when snort-old is removed */
unset($config['installedpackages']['snort']);
@@ -725,7 +725,7 @@ if($snort_arch_ck[0] == 'i386') {
unset($config['installedpackages']['snortadvanced']);
write_config();
conf_mount_rw();
-
+
/* remake saved settings */
if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
update_status(gettext("Saved settings detected..."));
@@ -733,318 +733,318 @@ if($snort_arch_ck[0] == 'i386') {
sync_snort_package_empty();
update_output_window(gettext("Finnished Rebuilding files..."));
}
-
+
conf_mount_ro();
-
-}
-
-function sync_package_snort_reinstall()
+
+}
+
+function sync_package_snort_reinstall()
{
global $config;
conf_mount_rw();
-
+
if(!$config['installedpackages']['snortglobal'])
- return;
-
+ return;
+
/* create snort configuration file */
create_snort_conf();
-
+
/* start snort service */
// start_service("snort"); // do not start, may be needed latter.
-
+
conf_mount_ro();
}
function snort_Getdirsize($node) {
- if(!is_readable($node))
- return false;
+ if(!is_readable($node))
+ return false;
- $blah = exec( "/usr/bin/du -kd $node" );
- return substr( $blah, 0, strpos($blah, 9) );
+ $blah = exec( "/usr/bin/du -kd $node" );
+ return substr( $blah, 0, strpos($blah, 9) );
}
/* func for log dir size limit cron */
function snort_snortloglimit_install_cron($should_install) {
- global $config, $g;
-
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
- $snort_snortloglimitsize_info_ck = $config['installedpackages']['snortglobal']['snortloglimitsize'];
-
- switch($should_install) {
- case true:
- if(!$is_installed) {
-
- $cron_item = array();
- $cron_item['minute'] = "*/5";
- $cron_item['hour'] = "*";
- $cron_item['mday'] = "*";
- $cron_item['month'] = "*";
- $cron_item['wday'] = "*";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
- $config['cron']['item'][] = $cron_item;
- write_config('Installed snort log limit size');
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
- }
+ global $config, $g;
+
+ if ($g['booting']==true)
+ return;
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+
+ $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
+ $snort_snortloglimitsize_info_ck = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+
+ $cron_item = array();
+ $cron_item['minute'] = "*/5";
+ $cron_item['hour'] = "*";
+ $cron_item['mday'] = "*";
+ $cron_item['month'] = "*";
+ $cron_item['wday'] = "*";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
+ $config['cron']['item'][] = $cron_item;
+ write_config('Installed snort log limit size');
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ }
}
/* func for updating cron */
-function snort_rm_blocked_install_cron($should_install)
+function snort_rm_blocked_install_cron($should_install)
{
- global $config, $g;
+ global $config, $g;
- if ($g['booting']==true)
- return;
+ if ($g['booting']==true)
+ return;
- $is_installed = false;
+ $is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if(!$config['cron']['item'])
+ return;
- $x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
- {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b")
- {
- $snort_rm_blocked_min = "*/5";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "3600";
- }
- if ($snort_rm_blocked_info_ck == "3h_b")
- {
- $snort_rm_blocked_min = "*/15";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "10800";
- }
- if ($snort_rm_blocked_info_ck == "6h_b")
- {
- $snort_rm_blocked_min = "*/30";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "21600";
- }
- if ($snort_rm_blocked_info_ck == "12h_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/1";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "43200";
- }
- if ($snort_rm_blocked_info_ck == "1d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/2";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "86400";
- }
- if ($snort_rm_blocked_info_ck == "4d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/8";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "345600";
- }
- if ($snort_rm_blocked_info_ck == "7d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/14";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "604800";
- }
- if ($snort_rm_blocked_info_ck == "28d_b")
- {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "0";
- $snort_rm_blocked_mday = "*/2";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "2419200";
- }
- switch($should_install)
+ $x=0;
+ foreach($config['cron']['item'] as $item)
+ {
+ if (strstr($item['command'], "snort2c"))
{
- case true:
- if(!$is_installed)
- {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules");
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
- case false:
- if($is_installed == true)
- {
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
+ $is_installed = true;
+ break;
}
+ $x++;
+ }
+
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ if ($snort_rm_blocked_info_ck == "1h_b")
+ {
+ $snort_rm_blocked_min = "*/5";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "3600";
+ }
+ if ($snort_rm_blocked_info_ck == "3h_b")
+ {
+ $snort_rm_blocked_min = "*/15";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "10800";
+ }
+ if ($snort_rm_blocked_info_ck == "6h_b")
+ {
+ $snort_rm_blocked_min = "*/30";
+ $snort_rm_blocked_hr = "*";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "21600";
+ }
+ if ($snort_rm_blocked_info_ck == "12h_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/1";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "43200";
+ }
+ if ($snort_rm_blocked_info_ck == "1d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/2";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "86400";
+ }
+ if ($snort_rm_blocked_info_ck == "4d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/8";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "345600";
+ }
+ if ($snort_rm_blocked_info_ck == "7d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "*/14";
+ $snort_rm_blocked_mday = "*";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "604800";
+ }
+ if ($snort_rm_blocked_info_ck == "28d_b")
+ {
+ $snort_rm_blocked_min = "2";
+ $snort_rm_blocked_hr = "0";
+ $snort_rm_blocked_mday = "*/2";
+ $snort_rm_blocked_month = "*";
+ $snort_rm_blocked_wday = "*";
+ $snort_rm_blocked_expire = "2419200";
+ }
+ switch($should_install)
+ {
+ case true:
+ if(!$is_installed)
+ {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rm_blocked_min";
+ $cron_item['hour'] = "$snort_rm_blocked_hr";
+ $cron_item['mday'] = "$snort_rm_blocked_mday";
+ $cron_item['month'] = "$snort_rm_blocked_month";
+ $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules");
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ case false:
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ }
}
/* func to install snort update */
function snort_rules_up_install_cron($should_install) {
- global $config, $g;
+ global $config, $g;
- if ($g['booting']==true)
- return;
+ if ($g['booting']==true)
+ return;
- $is_installed = false;
+ $is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if(!$config['cron']['item'])
+ return;
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "6h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/6";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "12h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/12";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "1d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/1";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "4d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/4";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "7d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/7";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "28d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/28";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
- break;
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
}
+ $x++;
+ }
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+ if ($snort_rules_up_info_ck == "6h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/6";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "12h_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "*/12";
+ $snort_rules_up_mday = "*";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "1d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/1";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "4d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/4";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "7d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/7";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ if ($snort_rules_up_info_ck == "28d_up") {
+ $snort_rules_up_min = "3";
+ $snort_rules_up_hr = "0";
+ $snort_rules_up_mday = "*/28";
+ $snort_rules_up_month = "*";
+ $snort_rules_up_wday = "*";
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "$snort_rules_up_min";
+ $cron_item['hour'] = "$snort_rules_up_hr";
+ $cron_item['mday'] = "$snort_rules_up_mday";
+ $cron_item['month'] = "$snort_rules_up_month";
+ $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
+ $config['cron']['item'][] = $cron_item;
+ write_config("Installed 15 minute filter reload for Time Based Rules");
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
+ exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
+ }
+ break;
+ }
}
function sync_snort_package_remove_old()
@@ -1052,44 +1052,44 @@ function sync_snort_package_remove_old()
global $config, $g;
-$snort_dir_scan = '/usr/local/etc/snort';
+ $snort_dir_scan = '/usr/local/etc/snort';
-// scan dirm might have to make this into a funtion
-$dh_scan = opendir($snort_dir_scan);
-while (false !== ($dir_filename = readdir($dh_scan))) {
- $list_dir_files[] = $dir_filename;
-}
+ // scan dirm might have to make this into a funtion
+ $dh_scan = opendir($snort_dir_scan);
+ while (false !== ($dir_filename = readdir($dh_scan))) {
+ $list_dir_files[] = $dir_filename;
+ }
-// find patern in a array, very cool code
-class array_ereg {
- function array_ereg($pattern) { $this->pattern = $pattern; }
- function ereg($string) {
- return ereg($this->pattern, $string);
- }
-}
+ // find patern in a array, very cool code
+ class array_ereg {
+ function array_ereg($pattern) { $this->pattern = $pattern; }
+ function ereg($string) {
+ return ereg($this->pattern, $string);
+ }
+ }
- $rule_array2 = $config['installedpackages']['snortglobal']['rule'];
- $id2 = -1;
- foreach ($rule_array2 as $value)
- {
+ $rule_array2 = $config['installedpackages']['snortglobal']['rule'];
+ $id2 = -1;
+ foreach ($rule_array2 as $value)
+ {
- $id += 1;
+ $id += 1;
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $snort_rules_list[] = "snort_$id$if_real";
+ $snort_rules_list[] = "snort_$id$if_real";
- }
+ }
-$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
-$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
+ $snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg'));
+ $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list);
- foreach ($snort_dir_filter_search_result as $value)
- {
- exec("rm -r /usr/local/etc/snort/$value");
- }
+ foreach ($snort_dir_filter_search_result as $value)
+ {
+ exec("rm -r /usr/local/etc/snort/$value");
+ }
}
@@ -1102,25 +1102,25 @@ function sync_snort_package()
/* all new files are for the user snort nologin */
if(!file_exists('/var/log/snort'))
{
- exec('/bin/mkdir -p /var/log/snort');
+ exec('/bin/mkdir -p /var/log/snort');
}
-
+
if(!file_exists('/var/log/snort/run'))
{
exec('/bin/mkdir -p /var/log/snort/run');
}
-
+
if(!file_exists('/var/log/snort/barnyard2'))
{
exec('/bin/mkdir -p /var/log/snort/barnyard2');
}
-
+
/* all new files are for the user snort nologin */
if(!file_exists('/var/log/snort/alert'))
{
exec('/usr/bin/touch /var/log/snort/alert');
}
-
+
/* important */
exec('/usr/sbin/chown -R snort:snort /var/log/snort');
exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort');
@@ -1134,22 +1134,30 @@ function sync_snort_package()
exec('/bin/chmod -R 770 /var/log/snort');
exec('/bin/chmod -R 770 /usr/local/lib/snort');
exec('/bin/chmod -R 770 /usr/local/etc/snort/');
-
+
/* auto install loglimit dfault if value not set */
$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+ $snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
+
+ if ($snortloglimit == '') {
+ /* code will set limit to 21% of slice that is unused */
+ $config['installedpackages']['snortglobal']['snortloglimit'] = 'on';
+ write_config();
+ conf_mount_rw();
+ }
if ($snortloglimitsize == '') {
/* code will set limit to 21% of slice that is unused */
- $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .21 / 1024);
+ $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
$config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize;
write_config();
- conf_mount_rw();
+ conf_mount_rw();
}
-
+
$snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
if ($snort_snortloglimit_info_ck == '') {
- snort_snortloglimit_install_cron('');
- snort_snortloglimit_install_cron('true');
+ snort_snortloglimit_install_cron('');
+ snort_snortloglimit_install_cron('true');
}
conf_mount_ro();
@@ -1161,54 +1169,54 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
//global $config, $g, $id, $if_real, $snort_uuid, $interface_fake;
global $config, $g;
-/* RedDevil suggested code */
-/* TODO: more testing needs to be done */
-/* may cause voip to fail */
-//exec("/sbin/sysctl net.bpf.bufsize=8388608");
-//exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
-//exec("/sbin/sysctl net.bpf.maxinsns=512");
-//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+ /* RedDevil suggested code */
+ /* TODO: more testing needs to be done */
+ /* may cause voip to fail */
+ //exec("/sbin/sysctl net.bpf.bufsize=8388608");
+ //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+ //exec("/sbin/sysctl net.bpf.maxinsns=512");
+ //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
-# Error checking
-if ($id != '' && $if_real != '') //new
-{
- /* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
+ # Error checking
+ if ($id != '' && $if_real != '') //new
{
+ /* do not start config build if rules is empty */
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
+ {
- conf_mount_rw();
+ conf_mount_rw();
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
- create_snort_whitelist($id, $if_real);
- }
-
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
- create_snort_suppress($id, $if_real);
- }
-
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
- create_barnyard2_conf($id, $if_real, $snort_uuid);
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
+
+ /* only build whitelist when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
+ create_snort_whitelist($id, $if_real);
+ }
- sync_snort_package();
+ /* only build threshold when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
+ create_snort_suppress($id, $if_real);
+ }
- conf_mount_ro();
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
+ create_barnyard2_conf($id, $if_real, $snort_uuid);
+
+ sync_snort_package();
+
+ conf_mount_ro();
}
}
}
@@ -1218,19 +1226,19 @@ function sync_snort_package_empty()
{
global $config, $g;
conf_mount_rw();
-
-/* RedDevil suggested code */
-/* TODO: more testing needs to be done */
-/* may cause voip to fail */
-//exec("/sbin/sysctl net.bpf.bufsize=8388608");
-//exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
-//exec("/sbin/sysctl net.bpf.maxinsns=512");
-//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+
+ /* RedDevil suggested code */
+ /* TODO: more testing needs to be done */
+ /* may cause voip to fail */
+ //exec("/sbin/sysctl net.bpf.bufsize=8388608");
+ //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+ //exec("/sbin/sysctl net.bpf.maxinsns=512");
+ //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
{
- if ($id == "")
+ if ($id == "")
{
$rule_array = $config['installedpackages']['snortglobal']['rule'];
@@ -1239,7 +1247,7 @@ function sync_snort_package_empty()
{
if ($id == '') {
- $id = 0;
+ $id = 0;
}
$id += 1;
@@ -1249,36 +1257,36 @@ function sync_snort_package_empty()
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
if ($if_real != '' && $snort_uuid != '') {
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
- /* if rules exist cp rules to each iface */
- create_rules_iface($id, $if_real, $snort_uuid);
-
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
- create_snort_whitelist($id, $if_real);
- }
-
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
- create_snort_suppress($id, $if_real);
- }
+ /* if rules exist cp rules to each iface */
+ create_rules_iface($id, $if_real, $snort_uuid);
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
+ /* only build whitelist when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
+ create_snort_whitelist($id, $if_real);
+ }
+
+ /* only build threshold when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
+ create_snort_suppress($id, $if_real);
+ }
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
create_barnyard2_conf($id, $if_real, $snort_uuid);
}
}
- /* create snort bootup file snort.sh only create once */
- create_snort_sh();
+ /* create snort bootup file snort.sh only create once */
+ create_snort_sh();
- sync_snort_package();
-
- conf_mount_ro();
+ sync_snort_package();
+
+ conf_mount_ro();
}
}
@@ -1289,19 +1297,19 @@ function sync_snort_package_config()
{
global $config, $g;
conf_mount_rw();
-
-/* RedDevil suggested code */
-/* TODO: more testing needs to be done */
-/* may cause voip to fail */
-//exec("/sbin/sysctl net.bpf.bufsize=8388608");
-//exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
-//exec("/sbin/sysctl net.bpf.maxinsns=512");
-//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
+
+ /* RedDevil suggested code */
+ /* TODO: more testing needs to be done */
+ /* may cause voip to fail */
+ //exec("/sbin/sysctl net.bpf.bufsize=8388608");
+ //exec("/sbin/sysctl net.bpf.maxbufsize=4194304");
+ //exec("/sbin/sysctl net.bpf.maxinsns=512");
+ //exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
{
- if ($id == "")
+ if ($id == "")
{
$rule_array = $config['installedpackages']['snortglobal']['rule'];
@@ -1310,7 +1318,7 @@ function sync_snort_package_config()
{
if ($id == '') {
- $id = 0;
+ $id = 0;
}
$id += 1;
@@ -1320,30 +1328,30 @@ function sync_snort_package_config()
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
if ($if_real != '' && $snort_uuid != '') {
-
- /* create snort configuration file */
- create_snort_conf($id, $if_real, $snort_uuid);
-
- /* only build whitelist when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
- create_snort_whitelist($id, $if_real);
- }
-
- /* only build threshold when needed */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
- create_snort_suppress($id, $if_real);
- }
-
- /* create barnyard2 configuration file */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- if ($snortbarnyardlog_info_chk == 'on')
+
+ /* create snort configuration file */
+ create_snort_conf($id, $if_real, $snort_uuid);
+
+ /* only build whitelist when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){
+ create_snort_whitelist($id, $if_real);
+ }
+
+ /* only build threshold when needed */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){
+ create_snort_suppress($id, $if_real);
+ }
+
+ /* create barnyard2 configuration file */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ if ($snortbarnyardlog_info_chk == 'on')
create_barnyard2_conf($id, $if_real, $snort_uuid);
}
}
- sync_snort_package();
-
- conf_mount_ro();
+ sync_snort_package();
+
+ conf_mount_ro();
}
}
@@ -1356,158 +1364,158 @@ function sync_snort_package_config()
/* create threshold file */
/* TODO: other func should mirror this code */
function create_snort_suppress($id, $if_real) {
-
- global $config, $g;
- conf_mount_rw();
-
- /* make sure dir is there */
- if (!file_exists('/usr/local/etc/snort/suppress/')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/suppress/');
- }
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
-
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt);
-
- $whitelist_key_s = find_suppress_key($slist_num_wrt[0]);
-
- /* file name */
- $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
-
- /* Message */
- $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
-
- /* user added arguments */
- $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
-
- /* open snort's whitelist for writing */
- $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w");
- if(!$suppresslist_w) {
- log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing.");
- return;
- }
-
- fwrite($suppresslist_w, $s_data);
- fclose($suppresslist_w);
- conf_mount_ro();
-
- }
-
+
+ global $config, $g;
+ conf_mount_rw();
+
+ /* make sure dir is there */
+ if (!file_exists('/usr/local/etc/snort/suppress/')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/suppress/');
+ }
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') {
+
+ preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt);
+
+ $whitelist_key_s = find_suppress_key($slist_num_wrt[0]);
+
+ /* file name */
+ $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name'];
+
+ /* Message */
+ $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n";
+
+ /* user added arguments */
+ $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru']));
+
+ /* open snort's whitelist for writing */
+ $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w");
+ if(!$suppresslist_w) {
+ log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing.");
+ return;
+ }
+
+ fwrite($suppresslist_w, $s_data);
+ fclose($suppresslist_w);
+ conf_mount_ro();
+
+ }
+
}
function create_snort_whitelist($id, $if_real) {
-
- global $config, $g;
- conf_mount_rw();
-
- /* make sure dir is there */
- if (!file_exists('/usr/local/etc/snort/whitelist/')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
- }
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') {
-
- /* open snort's whitelist for writing */
- $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w");
- if(!$whitelist_w) {
- log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing.");
- return;
- }
-
- $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
-
- }else{
-
- preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt);
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt);
-
- $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]);
-
- $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype'];
- $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips'];
- $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips'];
- $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips'];
- $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips'];
- $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips'];
-
- /* open snort's whitelist for writing */
- $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w");
- if(!$whitelist_w) {
- log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing.");
- return;
- }
-
- $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w);
-
- }
-
- fwrite($whitelist_w, $w_data);
- fclose($whitelist_w);
- conf_mount_ro();
-
+
+ global $config, $g;
+ conf_mount_rw();
+
+ /* make sure dir is there */
+ if (!file_exists('/usr/local/etc/snort/whitelist/')) {
+ exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/');
+ }
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') {
+
+ /* open snort's whitelist for writing */
+ $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w");
+ if(!$whitelist_w) {
+ log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing.");
+ return;
+ }
+
+ $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
+
+ }else{
+
+ preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt);
+ preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt);
+
+ $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]);
+
+ $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype'];
+ $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips'];
+ $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips'];
+ $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips'];
+ $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips'];
+ $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips'];
+
+ /* open snort's whitelist for writing */
+ $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w");
+ if(!$whitelist_w) {
+ log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing.");
+ return;
+ }
+
+ $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w);
+
+ }
+
+ fwrite($whitelist_w, $w_data);
+ fclose($whitelist_w);
+ conf_mount_ro();
+
}
function create_snort_homenet($id, $if_real) {
-
- global $config, $g;
- conf_mount_rw();
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') {
- return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
- }else{
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt);
-
- $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]);
-
- $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype'];
- $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips'];
- $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips'];
- $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips'];
- $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips'];
- $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips'];
-
- return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h);
-
- }
-
- conf_mount_ro();
-
+
+ global $config, $g;
+ conf_mount_rw();
+
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') {
+ return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no');
+ }else{
+ preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt);
+
+ $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]);
+
+ $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype'];
+ $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips'];
+ $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips'];
+ $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips'];
+ $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips'];
+ $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips'];
+
+ return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h);
+
+ }
+
+ conf_mount_ro();
+
}
function create_snort_externalnet($id, $if_real) {
-
- global $config, $g;
- conf_mount_rw();
-
- preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt);
-
- $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]);
-
- $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype'];
- $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips'];
- $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips'];
- $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips'];
- $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips'];
- $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips'];
-
- return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex);
-
- conf_mount_ro();
-
+
+ global $config, $g;
+ conf_mount_rw();
+
+ preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt);
+
+ $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]);
+
+ $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype'];
+ $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips'];
+ $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips'];
+ $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips'];
+ $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips'];
+ $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips'];
+
+ return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex);
+
+ conf_mount_ro();
+
}
/* open snort.sh for writing" */
function create_snort_sh()
{
- # Don not add $id or this will break
+ # Don not add $id or this will break
- global $config, $g;
- conf_mount_rw();
+ global $config, $g;
+ conf_mount_rw();
/* do not start config build if rules is empty */
- if (!empty($config['installedpackages']['snortglobal']['rule']))
+ if (!empty($config['installedpackages']['snortglobal']['rule']))
{
- if ($id == "")
+ if ($id == "")
{
$rule_array = $config['installedpackages']['snortglobal']['rule'];
@@ -1515,23 +1523,23 @@ function create_snort_sh()
foreach ($rule_array as $value)
{
- $id += 1;
+ $id += 1;
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
- $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
-
- if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
- $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
- }
-
-/* Get all interface startup commands ready */
+ /* define snortbarnyardlog_chk */
+ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'];
+ $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
-$snort_sh_text2[] = <<<EOD
+ if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') {
+ $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q";
+ }
+
+ /* Get all interface startup commands ready */
+
+ $snort_sh_text2[] = <<<EOD
###### For Each Iface
# If Snort proc is NOT running
@@ -1551,7 +1559,7 @@ $snort_sh_text2[] = <<<EOD
fi
EOD;
-$snort_sh_text3[] = <<<EOE
+ $snort_sh_text3[] = <<<EOE
###### For Each Iface
@@ -1570,7 +1578,7 @@ $snort_sh_text3[] = <<<EOE
EOE;
-$snort_sh_text4[] = <<<EOF
+ $snort_sh_text4[] = <<<EOF
pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print \$2;}'`
sleep 3
@@ -1597,16 +1605,16 @@ EOF;
}
-$start_snort_iface_start = implode("\n\n", $snort_sh_text2);
+ $start_snort_iface_start = implode("\n\n", $snort_sh_text2);
-$start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
+ $start_snort_iface_restart = implode("\n\n", $snort_sh_text3);
-$start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
+ $start_snort_iface_stop = implode("\n\n", $snort_sh_text4);
-/* open snort.sh for writing" */
-conf_mount_rw();
+ /* open snort.sh for writing" */
+ conf_mount_rw();
-$snort_sh_text = <<<EOD
+ $snort_sh_text = <<<EOD
#!/bin/sh
########
# This file was automatically generated
@@ -1630,7 +1638,7 @@ rc_start() {
/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..."
-$start_snort_iface_restart
+ $start_snort_iface_restart
/bin/rm /tmp/snort.sh.pid
@@ -1650,7 +1658,7 @@ rc_start_real() {
exit 0
fi
-$start_snort_iface_start
+ $start_snort_iface_start
/bin/rm /tmp/snort.sh.pid
@@ -1664,7 +1672,7 @@ rc_stop() {
exit 0
fi
-$start_snort_iface_stop
+ $start_snort_iface_stop
/bin/rm /tmp/snort.sh.pid
/bin/rm /var/run/snort*
@@ -1689,15 +1697,15 @@ esac
EOD;
- /* write out snort.sh */
- $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
- if(!$bconf) {
- log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
- exit;
- }
- /* write snort.sh */
- fwrite($bconf, $snort_sh_text);
- fclose($bconf);
+ /* write out snort.sh */
+ $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w");
+ if(!$bconf) {
+ log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing.");
+ exit;
+ }
+ /* write snort.sh */
+ fwrite($bconf, $snort_sh_text);
+ fclose($bconf);
}
@@ -1708,65 +1716,65 @@ EOD;
function create_rules_iface($id, $if_real, $snort_uuid)
{
- global $config, $g;
- conf_mount_rw();
+ global $config, $g;
+ conf_mount_rw();
- $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules";
- $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
+ $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules";
+ $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full';
- if ($folder_chk == "empty")
+ if ($folder_chk == "empty")
+ {
+ exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
+ if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
{
- exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules"))
- {
- exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules");
- }
+ exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules");
}
-
+ }
+
}
/* open barnyard2.conf for writing */
function create_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $bconfig, $g;
- /* write out barnyard2_conf */
+ global $bconfig, $g;
+ /* write out barnyard2_conf */
- if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- {
- exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
- }
+ if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
+ {
+ exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ }
- if(!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"))
- {
- exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- }
-
- $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
- $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
- if(!$bconf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
- exit;
- }
- fwrite($bconf, $barnyard2_conf_text);
- fclose($bconf);
+ if(!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"))
+ {
+ exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
+ exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
+ exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo");
+ }
+
+ $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid);
+ $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w");
+ if(!$bconf) {
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing.");
+ exit;
+ }
+ fwrite($bconf, $barnyard2_conf_text);
+ fclose($bconf);
}
/* open barnyard2.conf for writing" */
function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
- global $config, $g;
- conf_mount_rw();
+ global $config, $g;
+ conf_mount_rw();
-/* define snortbarnyardlog */
-/* TODO: add support for the other 5 output plugins */
+ /* define snortbarnyardlog */
+ /* TODO: add support for the other 5 output plugins */
-$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
-$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
-/* user add arguments */
-$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru']));
+ $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
+ $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
+ /* user add arguments */
+ $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru']));
-$barnyard2_conf_text = <<<EOD
+ $barnyard2_conf_text = <<<EOD
# barnyard2.conf
# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
@@ -1808,7 +1816,7 @@ config waldo_file: /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo
## START user pass through ##
-{$snortbarnyardlog_config_pass_thru}
+ {$snortbarnyardlog_config_pass_thru}
## END user pass through ##
@@ -1820,11 +1828,11 @@ config logdir: /var/log/snort
# database: log to a variety of databases
# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
-$snortbarnyardlog_database_info_chk
+ $snortbarnyardlog_database_info_chk
EOD;
- return $barnyard2_conf_text;
+ return $barnyard2_conf_text;
}
@@ -1832,24 +1840,24 @@ function create_snort_conf($id, $if_real, $snort_uuid)
{
global $config, $g;
/* write out snort.conf */
-
+
if ($if_real != '' && $snort_uuid != '') {
-
- if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) {
- exec("/bin/mkdir /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
- exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
- }
- $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
- conf_mount_rw();
- $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
- exit;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
- conf_mount_ro();
+ if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) {
+ exec("/bin/mkdir /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/");
+ exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ }
+
+ $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid);
+ conf_mount_rw();
+ $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
+ if(!$conf) {
+ log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing.");
+ exit;
+ }
+ fwrite($conf, $snort_conf_text);
+ fclose($conf);
+ conf_mount_ro();
}
}
@@ -1881,97 +1889,97 @@ function snort_deinstall()
exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`");
exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`");
exec('rm -r /usr/local/bin/barnyard2');
-
+
/* TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall */
//exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
- //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
+ //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
//exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break
/* Remove snort cron entries Ugly code needs smoothness*/
-function snort_rm_blocked_deinstall_cron($should_install)
-{
- global $config, $g;
+ function snort_rm_blocked_deinstall_cron($should_install)
+ {
+ global $config, $g;
conf_mount_rw();
- $is_installed = false;
+ $is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if(!$config['cron']['item'])
+ return;
- $x=0;
- foreach($config['cron']['item'] as $item)
+ $x=0;
+ foreach($config['cron']['item'] as $item)
{
- if (strstr($item['command'], "snort2c"))
+ if (strstr($item['command'], "snort2c"))
{
- $is_installed = true;
- break;
- }
+ $is_installed = true;
+ break;
+ }
+
+ $x++;
- $x++;
-
}
- if($is_installed == true)
- {
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
-
- configure_cron();
-
- }
- conf_mount_ro();
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+
+ configure_cron();
+
+ }
+ conf_mount_ro();
+
+ }
-}
-
function snort_rules_up_deinstall_cron($should_install)
-{
- global $config, $g;
+ {
+ global $config, $g;
conf_mount_rw();
- $is_installed = false;
+ $is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if(!$config['cron']['item'])
+ return;
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
}
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
+ $x++;
+ }
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
}
-}
+ configure_cron();
+ }
+ }
+
+ snort_rm_blocked_deinstall_cron("");
+ snort_rules_up_deinstall_cron("");
-snort_rm_blocked_deinstall_cron("");
-snort_rules_up_deinstall_cron("");
-
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') {
unset($config['installedpackages']['snortglobal']);
}
- write_config();
+ write_config();
conf_mount_rw();
-
+
exec('rm -rf /usr/local/www/snort');
exec('rm -rf /usr/local/lib/snort/');
exec('rm -rf /var/log/snort/');
exec('rm -rf /usr/local/pkg/snort');
-
+
conf_mount_ro();
}
@@ -1979,25 +1987,25 @@ snort_rules_up_deinstall_cron("");
function generate_snort_conf($id, $if_real, $snort_uuid)
{
global $config, $g;
-
+
conf_mount_rw();
-
+
/* custom home nets */
$home_net = create_snort_homenet($id, $if_real);
-
+
if ($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'] == 'default'){
$external_net = '!$HOME_NET';
}else{
$external_net = create_snort_externalnet($id, $if_real);
}
-
+
/* obtain external interface */
/* XXX: make multi wan friendly */
$snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
/* user added arguments */
$snort_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['configpassthru']));
-
+
/* create basic files */
if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
{
@@ -2019,309 +2027,309 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
}
-/* define basic log filename */
-$snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
-
-/* define snortalertlogtype */
-$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
-if ($snortalertlogtype == fast)
- $snortalertlogtype_type = "output alert_fast: alert";
-else
- $snortalertlogtype_type = "output alert_full: alert";
-
-/* define alertsystemlog */
-$alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog'];
-if ($alertsystemlog_info_chk == on)
- $alertsystemlog_type = "output alert_syslog: log_alert";
-
-/* define tcpdumplog */
-$tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'];
-if ($tcpdumplog_info_chk == on)
- $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
-
-/* define snortunifiedlog */
-$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
-if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
-
-/* define spoink */
-$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'];
-if ($spoink_info_chk == on) {
-
- preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_file);
+ /* define basic log filename */
+ $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
+
+ /* define snortalertlogtype */
+ $snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+ if ($snortalertlogtype == fast)
+ $snortalertlogtype_type = "output alert_fast: alert";
+ else
+ $snortalertlogtype_type = "output alert_full: alert";
+
+ /* define alertsystemlog */
+ $alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog'];
+ if ($alertsystemlog_info_chk == on)
+ $alertsystemlog_type = "output alert_syslog: log_alert";
+
+ /* define tcpdumplog */
+ $tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'];
+ if ($tcpdumplog_info_chk == on)
+ $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
+
+ /* define snortunifiedlog */
+ $snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
+ if ($snortunifiedlog_info_chk == on)
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+
+ /* define spoink */
+ $spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'];
+ if ($spoink_info_chk == on) {
+
+ preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_file);
+
+ if ($wlist_name_file[0] == 'default') {
+ $spoink_whitelist_name = 'defaultwlist';
+ }else{
+ $spoink_whitelist_name = $wlist_name_file[0];
+ }
+
+ $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c";
- if ($wlist_name_file[0] == 'default') {
- $spoink_whitelist_name = 'defaultwlist';
- }else{
- $spoink_whitelist_name = $wlist_name_file[0];
}
-
- $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c";
-
-}
-/* define threshold file */
-$threshold_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'];
-if ($threshold_info_chk != 'default') {
-
- preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_name_file2);
+ /* define threshold file */
+ $threshold_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'];
+ if ($threshold_info_chk != 'default') {
- $threshold_name = $slist_name_file2[0];
-
- $threshold_file_name = "include /usr/local/etc/snort/suppress/$threshold_name";
-
-}
-
-/* define servers and ports snortdefservers */
-/* def DNS_SERVSERS */
-$def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers'];
-if ($def_dns_servers_info_chk == "")
+ preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_name_file2);
+
+ $threshold_name = $slist_name_file2[0];
+
+ $threshold_file_name = "include /usr/local/etc/snort/suppress/$threshold_name";
+
+ }
+
+ /* define servers and ports snortdefservers */
+ /* def DNS_SERVSERS */
+ $def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers'];
+ if ($def_dns_servers_info_chk == "")
$def_dns_servers_type = "\$HOME_NET";
-else
+ else
$def_dns_servers_type = "$def_dns_servers_info_chk";
-/* def DNS_PORTS */
-$def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports'];
-if ($def_dns_ports_info_chk == "")
+ /* def DNS_PORTS */
+ $def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports'];
+ if ($def_dns_ports_info_chk == "")
$def_dns_ports_type = "53";
-else
+ else
$def_dns_ports_type = "$def_dns_ports_info_chk";
-/* def SMTP_SERVSERS */
-$def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers'];
-if ($def_smtp_servers_info_chk == "")
+ /* def SMTP_SERVSERS */
+ $def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers'];
+ if ($def_smtp_servers_info_chk == "")
$def_smtp_servers_type = "\$HOME_NET";
-else
+ else
$def_smtp_servers_type = "$def_smtp_servers_info_chk";
-/* def SMTP_PORTS */
-$def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports'];
-if ($def_smtp_ports_info_chk == "")
+ /* def SMTP_PORTS */
+ $def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports'];
+ if ($def_smtp_ports_info_chk == "")
$def_smtp_ports_type = "25";
-else
+ else
$def_smtp_ports_type = "$def_smtp_ports_info_chk";
-/* def MAIL_PORTS */
-$def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports'];
-if ($def_mail_ports_info_chk == "")
+ /* def MAIL_PORTS */
+ $def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports'];
+ if ($def_mail_ports_info_chk == "")
$def_mail_ports_type = "25,143,465,691";
-else
+ else
$def_mail_ports_type = "$def_mail_ports_info_chk";
-
-/* def HTTP_SERVSERS */
-$def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers'];
-if ($def_http_servers_info_chk == "")
+
+ /* def HTTP_SERVSERS */
+ $def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers'];
+ if ($def_http_servers_info_chk == "")
$def_http_servers_type = "\$HOME_NET";
-else
+ else
$def_http_servers_type = "$def_http_servers_info_chk";
-/* def WWW_SERVSERS */
-$def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers'];
-if ($def_www_servers_info_chk == "")
+ /* def WWW_SERVSERS */
+ $def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers'];
+ if ($def_www_servers_info_chk == "")
$def_www_servers_type = "\$HOME_NET";
-else
+ else
$def_www_servers_type = "$def_www_servers_info_chk";
-/* def HTTP_PORTS */
-$def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports'];
-if ($def_http_ports_info_chk == "")
+ /* def HTTP_PORTS */
+ $def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports'];
+ if ($def_http_ports_info_chk == "")
$def_http_ports_type = "80";
-else
+ else
$def_http_ports_type = "$def_http_ports_info_chk";
-
-/* def SQL_SERVSERS */
-$def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers'];
-if ($def_sql_servers_info_chk == "")
+
+ /* def SQL_SERVSERS */
+ $def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers'];
+ if ($def_sql_servers_info_chk == "")
$def_sql_servers_type = "\$HOME_NET";
-else
+ else
$def_sql_servers_type = "$def_sql_servers_info_chk";
-/* def ORACLE_PORTS */
-$def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports'];
-if ($def_oracle_ports_info_chk == "")
+ /* def ORACLE_PORTS */
+ $def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports'];
+ if ($def_oracle_ports_info_chk == "")
$def_oracle_ports_type = "1521";
-else
+ else
$def_oracle_ports_type = "$def_oracle_ports_info_chk";
-/* def MSSQL_PORTS */
-$def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports'];
-if ($def_mssql_ports_info_chk == "")
+ /* def MSSQL_PORTS */
+ $def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports'];
+ if ($def_mssql_ports_info_chk == "")
$def_mssql_ports_type = "1433";
-else
+ else
$def_mssql_ports_type = "$def_mssql_ports_info_chk";
-/* def TELNET_SERVSERS */
-$def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers'];
-if ($def_telnet_servers_info_chk == "")
+ /* def TELNET_SERVSERS */
+ $def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers'];
+ if ($def_telnet_servers_info_chk == "")
$def_telnet_servers_type = "\$HOME_NET";
-else
+ else
$def_telnet_servers_type = "$def_telnet_servers_info_chk";
-
-/* def TELNET_PORTS */
-$def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports'];
-if ($def_telnet_ports_info_chk == "")
+
+ /* def TELNET_PORTS */
+ $def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports'];
+ if ($def_telnet_ports_info_chk == "")
$def_telnet_ports_type = "23";
-else
+ else
$def_telnet_ports_type = "$def_telnet_ports_info_chk";
-
-/* def SNMP_SERVSERS */
-$def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers'];
-if ($def_snmp_servers_info_chk == "")
+
+ /* def SNMP_SERVSERS */
+ $def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers'];
+ if ($def_snmp_servers_info_chk == "")
$def_snmp_servers_type = "\$HOME_NET";
-else
+ else
$def_snmp_servers_type = "$def_snmp_servers_info_chk";
-
-/* def SNMP_PORTS */
-$def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports'];
-if ($def_snmp_ports_info_chk == "")
+
+ /* def SNMP_PORTS */
+ $def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports'];
+ if ($def_snmp_ports_info_chk == "")
$def_snmp_ports_type = "161";
-else
+ else
$def_snmp_ports_type = "$def_snmp_ports_info_chk";
-
-/* def FTP_SERVSERS */
-$def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers'];
-if ($def_ftp_servers_info_chk == "")
+
+ /* def FTP_SERVSERS */
+ $def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers'];
+ if ($def_ftp_servers_info_chk == "")
$def_ftp_servers_type = "\$HOME_NET";
-else
+ else
$def_ftp_servers_type = "$def_ftp_servers_info_chk";
-
-/* def FTP_PORTS */
-$def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports'];
-if ($def_ftp_ports_info_chk == "")
+
+ /* def FTP_PORTS */
+ $def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports'];
+ if ($def_ftp_ports_info_chk == "")
$def_ftp_ports_type = "21";
-else
+ else
$def_ftp_ports_type = "$def_ftp_ports_info_chk";
-
-/* def SSH_SERVSERS */
-$def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers'];
-if ($def_ssh_servers_info_chk == "")
+
+ /* def SSH_SERVSERS */
+ $def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers'];
+ if ($def_ssh_servers_info_chk == "")
$def_ssh_servers_type = "\$HOME_NET";
-else
+ else
$def_ssh_servers_type = "$def_ssh_servers_info_chk";
-
-/* if user has defined a custom ssh port, use it */
-if($config['system']['ssh']['port'])
+
+ /* if user has defined a custom ssh port, use it */
+ if($config['system']['ssh']['port'])
$ssh_port = $config['system']['ssh']['port'];
-else
+ else
$ssh_port = "22";
-
-/* def SSH_PORTS */
-$def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports'];
-if ($def_ssh_ports_info_chk == "")
+
+ /* def SSH_PORTS */
+ $def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports'];
+ if ($def_ssh_ports_info_chk == "")
$def_ssh_ports_type = "{$ssh_port}";
-else
+ else
$def_ssh_ports_type = "$def_ssh_ports_info_chk";
-
-/* def POP_SERVSERS */
-$def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers'];
-if ($def_pop_servers_info_chk == "")
+
+ /* def POP_SERVSERS */
+ $def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers'];
+ if ($def_pop_servers_info_chk == "")
$def_pop_servers_type = "\$HOME_NET";
-else
+ else
$def_pop_servers_type = "$def_pop_servers_info_chk";
-
-/* def POP2_PORTS */
-$def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports'];
-if ($def_pop2_ports_info_chk == "")
+
+ /* def POP2_PORTS */
+ $def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports'];
+ if ($def_pop2_ports_info_chk == "")
$def_pop2_ports_type = "109";
-else
+ else
$def_pop2_ports_type = "$def_pop2_ports_info_chk";
-
-/* def POP3_PORTS */
-$def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports'];
-if ($def_pop3_ports_info_chk == "")
+
+ /* def POP3_PORTS */
+ $def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports'];
+ if ($def_pop3_ports_info_chk == "")
$def_pop3_ports_type = "110";
-else
+ else
$def_pop3_ports_type = "$def_pop3_ports_info_chk";
-
-/* def IMAP_SERVSERS */
-$def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers'];
-if ($def_imap_servers_info_chk == "")
+
+ /* def IMAP_SERVSERS */
+ $def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers'];
+ if ($def_imap_servers_info_chk == "")
$def_imap_servers_type = "\$HOME_NET";
-else
+ else
$def_imap_servers_type = "$def_imap_servers_info_chk";
-
-/* def IMAP_PORTS */
-$def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports'];
-if ($def_imap_ports_info_chk == "")
+
+ /* def IMAP_PORTS */
+ $def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports'];
+ if ($def_imap_ports_info_chk == "")
$def_imap_ports_type = "143";
-else
+ else
$def_imap_ports_type = "$def_imap_ports_info_chk";
-
-/* def SIP_PROXY_IP */
-$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip'];
-if ($def_sip_proxy_ip_info_chk == "")
+
+ /* def SIP_PROXY_IP */
+ $def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip'];
+ if ($def_sip_proxy_ip_info_chk == "")
$def_sip_proxy_ip_type = "\$HOME_NET";
-else
+ else
$def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
-
-/* def SIP_PROXY_PORTS */
-$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports'];
-if ($def_sip_proxy_ports_info_chk == "")
+
+ /* def SIP_PROXY_PORTS */
+ $def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports'];
+ if ($def_sip_proxy_ports_info_chk == "")
$def_sip_proxy_ports_type = "5060:5090,16384:32768";
-else
+ else
$def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
-
-/* def AUTH_PORTS */
-$def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports'];
-if ($def_auth_ports_info_chk == "")
+
+ /* def AUTH_PORTS */
+ $def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports'];
+ if ($def_auth_ports_info_chk == "")
$def_auth_ports_type = "113";
-else
+ else
$def_auth_ports_type = "$def_auth_ports_info_chk";
-
-/* def FINGER_PORTS */
-$def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports'];
-if ($def_finger_ports_info_chk == "")
+
+ /* def FINGER_PORTS */
+ $def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports'];
+ if ($def_finger_ports_info_chk == "")
$def_finger_ports_type = "79";
-else
+ else
$def_finger_ports_type = "$def_finger_ports_info_chk";
-
-/* def IRC_PORTS */
-$def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports'];
-if ($def_irc_ports_info_chk == "")
+
+ /* def IRC_PORTS */
+ $def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports'];
+ if ($def_irc_ports_info_chk == "")
$def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
-else
+ else
$def_irc_ports_type = "$def_irc_ports_info_chk";
-
-/* def NNTP_PORTS */
-$def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports'];
-if ($def_nntp_ports_info_chk == "")
+
+ /* def NNTP_PORTS */
+ $def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports'];
+ if ($def_nntp_ports_info_chk == "")
$def_nntp_ports_type = "119";
-else
+ else
$def_nntp_ports_type = "$def_nntp_ports_info_chk";
-
-/* def RLOGIN_PORTS */
-$def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports'];
-if ($def_rlogin_ports_info_chk == "")
+
+ /* def RLOGIN_PORTS */
+ $def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports'];
+ if ($def_rlogin_ports_info_chk == "")
$def_rlogin_ports_type = "513";
-else
+ else
$def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
-
-/* def RSH_PORTS */
-$def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports'];
-if ($def_rsh_ports_info_chk == "")
+
+ /* def RSH_PORTS */
+ $def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports'];
+ if ($def_rsh_ports_info_chk == "")
$def_rsh_ports_type = "514";
-else
+ else
$def_rsh_ports_type = "$def_rsh_ports_info_chk";
-
-/* def SSL_PORTS */
-$def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports'];
-if ($def_ssl_ports_info_chk == "")
+
+ /* def SSL_PORTS */
+ $def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports'];
+ if ($def_ssl_ports_info_chk == "")
$def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995";
-else
+ else
$def_ssl_ports_type = "$def_ssl_ports_info_chk";
-
+
/* should we install a automatic update crontab entry? */
$automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7'];
/* if user is on pppoe, we really want to use ng0 interface */
if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")
- $snort_ext_int = "ng0";
+ $snort_ext_int = "ng0";
/* set the snort performance model */
if($config['installedpackages']['snortglobal']['rule'][$id]['performance'])
- $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance'];
+ $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance'];
else
- $snort_performance = "ac-bnfa";
+ $snort_performance = "ac-bnfa";
/* generate rule sections to load */
@@ -2330,17 +2338,17 @@ else
$selected_rules_sections = "";
$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
foreach($enabled_rulesets_array as $enabled_item)
- $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
+ $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
}
conf_mount_ro();
-/////////////////////////////
-
-/* preprocessor code */
-
-/* def perform_stat */
-$snort_perform_stat = <<<EOD
+ /////////////////////////////
+
+ /* preprocessor code */
+
+ /* def perform_stat */
+ $snort_perform_stat = <<<EOD
##########################
#
# NEW #
@@ -2352,22 +2360,22 @@ preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_
EOD;
-$def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'];
-if ($def_perform_stat_info_chk == "on")
+ $def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'];
+ if ($def_perform_stat_info_chk == "on")
$def_perform_stat_type = "$snort_perform_stat";
-else
+ else
$def_perform_stat_type = "";
-
-$def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
+
+ $def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
if ($def_flow_depth_info_chk == '')
{
$def_flow_depth_type = '0';
- }else{
+ }else{
$def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth'];
}
-/* def http_inspect */
-$snort_http_inspect = <<<EOD
+ /* def http_inspect */
+ $snort_http_inspect = <<<EOD
#################
#
# HTTP Inspect #
@@ -2395,14 +2403,14 @@ preprocessor http_inspect_server: server default \
EOD;
-$def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect'];
-if ($def_http_inspect_info_chk == "on")
+ $def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect'];
+ if ($def_http_inspect_info_chk == "on")
$def_http_inspect_type = "$snort_http_inspect";
-else
+ else
$def_http_inspect_type = "";
-
-/* def other_preprocs */
-$snort_other_preprocs = <<<EOD
+
+ /* def other_preprocs */
+ $snort_other_preprocs = <<<EOD
##################
#
# Other preprocs #
@@ -2414,14 +2422,14 @@ preprocessor bo
EOD;
-$def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs'];
-if ($def_other_preprocs_info_chk == "on")
+ $def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs'];
+ if ($def_other_preprocs_info_chk == "on")
$def_other_preprocs_type = "$snort_other_preprocs";
-else
+ else
$def_other_preprocs_type = "";
-
-/* def ftp_preprocessor */
-$snort_ftp_preprocessor = <<<EOD
+
+ /* def ftp_preprocessor */
+ $snort_ftp_preprocessor = <<<EOD
#####################
#
# ftp preprocessor #
@@ -2473,14 +2481,14 @@ preprocessor ftp_telnet_protocol: ftp client default \
EOD;
-$def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor'];
-if ($def_ftp_preprocessor_info_chk == "on")
+ $def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor'];
+ if ($def_ftp_preprocessor_info_chk == "on")
$def_ftp_preprocessor_type = "$snort_ftp_preprocessor";
-else
+ else
$def_ftp_preprocessor_type = "";
-/* def smtp_preprocessor */
-$snort_smtp_preprocessor = <<<EOD
+ /* def smtp_preprocessor */
+ $snort_smtp_preprocessor = <<<EOD
#####################
#
# SMTP preprocessor #
@@ -2508,14 +2516,14 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB
EOD;
-$def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor'];
-if ($def_smtp_preprocessor_info_chk == "on")
+ $def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor'];
+ if ($def_smtp_preprocessor_info_chk == "on")
$def_smtp_preprocessor_type = "$snort_smtp_preprocessor";
-else
+ else
$def_smtp_preprocessor_type = "";
-
-/* def sf_portscan */
-$snort_sf_portscan = <<<EOD
+
+ /* def sf_portscan */
+ $snort_sf_portscan = <<<EOD
################
#
# sf Portscan #
@@ -2530,14 +2538,14 @@ preprocessor sfportscan: scan_type { all } \
EOD;
-$def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan'];
-if ($def_sf_portscan_info_chk == "on")
+ $def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan'];
+ if ($def_sf_portscan_info_chk == "on")
$def_sf_portscan_type = "$snort_sf_portscan";
-else
+ else
$def_sf_portscan_type = "";
-
-/* def dce_rpc_2 */
-$snort_dce_rpc_2 = <<<EOD
+
+ /* def dce_rpc_2 */
+ $snort_dce_rpc_2 = <<<EOD
###############
#
# NEW #
@@ -2553,14 +2561,14 @@ preprocessor dcerpc2_server: default, policy WinXP, \
EOD;
-$def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2'];
-if ($def_dce_rpc_2_info_chk == "on")
+ $def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2'];
+ if ($def_dce_rpc_2_info_chk == "on")
$def_dce_rpc_2_type = "$snort_dce_rpc_2";
-else
+ else
$def_dce_rpc_2_type = "";
-
-/* def dns_preprocessor */
-$snort_dns_preprocessor = <<<EOD
+
+ /* def dns_preprocessor */
+ $snort_dns_preprocessor = <<<EOD
####################
#
# DNS preprocessor #
@@ -2573,41 +2581,41 @@ preprocessor dns: \
EOD;
-$def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor'];
-if ($def_dns_preprocessor_info_chk == "on")
+ $def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor'];
+ if ($def_dns_preprocessor_info_chk == "on")
$def_dns_preprocessor_type = "$snort_dns_preprocessor";
-else
+ else
$def_dns_preprocessor_type = "";
-
-/* def SSL_PORTS IGNORE */
-$def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore'];
-if ($def_ssl_ports_ignore_info_chk == "")
+
+ /* def SSL_PORTS IGNORE */
+ $def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore'];
+ if ($def_ssl_ports_ignore_info_chk == "")
$def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
-else
+ else
$def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
-
-/* stream5 queued settings */
+ /* stream5 queued settings */
-$def_max_queued_bytes_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'];
+
+ $def_max_queued_bytes_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'];
if ($def_max_queued_bytes_info_chk == '')
{
$def_max_queued_bytes_type = '';
- }else{
+ }else{
$def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ',';
}
-
-$def_max_queued_segs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'];
+
+ $def_max_queued_segs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'];
if ($def_max_queued_segs_info_chk == '')
{
$def_max_queued_segs_type = '';
- }else{
+ }else{
$def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ',';
}
-
-
+
+
/* build snort configuration file */
- /* TODO; feed back from pfsense users to reduce false positives */
+ /* TODO; feed back from pfsense users to reduce false positives */
$snort_conf_text = <<<EOD
# snort configuration file
@@ -2768,17 +2776,17 @@ preprocessor stream5_tcp: policy BSD, ports both all,{$def_max_queued_bytes_type
preprocessor stream5_udp:
preprocessor stream5_icmp:
-{$def_perform_stat_type}
+ {$def_perform_stat_type}
-{$def_http_inspect_type}
+ {$def_http_inspect_type}
-{$def_other_preprocs_type}
+ {$def_other_preprocs_type}
-{$def_ftp_preprocessor_type}
+ {$def_ftp_preprocessor_type}
-{$def_smtp_preprocessor_type}
+ {$def_smtp_preprocessor_type}
-{$def_sf_portscan_type}
+ {$def_sf_portscan_type}
############################
#
@@ -2790,9 +2798,9 @@ preprocessor stream5_icmp:
#
############################
-{$def_dce_rpc_2_type}
+ {$def_dce_rpc_2_type}
-{$def_dns_preprocessor_type}
+ {$def_dns_preprocessor_type}
##############################
#
@@ -2809,13 +2817,13 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec
#
#####################
-$snortunifiedlogbasic_type
-$snortalertlogtype_type
-$alertsystemlog_type
-$tcpdumplog_type
-$snortmysqllog_info_chk
-$snortunifiedlog_type
-$spoink_type
+ $snortunifiedlogbasic_type
+ $snortalertlogtype_type
+ $alertsystemlog_type
+ $tcpdumplog_type
+ $snortmysqllog_info_chk
+ $snortunifiedlog_type
+ $spoink_type
#################
#
@@ -2825,10 +2833,10 @@ $spoink_type
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-$threshold_file_name
+ $threshold_file_name
# Snort user pass through configuration
-{$snort_config_pass_thru}
+ {$snort_config_pass_thru}
###################
#
@@ -2836,7 +2844,7 @@ $threshold_file_name
#
###################
-{$selected_rules_sections}
+ {$selected_rules_sections}
EOD;
@@ -2851,7 +2859,7 @@ EOD;
function check_for_common_errors($filename) {
global $snort_filename, $snort_filename_md5, $console_mode;
-// ob_flush();
+ // ob_flush();
$contents = file_get_contents($filename);
if(stristr($contents, "You don't have permission")) {
if(!$console_mode) {
@@ -2877,7 +2885,7 @@ function scroll_down_to_bottom_of_page() {
global $snort_filename, $console_mode;
ob_flush();
if(!$console_mode)
- echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
+ echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
}
/* ensure downloaded file looks sane */
@@ -2913,14 +2921,14 @@ function extract_snort_rules_md5($tmpfname) {
update_all_status($static_output);
}
if(!is_dir("/usr/local/etc/snort/rules/"))
- mkdir("/usr/local/etc/snort/rules/");
+ mkdir("/usr/local/etc/snort/rules/");
$cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/";
$handle = popen("{$cmd} 2>&1", 'r');
while(!feof($handle)) {
$buffer = fgets($handle);
update_output_window($buffer);
}
- pclose($handle);
+ pclose($handle);
if(!$console_mode) {
$static_output = gettext("Snort rules extracted.");
@@ -2940,8 +2948,8 @@ function verify_snort_rules_md5($tmpfname) {
update_all_status($static_output);
}
- $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
+ $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+ $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
if($md5 == $file_md5_ondisk) {
if(!$console_mode) {
@@ -2961,15 +2969,15 @@ function hide_progress_bar_status() {
global $snort_filename, $snort_filename_md5, $console_mode;
ob_flush();
if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
}
/* unhide progress bar */
function unhide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
+ global $snort_filename, $snort_filename_md5, $console_mode;
+ ob_flush();
+ if(!$console_mode)
+ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
}
/* update both top and bottom text box during an operation */
@@ -2986,21 +2994,21 @@ function update_all_status($status) {
function get_snort_alert($ip) {
global $snort_alert_file_split, $snort_config;
if(!file_exists("/var/log/snort/alert"))
- return;
+ return;
if(!$snort_config)
- $snort_config = read_snort_config_cache();
+ $snort_config = read_snort_config_cache();
if($snort_config[$ip])
- return $snort_config[$ip];
+ return $snort_config[$ip];
if(!$snort_alert_file_split)
- $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
+ $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
foreach($snort_alert_file_split as $fileline) {
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- $alert_title = $matches[2];
+ $alert_title = $matches[2];
if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
- $alert_ip = $matches[$id];
+ $alert_ip = $matches[$id];
if($alert_ip == $ip) {
if(!$snort_config[$ip])
- $snort_config[$ip] = $alert_title;
+ $snort_config[$ip] = $alert_title;
return $alert_title;
}
}
@@ -3008,24 +3016,24 @@ function get_snort_alert($ip) {
}
function make_clickable($buffer) {
- global $config, $g;
- /* if clickable urls is disabled, simply return buffer back to caller */
- $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode'];
- if(!$clickablalerteurls)
- return $buffer;
- $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer);
-
- return $buffer;
+ global $config, $g;
+ /* if clickable urls is disabled, simply return buffer back to caller */
+ $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode'];
+ if(!$clickablalerteurls)
+ return $buffer;
+ $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
+ $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
+ $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer);
+ $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer);
+ $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer);
+
+ return $buffer;
}
function read_snort_config_cache() {
global $g, $config, $snort_config;
if($snort_config)
- return $snort_config;
+ return $snort_config;
if(file_exists($g['tmp_path'] . '/snort_config.cache')) {
$snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache'));
return $snort_config;
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 3621f06d..5d0a7b09 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -2,7 +2,7 @@
<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
- <copyright>
+ <copyright>
<![CDATA[
/* $Id$ */
/* ========================================================================== */
@@ -41,10 +41,10 @@
*/
/* ========================================================================== */
]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.8.6</version>
<title>Services:2.8.6 pkg v. 1.30</title>
@@ -59,7 +59,8 @@
<name>snort</name>
<rcfile>snort.sh</rcfile>
<executable>snort</executable>
- <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description>
+ <description>Snort is the most widely deployed IDS/IPS technology
+ worldwide.</description>
</service>
<tabs>
</tabs>
@@ -81,7 +82,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item>
+ <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
@@ -107,7 +108,7 @@
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
- </additional_files_needed>
+ </additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 0ee6a707..d6313933 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -1,38 +1,38 @@
<?php
/* $Id$ */
/*
- snort_alerts.php
- part of pfSense
-
- Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009 Robert Zelaya Sr. Developer
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_alerts.php
+ part of pfSense
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -65,28 +65,28 @@ if ($_POST['save'])
if ($_POST['save'])
{
- // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
- // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
- // }
-
+ // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
+ // }
+
}
-
- /* no errors */
- if (!$input_errors)
- {
-
+
+ /* no errors */
+ if (!$input_errors)
+ {
+
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off;
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
-
+
conf_mount_rw();
write_config();
//conf_mount_ro();
sleep(2);
header("Location: /snort/snort_alerts.php");
-
- }
-
+
+ }
+
}
if ($_POST['delete'])
@@ -99,7 +99,7 @@ if ($_POST['delete'])
exec('/usr/sbin/chown snort:snort /var/log/snort/*');
exec('/bin/chmod 660 /var/log/snort/*');
sleep(2);
- exec('/usr/bin/killall -HUP snort');
+ exec('/usr/bin/killall -HUP snort');
}
conf_mount_ro();
}
@@ -126,7 +126,7 @@ if ($_POST['download'])
exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz");
od_end_clean(); //importanr or other post will fail
}else{
- echo 'Error no saved file.';
+ echo 'Error no saved file.';
}
}
@@ -140,10 +140,10 @@ function get_snort_alert_date($fileline)
/* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
{
- $alert_date = "$matches1[0]";
+ $alert_date = "$matches1[0]";
}
-return $alert_date;
+ return $alert_date;
}
@@ -152,10 +152,10 @@ function get_snort_alert_disc($fileline)
/* disc */
if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
{
- $alert_disc = "$matches[2]";
+ $alert_disc = "$matches[2]";
}
-return $alert_disc;
+ return $alert_disc;
}
@@ -164,10 +164,10 @@ function get_snort_alert_class($fileline)
/* class */
if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
{
- $alert_class = "$matches2[0]";
+ $alert_class = "$matches2[0]";
}
-return $alert_class;
+ return $alert_class;
}
@@ -176,10 +176,10 @@ function get_snort_alert_priority($fileline)
/* Priority */
if (preg_match('/Priority:\s\d/', $fileline, $matches3))
{
- $alert_priority = "$matches3[0]";
+ $alert_priority = "$matches3[0]";
}
-return $alert_priority;
+ return $alert_priority;
}
@@ -188,22 +188,22 @@ function get_snort_alert_proto($fileline)
/* Priority */
if (preg_match('/\{.+\}/', $fileline, $matches3))
{
- $alert_proto = "$matches3[0]";
+ $alert_proto = "$matches3[0]";
}
-return $alert_proto;
+ return $alert_proto;
}
function get_snort_alert_proto_full($fileline)
{
- /* Protocal full */
- if (preg_match('/.+\sTTL/', $fileline, $matches2))
- {
- $alert_proto_full = "$matches2[0]";
- }
+ /* Protocal full */
+ if (preg_match('/.+\sTTL/', $fileline, $matches2))
+ {
+ $alert_proto_full = "$matches2[0]";
+ }
-return $alert_proto_full;
+ return $alert_proto_full;
}
@@ -215,10 +215,10 @@ function get_snort_alert_ip_src($fileline)
if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
{
- $alert_ip_src = $matches4[1][0];
+ $alert_ip_src = $matches4[1][0];
}
-return $alert_ip_src;
+ return $alert_ip_src;
}
@@ -227,10 +227,10 @@ function get_snort_alert_src_p($fileline)
/* source port */
if (preg_match('/:\d+\s-/', $fileline, $matches5))
{
- $alert_src_p = "$matches5[0]";
+ $alert_src_p = "$matches5[0]";
}
-return $alert_src_p;
+ return $alert_src_p;
}
@@ -239,10 +239,10 @@ function get_snort_alert_flow($fileline)
/* source port */
if (preg_match('/(->|<-)/', $fileline, $matches5))
{
- $alert_flow = "$matches5[0]";
+ $alert_flow = "$matches5[0]";
}
-return $alert_flow;
+ return $alert_flow;
}
@@ -256,46 +256,46 @@ function get_snort_alert_ip_dst($fileline)
if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
{
- $alert_ip_dst = $matches6[1][0];
+ $alert_ip_dst = $matches6[1][0];
}
-
-return $alert_ip_dst;
+
+ return $alert_ip_dst;
}
-
+
function get_snort_alert_dst_p($fileline)
-{
+{
/* dst port */
if (preg_match('/:\d+$/', $fileline, $matches7))
{
- $alert_dst_p = "$matches7[0]";
+ $alert_dst_p = "$matches7[0]";
}
-return $alert_dst_p;
+ return $alert_dst_p;
}
function get_snort_alert_dst_p_full($fileline)
-{
+{
/* dst port full */
if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
{
- $alert_dst_p = "$matches7[0]";
+ $alert_dst_p = "$matches7[0]";
}
-return $alert_dst_p;
+ return $alert_dst_p;
}
function get_snort_alert_sid($fileline)
-{
+{
/* SID */
if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
{
- $alert_sid = "$matches8[0]";
+ $alert_sid = "$matches8[0]";
}
-return $alert_sid;
+ return $alert_sid;
}
@@ -306,9 +306,10 @@ include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -317,7 +318,7 @@ include("/usr/local/pkg/snort/snort_head.inc");
});
</script>
-<?php
+<?php
include("fbegin.inc");
echo $snort_general_css;
@@ -330,279 +331,278 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
-<div class="body2">
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
-</td>
-</tr>
<tr>
- <td>
- <div id="mainarea2">
- <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td width="22%" colspan="0" class="listtopic">
- Last <?=$anentries;?> Alert Entries.
- </td>
- <td width="78%" class="listtopic">
- Latest Alert Entries Are Listed First.
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Save or Remove Logs</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_alerts.php" method="post">
- <input name="download" type="submit" class="formbtn" value="Download">
- All log files will be saved.
- <input name="delete" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')">
- <span class="red"><strong>Warning:</strong></span> all log files will be deleted.
- </form>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Auto Refresh and Log View</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_alerts.php" method="post">
- <input name="save" type="submit" class="formbtn" value="Save">
- Refresh
- <input name="arefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <strong>Default</strong> is <strong>ON</strong>.
- <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
- </form>
+ <td>
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li class="snorttabs_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
</td>
- </tr>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="1" cellspacing="0"
+ cellpadding="0">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?>
+ Alert Entries.</td>
+ <td width="78%" class="listtopic">Latest Alert Entries Are Listed
+ First.</td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Logs</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_alerts.php" method="post"><input
+ name="download" type="submit" class="formbtn" value="Download"> All
+ log files will be saved. <input name="delete" type="submit"
+ class="formbtn" value="Clear"
+ onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')">
+ <span class="red"><strong>Warning:</strong></span> all log files
+ will be deleted.</form>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_alerts.php" method="post"><input
+ name="save" type="submit" class="formbtn" value="Save"> Refresh <input
+ name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>. <input
+ name="alertnumber" type="text" class="formfld" id="alertnumber"
+ size="5" value="<?=htmlspecialchars($anentries);?>"> Enter the
+ number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
+ </form>
+ </td>
+ </tr>
</table>
- </div>
- </td>
- </tr>
+ </div>
+ </td>
+ </tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <td width="100%">
- <br>
- <div class="tableFilter">
- <form id="tableFilter" onsubmit="myTable.filter(this.id); return false;">Filter:
- <select id="column">
- <option value="1">PRIORITY</option>
- <option value="2">PROTO</option>
- <option value="3">DESCRIPTION</option>
- <option value="4">CLASS</option>
- <option value="5">SRC</option>
- <option value="6">SRC PORT</option>
- <option value="7">FLOW</option>
- <option value="8">DST</option>
- <option value="9">DST PORT</option>
- <option value="10">SID</option>
- <option value="11">Date</option>
- </select>
- <input type="text" id="keyword" />
- <input type="submit" value="Submit" />
- <input type="reset" value="Clear" />
- </form>
- </div>
-<table class="allRow" id="myTable" width="100%" border="2" cellpadding="1" cellspacing="1">
- <thead>
- <th axis="number">#</th>
- <th axis="string">PRI</th>
- <th axis="string">PROTO</th>
- <th axis="string">DESCRIPTION</th>
- <th axis="string">CLASS</th>
- <th axis="string">SRC</th>
- <th axis="string">SPORT</th>
- <th axis="string">FLOW</th>
- <th axis="string">DST</th>
- <th axis="string">DPORT</th>
- <th axis="string">SID</th>
- <th axis="date">Date</th>
- </thead>
- <tbody>
-<?php
-
- /* make sure alert file exists */
- if(!file_exists('/var/log/snort/alert'))
- {
- conf_mount_rw();
- exec('/usr/bin/touch /var/log/snort/alert');
- conf_mount_ro();
- }
-
- $logent = $anentries;
-
- /* detect the alert file type */
- if ($snortalertlogt == 'full')
- {
- $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
- }else{
- $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
- }
-
-
-
-if (is_array($alerts_array))
-{
+ <td width="100%"><br>
+ <div class="tableFilter">
+ <form id="tableFilter"
+ onsubmit="myTable.filter(this.id); return false;">Filter: <select
+ id="column">
+ <option value="1">PRIORITY</option>
+ <option value="2">PROTO</option>
+ <option value="3">DESCRIPTION</option>
+ <option value="4">CLASS</option>
+ <option value="5">SRC</option>
+ <option value="6">SRC PORT</option>
+ <option value="7">FLOW</option>
+ <option value="8">DST</option>
+ <option value="9">DST PORT</option>
+ <option value="10">SID</option>
+ <option value="11">Date</option>
+ </select> <input type="text" id="keyword" /> <input type="submit"
+ value="Submit" /> <input type="reset" value="Clear" /></form>
+ </div>
+ <table class="allRow" id="myTable" width="100%" border="2"
+ cellpadding="1" cellspacing="1">
+ <thead>
+ <th axis="number">#</th>
+ <th axis="string">PRI</th>
+ <th axis="string">PROTO</th>
+ <th axis="string">DESCRIPTION</th>
+ <th axis="string">CLASS</th>
+ <th axis="string">SRC</th>
+ <th axis="string">SPORT</th>
+ <th axis="string">FLOW</th>
+ <th axis="string">DST</th>
+ <th axis="string">DPORT</th>
+ <th axis="string">SID</th>
+ <th axis="date">Date</th>
+ </thead>
+ <tbody>
+ <?php
+
+ /* make sure alert file exists */
+ if(!file_exists('/var/log/snort/alert'))
+ {
+ conf_mount_rw();
+ exec('/usr/bin/touch /var/log/snort/alert');
+ conf_mount_ro();
+ }
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- if($logent <= $counter)
- continue;
-
- $counter++;
-
- /* Date */
- $alert_date_str = get_snort_alert_date($fileline);
-
- if($alert_date_str != '')
- {
- $alert_date = $alert_date_str;
- }else{
- $alert_date = 'empty';
- }
+ $logent = $anentries;
- /* Discription */
- $alert_disc_str = get_snort_alert_disc($fileline);
-
- if($alert_disc_str != '')
- {
- $alert_disc = $alert_disc_str;
- }else{
- $alert_disc = 'empty';
- }
-
- /* Classification */
- $alert_class_str = get_snort_alert_class($fileline);
-
- if($alert_class_str != '')
- {
+ /* detect the alert file type */
+ if ($snortalertlogt == 'full')
+ {
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
+ }else{
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
+ }
- $alert_class_match = array('[Classification:',']');
- $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
- }else{
- $alert_class = 'Prep';
- }
-
- /* Priority */
- $alert_priority_str = get_snort_alert_priority($fileline);
-
- if($alert_priority_str != '')
- {
- $alert_priority_match = array('Priority: ',']');
- $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
- }else{
- $alert_priority = 'empty';
- }
- /* Protocol */
- /* Detect alert file type */
- if ($snortalertlogt == 'full')
- {
- $alert_proto_str = get_snort_alert_proto_full($fileline);
- }else{
- $alert_proto_str = get_snort_alert_proto($fileline);
- }
- if($alert_proto_str != '')
- {
- $alert_proto_match = array(" TTL",'{','}');
- $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
- }else{
- $alert_proto = 'empty';
- }
-
- /* IP SRC */
- $alert_ip_src_str = get_snort_alert_ip_src($fileline);
-
- if($alert_ip_src_str != '')
+ if (is_array($alerts_array))
{
- $alert_ip_src = $alert_ip_src_str;
- }else{
- $alert_ip_src = 'empty';
- }
-
- /* IP SRC Port */
- $alert_src_p_str = get_snort_alert_src_p($fileline);
-
- if($alert_src_p_str != '')
- {
- $alert_src_p_match = array(' -',':');
- $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
- }else{
- $alert_src_p = 'empty';
- }
-
- /* Flow */
- $alert_flow_str = get_snort_alert_flow($fileline);
-
- if($alert_flow_str != '')
- {
- $alert_flow = $alert_flow_str;
- }else{
- $alert_flow = 'empty';
- }
-
- /* IP Destination */
- $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
-
- if($alert_ip_dst_str != '')
- {
- $alert_ip_dst = $alert_ip_dst_str;
- }else{
- $alert_ip_dst = 'empty';
- }
-
- /* IP DST Port */
- if ($snortalertlogt == 'full')
- {
- $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
- }else{
- $alert_dst_p_str = get_snort_alert_dst_p($fileline);
- }
-
- if($alert_dst_p_str != '')
- {
- $alert_dst_p_match = array(':',"\n"," TTL");
- $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
- $alert_dst_p_match2 = array('/[A-Z]/');
- $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
- }else{
- $alert_dst_p = 'empty';
- }
- /* SID */
- $alert_sid_str = get_snort_alert_sid($fileline);
-
- if($alert_sid_str != '')
+ $counter = 0;
+ foreach($alerts_array as $fileline)
{
- $alert_sid_match = array('[',']');
- $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
- }else{
- $alert_sid_str = 'empty';
- }
-
- /* NOTE: using one echo improves performance by 2x */
- if ($alert_disc != 'empty')
- {
- echo "<tr id=\"{$counter}\">
+
+ if($logent <= $counter)
+ continue;
+
+ $counter++;
+
+ /* Date */
+ $alert_date_str = get_snort_alert_date($fileline);
+
+ if($alert_date_str != '')
+ {
+ $alert_date = $alert_date_str;
+ }else{
+ $alert_date = 'empty';
+ }
+
+ /* Discription */
+ $alert_disc_str = get_snort_alert_disc($fileline);
+
+ if($alert_disc_str != '')
+ {
+ $alert_disc = $alert_disc_str;
+ }else{
+ $alert_disc = 'empty';
+ }
+
+ /* Classification */
+ $alert_class_str = get_snort_alert_class($fileline);
+
+ if($alert_class_str != '')
+ {
+
+ $alert_class_match = array('[Classification:',']');
+ $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
+ }else{
+ $alert_class = 'Prep';
+ }
+
+ /* Priority */
+ $alert_priority_str = get_snort_alert_priority($fileline);
+
+ if($alert_priority_str != '')
+ {
+ $alert_priority_match = array('Priority: ',']');
+ $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
+ }else{
+ $alert_priority = 'empty';
+ }
+
+ /* Protocol */
+ /* Detect alert file type */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_proto_str = get_snort_alert_proto_full($fileline);
+ }else{
+ $alert_proto_str = get_snort_alert_proto($fileline);
+ }
+
+ if($alert_proto_str != '')
+ {
+ $alert_proto_match = array(" TTL",'{','}');
+ $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
+ }else{
+ $alert_proto = 'empty';
+ }
+
+ /* IP SRC */
+ $alert_ip_src_str = get_snort_alert_ip_src($fileline);
+
+ if($alert_ip_src_str != '')
+ {
+ $alert_ip_src = $alert_ip_src_str;
+ }else{
+ $alert_ip_src = 'empty';
+ }
+
+ /* IP SRC Port */
+ $alert_src_p_str = get_snort_alert_src_p($fileline);
+
+ if($alert_src_p_str != '')
+ {
+ $alert_src_p_match = array(' -',':');
+ $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
+ }else{
+ $alert_src_p = 'empty';
+ }
+
+ /* Flow */
+ $alert_flow_str = get_snort_alert_flow($fileline);
+
+ if($alert_flow_str != '')
+ {
+ $alert_flow = $alert_flow_str;
+ }else{
+ $alert_flow = 'empty';
+ }
+
+ /* IP Destination */
+ $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
+
+ if($alert_ip_dst_str != '')
+ {
+ $alert_ip_dst = $alert_ip_dst_str;
+ }else{
+ $alert_ip_dst = 'empty';
+ }
+
+ /* IP DST Port */
+ if ($snortalertlogt == 'full')
+ {
+ $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
+ }else{
+ $alert_dst_p_str = get_snort_alert_dst_p($fileline);
+ }
+
+ if($alert_dst_p_str != '')
+ {
+ $alert_dst_p_match = array(':',"\n"," TTL");
+ $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
+ $alert_dst_p_match2 = array('/[A-Z]/');
+ $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
+ }else{
+ $alert_dst_p = 'empty';
+ }
+
+ /* SID */
+ $alert_sid_str = get_snort_alert_sid($fileline);
+
+ if($alert_sid_str != '')
+ {
+ $alert_sid_match = array('[',']');
+ $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
+ }else{
+ $alert_sid_str = 'empty';
+ }
+
+ /* NOTE: using one echo improves performance by 2x */
+ if ($alert_disc != 'empty')
+ {
+ echo "<tr id=\"{$counter}\">
<td class=\"centerAlign\">{$counter}</td>
<td class=\"centerAlign\">{$alert_priority}</td>
<td class=\"centerAlign\">{$alert_proto}</td>
@@ -616,36 +616,36 @@ if (is_array($alerts_array))
<td class=\"centerAlign\">{$alert_sid}</td>
<td>{$alert_date}</td>
</tr>\n";
+ }
+
+ // <script type="text/javascript">
+ // var myTable = {};
+ // window.addEvent('domready', function(){
+ // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
+ // });
+ // </script>
+
+ }
}
-
-// <script type="text/javascript">
-// var myTable = {};
-// window.addEvent('domready', function(){
-// myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
-// });
-// </script>
-
- }
-}
-?>
- </tbody>
- </table>
+ ?>
+ </tbody>
+ </table>
</td>
</table>
</div>
-<?php
+ <?php
-include("fend.inc");
+ include("fend.inc");
-echo $snort_custom_rnd_box;
+ echo $snort_custom_rnd_box;
-?>
+ ?>
- <script type="text/javascript">
+<script type="text/javascript">
var myTable = {};
window.addEvent('domready', function(){
myTable = new sortableTable('myTable', {overCls: 'over'});
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 72c488f3..33be4268 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -1,36 +1,36 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
-/*
+/*
TODO: Nov 12 09
Clean this code up its ugly
@@ -50,11 +50,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_nat[$id]) {
@@ -79,7 +79,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
$pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
$pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
$pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
$pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
$pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
@@ -121,124 +121,124 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
$pconfig['configpassthru'] = $a_nat[$id]['configpassthru'];
- $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+ $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
-
+
if (!$pconfig['interface'])
- $pconfig['interface'] = "wan";
+ $pconfig['interface'] = "wan";
} else {
$pconfig['interface'] = "wan";
}
if (isset($_GET['dup']))
- unset($id);
-
+unset($id);
+
$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- /* alert file */
+/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists($d_snortconfdirty_path)) {
- write_config();
+ write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
- unlink($d_snortconfdirty_path);
+ unlink($d_snortconfdirty_path);
- }
-
}
+}
+
- if ($_POST["Submit"]) {
+if ($_POST["Submit"]) {
/* check for overlaps */
foreach ($a_nat as $natent) {
if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
+ continue;
if ($natent['interface'] != $_POST['interface'])
- continue;
+ continue;
}
-/* if no errors write to conf */
+ /* if no errors write to conf */
if (!$input_errors) {
$natent = array();
- /* repost the options already in conf */
-
- if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
- if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
- if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
- if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
- if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
- if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
- if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
- if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
- if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
- if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
- if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
- if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
- if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
- if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
- if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
- if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
- if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
- if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
- if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
- if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
- if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
- if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
- if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
- if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
- if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
- if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
- if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
- if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
- if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
- if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
- if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
- if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
- if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
- if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
- if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
- if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
- if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
- if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
- if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
- if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
- if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
- if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
- if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
- if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
- if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
- if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
- if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
- if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
- if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
- if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
- if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
- if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
- if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
- if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
- if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
-
+ /* repost the options already in conf */
+
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
+ if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+ if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
+ if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
+ if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
+ if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
+
/* post new options */
$natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off;
$natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
@@ -246,16 +246,16 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; }
if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
write_config();
-
+
/* after click go to this page */
touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -273,7 +273,8 @@ $pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit";
include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
@@ -284,11 +285,17 @@ echo "{$snort_general_css}\n";
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
<script language="JavaScript">
<!--
@@ -313,21 +320,20 @@ echo "
//-->
</script>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-
-<?php
+<form action="snort_barnyard.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
if (file_exists($d_snortconfdirty_path)) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -339,39 +345,38 @@ echo "
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
-if($id != "")
-{
-
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
+ <tr>
+ <td class="tabnavtbl"><?php
+ if($id != "")
+ {
+
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
+ echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-}
-?>
-</td>
-</tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <?php
- /* display error code if there is no id */
- if($id == "")
- {
- echo "
+ }
+ ?></td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ /* display error code if there is no id */
+ if($id == "")
+ {
+ echo "
<style type=\"text/css\">
.noid {
position:absolute;
@@ -386,85 +391,90 @@ echo '</div>' . "\n";
}
</style>
<div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
-
- }
- ?>
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Barnyard2 Settings</td>
- </tr>
- <tr>
+
+ }
+ ?>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Barnyard2
+ Settings</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq2">Enable</td>
- <td width="78%" class="vtable">
- <?php
- // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
- // care with spaces
- if ($pconfig['barnyard_enable'] == "on")
- $checked = checked;
- if($id != "")
- {
+ <td width="78%" class="vtable"><?php
+ // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
+ // care with spaces
+ if ($pconfig['barnyard_enable'] == "on")
+ $checked = checked;
+ if($id != "")
+ {
$onclick_enable = "onClick=\"enable_change(false)\">";
- }
- echo "
+ }
+ echo "
<input name=\"barnyard_enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
<strong>Enable Barnyard2 on this Interface</strong><br>
This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>\n\n";
- ?>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Interface</td>
- <td width="78%" class="vtable">
- <select name="interface" class="formfld">
- <?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
- foreach ($interfaces as $iface => $ifacename): ?>
- <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Choose which interface this rule applies to.<br>
- Hint: in most cases, you'll want to use WAN here.</span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
- <td width="78%" class="vtable">
- <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>">
- <br> <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br>
- Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td>
- <td width="78%" class="vtable">
- <textarea name="barnconfigpassthru" cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
- <br>
- Arguments here will be automatically inserted into the running barnyard2 configuration.</td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"><input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings befor you click start. </td>
- </tr>
- </table>
- </table>
+ ?>
+
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Interface</td>
+ <td width="78%" class="vtable"><select name="interface"
+ class="formfld">
+ <?php
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>"
+ <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
+ <td width="78%" class="vtable"><input name="barnyard_mysql"
+ type="text" class="formfld" id="barnyard_mysql" size="100"
+ value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br>
+ <span class="vexpl">Example: output database: alert, mysql,
+ dbname=snort user=snort host=localhost password=xyz<br>
+ Example: output database: log, mysql, dbname=snort user=snort
+ host=localhost password=xyz</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration
+ pass through</td>
+ <td width="78%" class="vtable"><textarea name="barnconfigpassthru"
+ cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
+ <br>
+ Arguments here will be automatically inserted into the running
+ barnyard2 configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save"><input type="button" class="formbtn" value="Cancel"
+ onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings befor you click start. </td>
+ </tr>
+ </table>
+
+</table>
</form>
</div>
@@ -474,6 +484,6 @@ echo '</div>' . "\n";
enable_change(false);
//-->
</script>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 557ef4a4..87c41b67 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -1,34 +1,34 @@
<?php
/* $Id$ */
/*
- snort_blocked.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009 Robert Zelaya Sr. Developer
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_blocked.php
+ Copyright (C) 2006 Scott Ullrich
+ All rights reserved.
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -46,17 +46,17 @@ if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0')
if($_POST['todelete'] or $_GET['todelete']) {
if($_POST['todelete'])
- $ip = $_POST['todelete'];
+ $ip = $_POST['todelete'];
if($_GET['todelete'])
- $ip = $_GET['todelete'];
+ $ip = $_GET['todelete'];
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
}
if ($_POST['remove']) {
-exec("/sbin/pfctl -t snort2c -T flush");
-sleep(1);
-header("Location: /snort/snort_blocked.php");
+ exec("/sbin/pfctl -t snort2c -T flush");
+ sleep(1);
+ header("Location: /snort/snort_blocked.php");
}
@@ -67,11 +67,11 @@ if ($_POST['download'])
ob_start(); //important or other posts will fail
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_blocked_{$save_date}.tar.gz";
- exec('/bin/mkdir /tmp/snort_blocked');
+ exec('/bin/mkdir /tmp/snort_blocked');
exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf');
-
+
$blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf'))));
-
+
if ($blocked_ips_array_save[0] != '')
{
@@ -82,8 +82,8 @@ if ($_POST['download'])
$counter++;
- exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf");
-
+ exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf");
+
}
}
@@ -105,7 +105,7 @@ if ($_POST['download'])
exec("/bin/rm /tmp/snort_blocked/snort_block.pf");
od_end_clean(); //importanr or other post will fail
}else{
- echo 'Error no saved file.';
+ echo 'Error no saved file.';
}
}
@@ -117,114 +117,114 @@ if ($_POST['save'])
if ($_POST['save'])
{
-
+
}
-
- /* no errors */
- if (!$input_errors)
- {
-
+
+ /* no errors */
+ if (!$input_errors)
+ {
+
$config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off;
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
-
+
conf_mount_rw();
write_config();
//conf_mount_ro();
sleep(2);
header("Location: /snort/snort_blocked.php");
-
- }
-
+
+ }
+
}
/* build filter funcs */
function get_snort_alert_ip_src($fileline)
{
- /* SRC IP */
- $re1='.*?'; # Non-greedy match on filler
- $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
+ /* SRC IP */
+ $re1='.*?'; # Non-greedy match on filler
+ $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
- if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
- {
- $alert_ip_src = $matches4[1][0];
- }
+ if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
+ {
+ $alert_ip_src = $matches4[1][0];
+ }
-return $alert_ip_src;
+ return $alert_ip_src;
}
function get_snort_alert_disc($fileline)
{
- /* disc */
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- {
- $alert_disc = "$matches[2]";
- }
+ /* disc */
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ {
+ $alert_disc = "$matches[2]";
+ }
-return $alert_disc;
+ return $alert_disc;
}
/* build sec filters */
function get_snort_block_ip($fileline)
{
- /* ip */
- if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
- {
- $alert_block_ip = "$matches[0]";
- }
+ /* ip */
+ if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches))
+ {
+ $alert_block_ip = "$matches[0]";
+ }
-return $alert_block_ip;
+ return $alert_block_ip;
}
function get_snort_block_disc($fileline)
{
- /* disc */
- if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
- {
- $alert_block_disc = "$matches[0]";
- }
+ /* disc */
+ if (preg_match("/\]\s\[.+\]$/", $fileline, $matches))
+ {
+ $alert_block_disc = "$matches[0]";
+ }
-return $alert_block_disc;
+ return $alert_block_disc;
}
/* tell the user what settings they have */
$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked'];
- if ($blockedtab_msg_chk == "1h_b") {
- $blocked_msg = "hour";
- }
- if ($blockedtab_msg_chk == "3h_b") {
- $blocked_msg = "3 hours";
- }
- if ($blockedtab_msg_chk == "6h_b") {
- $blocked_msg = "6 hours";
- }
- if ($blockedtab_msg_chk == "12h_b") {
- $blocked_msg = "12 hours";
- }
- if ($blockedtab_msg_chk == "1d_b") {
- $blocked_msg = "day";
- }
- if ($blockedtab_msg_chk == "4d_b") {
- $blocked_msg = "4 days";
- }
- if ($blockedtab_msg_chk == "7d_b") {
- $blocked_msg = "7 days";
- }
- if ($blockedtab_msg_chk == "28d_b") {
- $blocked_msg = "28 days";
- }
+if ($blockedtab_msg_chk == "1h_b") {
+ $blocked_msg = "hour";
+}
+if ($blockedtab_msg_chk == "3h_b") {
+ $blocked_msg = "3 hours";
+}
+if ($blockedtab_msg_chk == "6h_b") {
+ $blocked_msg = "6 hours";
+}
+if ($blockedtab_msg_chk == "12h_b") {
+ $blocked_msg = "12 hours";
+}
+if ($blockedtab_msg_chk == "1d_b") {
+ $blocked_msg = "day";
+}
+if ($blockedtab_msg_chk == "4d_b") {
+ $blocked_msg = "4 days";
+}
+if ($blockedtab_msg_chk == "7d_b") {
+ $blocked_msg = "7 days";
+}
+if ($blockedtab_msg_chk == "28d_b") {
+ $blocked_msg = "28 days";
+}
if ($blockedtab_msg_chk != "never_b")
{
-$blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
+ $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>.";
}else{
-$blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
+ $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts.";
}
-
+
$pgtitle = "Services: Snort Blocked Hosts";
include("/usr/local/pkg/snort/snort_head.inc");
@@ -232,7 +232,7 @@ include("/usr/local/pkg/snort/snort_head.inc");
<body link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -241,7 +241,7 @@ include("/usr/local/pkg/snort/snort_head.inc");
});
</script>
-<?php
+<?php
include("fbegin.inc");
echo $snort_general_css;
@@ -254,225 +254,222 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '')
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
-
-<div class="body2">
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<!-- not needed maybe
<script src="/javascript/row_toggle.js" type="text/javascript"></script>
<script src="/javascript/sorttable.js" type="text/javascript"></script>
--->
-
-<?php if ($savemsg) print_info_box($savemsg); ?>
+--> <?php if ($savemsg) print_info_box($savemsg); ?>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
- </td>
- </tr>
-
- <tr>
+ <tr>
<td>
- <div id="mainarea2">
-
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="22%" colspan="0" class="listtopic">
- Last <?=$bnentries;?> Blocked.
- </td>
- <td width="78%" class="listtopic">
- This page lists hosts that have been blocked by Snort.&nbsp;&nbsp;<?=$blocked_msg_txt;?>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Save or Remove Hosts</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_blocked.php" method="post">
- <input name="download" type="submit" class="formbtn" value="Download">
- All blocked hosts will be saved.
- <input name="remove" type="submit" class="formbtn" value="Clear">
- <span class="red"><strong>Warning:</strong></span> all hosts will be removed.
- </form>
- </td>
- </tr>
- <tr>
- <td width="22%" class="vncell">Auto Refresh and Log View</td>
- <td width="78%" class="vtable">
- <form action="/snort/snort_blocked.php" method="post">
- <input name="save" type="submit" class="formbtn" value="Save">
- Refresh
- <input name="brefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
- <strong>Default</strong> is <strong>ON</strong>.
- <input name="blertnumber" type="text" class="formfld" id="blertnumber" size="5" value="<?=htmlspecialchars($bnentries);?>">
- Enter the number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
- </form>
- </td>
- </tr>
- </table>
- </div>
- <br>
- </td>
- </tr>
-
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Remove</td>
- <td class="listhdrr">#</td>
- <td class="listhdrr">IP</td>
- <td class="listhdrr">Alert Description</td>
- </tr>
-<?php
-/* set the arrays */
-exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
-$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
-$blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li class="snorttabs_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
-$logent = $bnentries;
-
-if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
-{
-
- /* build the list and compare blocks to alerts */
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- $counter++;
-
- $alert_ip_src = get_snort_alert_ip_src($fileline);
- $alert_ip_disc = get_snort_alert_disc($fileline);
- $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
-
- if (in_array("$alert_ip_src", $blocked_ips_array))
- {
- $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
- }
- }
-
- foreach($blocked_ips_array as $alert_block_ip)
- {
-
- if (!in_array($alert_block_ip, $alert_ip_src_array))
- {
- $input[] = "[$alert_block_ip] " . "[N\A]\n";
- }
- }
-
- /* reduce double occurrences */
- $result = array_unique($input);
-
- /* buil final list, preg_match, buld html */
- $counter2 = 0;
-
- foreach($result as $fileline2)
- {
- if($logent <= $counter2)
- continue;
-
- $counter2++;
-
- $alert_block_ip_str = get_snort_block_ip($fileline2);
-
- if($alert_block_ip_str != '')
- {
- $alert_block_ip_match = array('[',']');
- $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
- }else{
- $alert_block_ip = 'empty';
- }
+ </td>
+ </tr>
- $alert_block_disc_str = get_snort_block_disc($fileline2);
+ <tr>
+ <td>
+ <div id="mainarea2">
- if($alert_block_disc_str != '')
- {
- $alert_block_disc_match = array('] [',']');
- $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
- }else{
- $alert_block_disc = 'empty';
- }
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?>
+ Blocked.</td>
+ <td width="78%" class="listtopic">This page lists hosts that have
+ been blocked by Snort.&nbsp;&nbsp;<?=$blocked_msg_txt;?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Save or Remove Hosts</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post"><input
+ name="download" type="submit" class="formbtn" value="Download"> All
+ blocked hosts will be saved. <input name="remove" type="submit"
+ class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span>
+ all hosts will be removed.</form>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell">Auto Refresh and Log View</td>
+ <td width="78%" class="vtable">
+ <form action="/snort/snort_blocked.php" method="post"><input
+ name="save" type="submit" class="formbtn" value="Save"> Refresh <input
+ name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
+ <strong>Default</strong> is <strong>ON</strong>. <input
+ name="blertnumber" type="text" class="formfld" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the
+ number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>.
+ </form>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <br>
+ </td>
+ </tr>
- /* use one echo to do the magic*/
- echo "<tr>
+ <table class="tabcont" width="100%" border="0" cellspacing="0"
+ cellpadding="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Remove</td>
+ <td class="listhdrr">#</td>
+ <td class="listhdrr">IP</td>
+ <td class="listhdrr">Alert Description</td>
+ </tr>
+ <?php
+
+ /* set the arrays */
+ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache');
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
+ $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache'))));
+
+ $logent = $bnentries;
+
+ if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
+ {
+
+ /* build the list and compare blocks to alerts */
+ $counter = 0;
+ foreach($alerts_array as $fileline)
+ {
+
+ $counter++;
+
+ $alert_ip_src = get_snort_alert_ip_src($fileline);
+ $alert_ip_disc = get_snort_alert_disc($fileline);
+ $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
+
+ if (in_array("$alert_ip_src", $blocked_ips_array))
+ {
+ $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
+ }
+ }
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+
+ if (!in_array($alert_block_ip, $alert_ip_src_array))
+ {
+ $input[] = "[$alert_block_ip] " . "[N\A]\n";
+ }
+ }
+
+ /* reduce double occurrences */
+ $result = array_unique($input);
+
+ /* buil final list, preg_match, buld html */
+ $counter2 = 0;
+
+ foreach($result as $fileline2)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_ip_str = get_snort_block_ip($fileline2);
+
+ if($alert_block_ip_str != '')
+ {
+ $alert_block_ip_match = array('[',']');
+ $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str");
+ }else{
+ $alert_block_ip = 'empty';
+ }
+
+ $alert_block_disc_str = get_snort_block_disc($fileline2);
+
+ if($alert_block_disc_str != '')
+ {
+ $alert_block_disc_match = array('] [',']');
+ $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str");
+ }else{
+ $alert_block_disc = 'empty';
+ }
+
+ /* use one echo to do the magic*/
+ echo "<tr>
<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
<td>&nbsp;{$counter2}</td>
<td>&nbsp;{$alert_block_ip}</td>
<td>&nbsp;{$alert_block_disc}</td>
</tr>\n";
-
- }
-}else{
+ }
- /* if alerts file is empty and blocked table is not empty */
- $counter2 = 0;
+ }else{
- foreach($blocked_ips_array as $alert_block_ip)
- {
- if($logent <= $counter2)
- continue;
-
- $counter2++;
-
- $alert_block_disc = 'N/A';
-
- /* use one echo to do the magic*/
- echo "<tr>
+ /* if alerts file is empty and blocked table is not empty */
+ $counter2 = 0;
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_disc = 'N/A';
+
+ /* use one echo to do the magic*/
+ echo "<tr>
<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
<td>&nbsp;{$counter2}</td>
<td>&nbsp;{$alert_block_ip}</td>
<td>&nbsp;{$alert_block_disc}</td>
</tr>\n";
- }
-}
+ }
+ }
-echo '</table>' . "\n";
+ echo '</table>' . "\n";
-if ($blocked_ips_array[0] == '')
-{
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
-}else{
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
-}
+ if ($blocked_ips_array[0] == '')
+ {
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
+ }else{
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
+ }
-?>
- </td>
- </tr>
+ ?>
+ </td>
+ </tr>
</table>
- </td>
- </tr>
-</table>
-</div>
+ </td>
+ </tr>
+ </table>
+ </div>
-<?php
+ <?php
-include("fend.inc");
+ include("fend.inc");
echo $snort_custom_rnd_box;
?>
-
</body>
</html>
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index d5d5e095..0beff5dc 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -1,34 +1,34 @@
<?php
/* $Id$ */
/*
- snort_chk_log_dir_size.php
- part of pfSense
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009-2010 Robert Zelaya Developer
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_chk_log_dir_size.php
+ part of pfSense
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009-2010 Robert Zelaya Developer
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("/usr/local/pkg/snort/snort.inc");
@@ -41,7 +41,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
/* chk if snort log dir is full if so clear it */
-$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
+$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
if ($g['booting']==true) {
@@ -52,27 +52,27 @@ if ($snortloglimit == 'off') {
exit(0);
}
-$snortloglimitDSKsize = exec('df -k /var | grep -v "Filesystem" | awk \'{print \$4}\'');
+$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\'');
-$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert');
+$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert');
$snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
$snortloglimitsizeKB = round($snortloglimitsize * 1024);
/* do I need HUP kill ? */
if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
- conf_mount_rw();
- if(file_exists('/var/log/snort/alert')) {
- if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
- exec('/bin/echo "" > /var/log/snort/alert');
- }
- post_delete_logs();
- exec('/usr/sbin/chown snort:snort /var/log/snort/*');
- exec('/bin/chmod 660 /var/log/snort/*');
- //sleep(2);
- //exec('/usr/bin/killall -HUP snort');
- }
- conf_mount_ro();
+ conf_mount_rw();
+ if(file_exists('/var/log/snort/alert')) {
+ if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
+ exec('/bin/echo "" > /var/log/snort/alert');
+ }
+ post_delete_logs();
+ exec('/usr/sbin/chown snort:snort /var/log/snort/*');
+ exec('/bin/chmod 660 /var/log/snort/*');
+ //sleep(2);
+ //exec('/usr/bin/killall -HUP snort');
+ }
+ conf_mount_ro();
}
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 31cdc42d..51d403d9 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -1,32 +1,32 @@
<?php
/* $Id$ */
/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* Setup enviroment */
@@ -44,7 +44,7 @@ function read_header2($ch, $string) {
$regs = "";
ereg("(Content-Length:) (.*)", $string, $regs);
if($regs[2] <> "") {
- $file_size = intval($regs[2]);
+ $file_size = intval($regs[2]);
}
ob_flush();
return $length;
@@ -68,7 +68,7 @@ function read_body2($ch, $string) {
$lastseen = $downloadProgress;
}
if($fout)
- fwrite($fout, $string);
+ fwrite($fout, $string);
ob_flush();
return $length;
}
@@ -76,57 +76,57 @@ function read_body2($ch, $string) {
////////////////////////////////>>>>>>>>>>
function read_body_firmware($ch, $string) {
- global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
- $length = strlen($string);
- $downloaded += intval($length);
- $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
- $downloadProgress = 100 - $downloadProgress;
- $a = $file_size;
- $b = $downloaded;
- $c = $downloadProgress;
- $text = " Snort download in progress\\n";
- $text .= "----------------------------------------------------\\n";
- $text .= " Downloaded : {$b}\\n";
- $text .= "----------------------------------------------------\\n";
- $counter++;
- if($counter > 150) {
- update_output_window($text);
- update_progress_bar($downloadProgress);
- flush();
- $counter = 0;
- }
- fwrite($fout, $string);
- return $length;
+ global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ $a = $file_size;
+ $b = $downloaded;
+ $c = $downloadProgress;
+ $text = " Snort download in progress\\n";
+ $text .= "----------------------------------------------------\\n";
+ $text .= " Downloaded : {$b}\\n";
+ $text .= "----------------------------------------------------\\n";
+ $counter++;
+ if($counter > 150) {
+ update_output_window($text);
+ update_progress_bar($downloadProgress);
+ flush();
+ $counter = 0;
+ }
+ fwrite($fout, $string);
+ return $length;
}
function download_file_with_progress_bar2($url_file, $destination_file, $readbody = 'read_body') {
- global $ch, $fout, $file_size, $downloaded;
- $file_size = 1;
- $downloaded = 1;
- /* open destination file */
- $fout = fopen($destination_file, "wb");
-
- /*
- * Originally by Author: Keyvan Minoukadeh
- * Modified by Scott Ullrich to return Content-Length size
- */
-
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url_file);
- curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
- curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
- curl_setopt($ch, CURLOPT_TIMEOUT, 0);
-
- curl_exec($ch);
- $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if($fout)
- fclose($fout);
- curl_close($ch);
- return ($http_code == 200) ? true : $http_code;
+ global $ch, $fout, $file_size, $downloaded;
+ $file_size = 1;
+ $downloaded = 1;
+ /* open destination file */
+ $fout = fopen($destination_file, "wb");
+
+ /*
+ * Originally by Author: Keyvan Minoukadeh
+ * Modified by Scott Ullrich to return Content-Length size
+ */
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
+ curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
+ curl_setopt($ch, CURLOPT_TIMEOUT, 0);
+
+ curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ if($fout)
+ fclose($fout);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
}
//////////////////////////////
@@ -148,16 +148,16 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'
if ($oinkid == '' && $snortdownload == 'on')
{
- echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n";
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
- exit;
+ echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n";
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'");
+ exit;
}
if ($snortdownload != "on" && $emergingthreats != "on")
{
- echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n';
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
- exit;
+ echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n';
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'");
+ exit;
}
/* Time stamps define */
@@ -197,8 +197,8 @@ conf_mount_rw();
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
- echo 'Removing old tmp files...' . "\n";
- exec("/bin/rm -r {$tmpfname}");
+ echo 'Removing old tmp files...' . "\n";
+ exec("/bin/rm -r {$tmpfname}");
apc_clear_cache();
}
@@ -216,14 +216,14 @@ conf_mount_rw();
if (file_exists($tmpfname)) {
echo 'The directory tmp exists...' . "\n";
} else {
- mkdir("{$tmpfname}", 700);
+ mkdir("{$tmpfname}", 700);
}
/* download md5 sig from snort.org */
if ($snortdownload == 'on')
{
if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
echo 'snort.org md5 temp file exists...' . "\n";
} else {
echo 'Downloading snort.org md5 file...' . "\n";
@@ -239,14 +239,14 @@ if ($snortdownload == 'on')
/* download md5 sig from emergingthreats.net */
if ($emergingthreats == "on")
{
- echo 'Downloading emergingthreats md5 file...' . "\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- echo 'Done downloading emergingthreats md5' . "\n";
+ echo 'Downloading emergingthreats md5 file...' . "\n";
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $f = fopen("{$tmpfname}/version.txt", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ echo 'Done downloading emergingthreats md5' . "\n";
}
/* download md5 sig from pfsense.org */
@@ -254,12 +254,12 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
echo 'Pfsense md5 temp file exists...' . "\n";
} else {
echo 'Downloading pfsense md5 file...' . "\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+ $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
+ fwrite($f, $image);
+ fclose($f);
echo 'Done downloading pfsense md5.' . "\n";
}
@@ -282,7 +282,7 @@ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
echo 'Please wait... You may only check for New Pfsense Rules every 15 minutes...' . "\n";
echo 'Rules are released to support Pfsense packages.' . "\n";
conf_mount_ro();
- exit(0);
+ exit(0);
}
/* Check if were up to date snort.org */
@@ -300,7 +300,7 @@ if ($snortdownload == 'on')
if ($md5_check_new == $md5_check_old)
{
echo 'Your rules are up to date...' . "\n";
- echo 'You may start Snort now, check update.' . "\n";
+ echo 'You may start Snort now, check update.' . "\n";
$snort_md5_check_ok = on;
}
}
@@ -319,7 +319,7 @@ if ($emergingthreats == "on")
// Will cause switch back to read-only on nanobsd
write_config();
conf_mount_rw();
- if ($emerg_md5_check_new == $emerg_md5_check_old)
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
{
$emerg_md5_check_ok = on;
}
@@ -327,21 +327,21 @@ if ($emergingthreats == "on")
}
/* Check if were up to date pfsense.org */
- if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ // Will cause switch back to read-only on nanobsd
+ write_config();
+ conf_mount_rw();
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
{
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- $pfsense_md5_check_ok = on;
- }
+ $pfsense_md5_check_ok = on;
}
+}
/* Check if were up to date is so, exit */
/* WARNING This code needs constant checks */
@@ -349,10 +349,10 @@ if ($snortdownload == 'on' && $emergingthreats == 'on')
{
if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on')
{
- echo 'All your rules are up to date...' . "\n";
- echo 'You may start Snort now...' . "\n";
- conf_mount_ro();
- exit(0);
+ echo 'All your rules are up to date...' . "\n";
+ echo 'You may start Snort now...' . "\n";
+ conf_mount_ro();
+ exit(0);
}
}
@@ -360,10 +360,10 @@ if ($snortdownload == 'on' && $emergingthreats == 'off')
{
if ($snort_md5_check_ok == 'on')
{
- echo 'Your snort.org rules are up to date...' . "\n";
- echo 'You may start Snort now...' . "\n";
- conf_mount_ro();
- exit(0);
+ echo 'Your snort.org rules are up to date...' . "\n";
+ echo 'You may start Snort now...' . "\n";
+ conf_mount_ro();
+ exit(0);
}
}
@@ -371,13 +371,13 @@ if ($snortdownload == 'off' && $emergingthreats == 'on')
{
if ($emerg_md5_check_ok == 'on')
{
- echo 'Your Emergingthreats rules are up to date...' . "\n";
- echo 'You may start Snort now...' . "\n";
- conf_mount_ro();
- exit(0);
+ echo 'Your Emergingthreats rules are up to date...' . "\n";
+ echo 'You may start Snort now...' . "\n";
+ conf_mount_ro();
+ exit(0);
}
}
-
+
/* You are Not Up to date, always stop snort when updating rules for low end machines */;
echo 'You are NOT up to date...' . "\n";
echo 'Stopping Snort service...' . "\n";
@@ -392,51 +392,51 @@ if ($chk_if_snort_up != "") {
if ($snortdownload == 'on')
{
if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- echo 'Snortrule tar file exists...' . "\n";
- } else {
- echo 'There is a new set of Snort.org rules posted. Downloading...' . "\n";
- echo 'May take 4 to 10 min...' . "\n";
- conf_mount_rw();
- download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- echo 'Done downloading rules file.' . "\n";
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- echo 'Error with the snort rules download...' . "\n";
- echo 'Snort rules file downloaded failed...' . "\n";
- conf_mount_ro();
- exit(0);
- }
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ echo 'Snortrule tar file exists...' . "\n";
+ } else {
+ echo 'There is a new set of Snort.org rules posted. Downloading...' . "\n";
+ echo 'May take 4 to 10 min...' . "\n";
+ conf_mount_rw();
+ download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ echo 'Done downloading rules file.' . "\n";
+ if (150000 > filesize("{$tmpfname}/$snort_filename")){
+ echo 'Error with the snort rules download...' . "\n";
+ echo 'Snort rules file downloaded failed...' . "\n";
+ conf_mount_ro();
+ exit(0);
+ }
}
}
}
-
+
/* download emergingthreats rules file */
-if ($emergingthreats == "on")
+if ($emergingthreats == "on")
{
if ($emerg_md5_check_ok != on)
{
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- echo 'Emergingthreats tar file exists...' . "\n";
- }else{
- echo 'There is a new set of Emergingthreats rules posted. Downloading...' . "\n";
- echo 'May take 4 to 10 min...' . "\n";
- download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- echo 'Done downloading Emergingthreats rules file.' . "\n";
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ echo 'Emergingthreats tar file exists...' . "\n";
+ }else{
+ echo 'There is a new set of Emergingthreats rules posted. Downloading...' . "\n";
+ echo 'May take 4 to 10 min...' . "\n";
+ download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ echo 'Done downloading Emergingthreats rules file.' . "\n";
}
}
}
/* download pfsense rules file */
if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- echo 'Snortrule tar file exists...' . "\n";
-} else {
- echo 'There is a new set of Pfsense rules posted. Downloading...' . "\n";
- echo 'May take 4 to 10 min...' . "\n";
- download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- echo 'Done downloading rules file.' . "\n";
- }
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ echo 'Snortrule tar file exists...' . "\n";
+ } else {
+ echo 'There is a new set of Pfsense rules posted. Downloading...' . "\n";
+ echo 'May take 4 to 10 min...' . "\n";
+ download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
+ echo 'Done downloading rules file.' . "\n";
+ }
}
/* Compair md5 sig to file sig */
@@ -471,30 +471,30 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
if ($snortdownload == 'on')
{
if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
- if ($pfsense_stable == 'yes')
- {
- $freebsd_version_so = 'FreeBSD-7-2';
- }else{
- $freebsd_version_so = 'FreeBSD-8-0';
- }
-
- echo 'Extracting Snort.org rules...' . "\n";
- echo 'May take a while...' . "\n";
- /* extract snort.org rules and add prefix to all snort.org files*/
- exec("/bin/rm -r {$snortdir}/rules");
- sleep(2);
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
- sleep(2);
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
- /* extract so rules */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/");
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/* /usr/local/lib/snort/dynamicrules/");
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ if ($pfsense_stable == 'yes')
+ {
+ $freebsd_version_so = 'FreeBSD-7-2';
+ }else{
+ $freebsd_version_so = 'FreeBSD-8-0';
+ }
+
+ echo 'Extracting Snort.org rules...' . "\n";
+ echo 'May take a while...' . "\n";
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+ /* extract so rules */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/");
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/* /usr/local/lib/snort/dynamicrules/");
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
" so_rules/chat.rules/" .
" so_rules/dos.rules/" .
" so_rules/exploit.rules/" .
@@ -511,37 +511,37 @@ if ($snortdownload == 'on')
" so_rules/web-client.rules/" .
" so_rules/web-iis.rules/" .
" so_rules/web-misc.rules/");
-
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
-
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- echo 'Done extracting Snort.org Rules.' . "\n";
- }else{
- echo 'Error extracting Snort.org Rules...' . "\n";
- echo 'Error Line 755' . "\n";
- conf_mount_ro();
- exit(0);
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ echo 'Done extracting Snort.org Rules.' . "\n";
+ }else{
+ echo 'Error extracting Snort.org Rules...' . "\n";
+ echo 'Error Line 755' . "\n";
+ conf_mount_ro();
+ exit(0);
}
}
}
@@ -562,46 +562,46 @@ if ($emergingthreats == "on")
/* Untar Pfsense rules to tmp */
if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- echo 'Extracting Pfsense rules...' . "\n";
- echo 'May take a while...' . "\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ echo 'Extracting Pfsense rules...' . "\n";
+ echo 'May take a while...' . "\n";
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
}
/* Untar snort signatures */
if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
-if ($premium_url_chk == on) {
- echo 'Extracting Signatures...' . "\n";
- echo 'May take a while...' . "\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- echo 'Done extracting Signatures.' . "\n";
- }
- }
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == on) {
+ echo 'Extracting Signatures...' . "\n";
+ echo 'May take a while...' . "\n";
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ echo 'Done extracting Signatures.' . "\n";
+ }
+ }
}
/* Copy md5 sig to snort dir */
if ($snortdownload == 'on')
{
if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- echo 'Copying md5 sig to snort directory...' . "\n";
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- echo 'The md5 file does not exist...' . "\n";
- echo 'Error copying config...' . "\n";
- conf_mount_ro();
- exit(0);
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ echo 'Copying md5 sig to snort directory...' . "\n";
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ echo 'The md5 file does not exist...' . "\n";
+ echo 'Error copying config...' . "\n";
+ conf_mount_ro();
+ exit(0);
}
}
-}
-
+}
+
/* Copy emergingthreats md5 sig to snort dir */
if ($emergingthreats == "on")
{
- if ($emerg_md5_check_ok != on)
+ if ($emerg_md5_check_ok != on)
{
if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
{
@@ -612,24 +612,24 @@ if ($emergingthreats == "on")
echo 'Error copying config...' . "\n";
conf_mount_ro();
exit(0);
- }
+ }
}
}
/* Copy Pfsense md5 sig to snort dir */
if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- echo 'Copying Pfsense md5 sig to snort directory...' . "\n";
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
-} else {
- update_status(gettext(""));
- echo 'The Pfsense md5 file does not exist...' . "\n";
- echo 'Error copying config...' . "\n";
- conf_mount_ro();
- exit(0);
- }
+ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ echo 'Copying Pfsense md5 sig to snort directory...' . "\n";
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+ } else {
+ update_status(gettext(""));
+ echo 'The Pfsense md5 file does not exist...' . "\n";
+ echo 'Error copying config...' . "\n";
+ conf_mount_ro();
+ exit(0);
+ }
}
-
+
/* Copy signatures dir to snort dir */
if ($snortdownload == 'on')
{
@@ -639,16 +639,16 @@ if ($snortdownload == 'on')
if ($premium_url_chk == on)
{
if (file_exists("{$snortdir}/doc/signatures")) {
- echo 'Copying signatures...' . "\n";
- echo 'May take a while...' . "\n";
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- echo 'Done copying signatures.' . "\n";
- }else{
- echo 'Directory signatures exist...' . "\n";
- echo 'Error copying signature...' . "\n";
- conf_mount_ro();
- exit(0);
+ echo 'Copying signatures...' . "\n";
+ echo 'May take a while...' . "\n";
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ echo 'Done copying signatures.' . "\n";
+ }else{
+ echo 'Directory signatures exist...' . "\n";
+ echo 'Error copying signature...' . "\n";
+ conf_mount_ro();
+ exit(0);
}
}
}
@@ -687,28 +687,28 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
function oinkmaster_conf($id, $if_real, $iface_uuid)
{
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
+ /* enable disable setting will carry over with updates */
+ /* TODO carry signature changes with the updates */
+ if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
+ $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
+ $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
-$snort_sid_text = <<<EOD
+ $snort_sid_text = <<<EOD
###########################################
# #
@@ -722,19 +722,19 @@ update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
url = dir:///usr/local/etc/snort/rules
-$selected_sid_on_sections
+ $selected_sid_on_sections
-$selected_sid_off_sections
+ $selected_sid_off_sections
EOD;
- /* open snort's oinkmaster.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
+ /* open snort's oinkmaster.conf for writing */
+ $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
- fwrite($oinkmasterlist, "$snort_sid_text");
+ fwrite($oinkmasterlist, "$snort_sid_text");
- /* close snort's oinkmaster.conf file */
- fclose($oinkmasterlist);
+ /* close snort's oinkmaster.conf file */
+ fclose($oinkmasterlist);
}
}
@@ -745,38 +745,38 @@ EOD;
function oinkmaster_run($id, $if_real, $iface_uuid)
{
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
{
if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
{
- echo 'Your first set of rules are being copied...' . "\n";
- echo 'May take a while...' . "\n";
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ echo 'Your first set of rules are being copied...' . "\n";
+ echo 'May take a while...' . "\n";
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
}else{
- echo 'Your enable and disable changes are being applied to your fresh set of rules...' . "\n";
- echo 'May take a while...' . "\n";
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+ echo 'Your enable and disable changes are being applied to your fresh set of rules...' . "\n";
+ echo 'May take a while...' . "\n";
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
}
}
}
@@ -791,17 +791,17 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
$id = -1;
foreach ($rule_array as $value) {
- $id += 1;
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
}
}
@@ -842,8 +842,8 @@ if (file_exists("/tmp/snort_download_halt.pid")) {
echo 'Snort has restarted with your new set of rules...' . "\n";
exec("/bin/rm /tmp/snort_download_halt.pid");
} else {
- echo 'The Rules update finished...' . "\n";
- echo 'You may start snort now...' . "\n\n";
+ echo 'The Rules update finished...' . "\n";
+ echo 'You may start snort now...' . "\n\n";
}
/* script finnished make system read only again */
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index c9e06c91..2b3ade1a 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -1,36 +1,36 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
-/*
+/*
TODO: Nov 12 09
Clean this code up its ugly
@@ -52,11 +52,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
@@ -82,7 +82,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
$pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
$pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
$pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
$pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
$pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
@@ -129,8 +129,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
-if (isset($_GET['dup']))
- unset($id);
+ if (isset($_GET['dup']))
+ unset($id);
}
/* convert fake interfaces to real */
@@ -142,133 +142,134 @@ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
- if ($_POST["Submit"]) {
+if ($_POST["Submit"]) {
/* check for overlaps */
-/* if no errors write to conf */
+ /* if no errors write to conf */
if (!$input_errors) {
$natent = array();
- /* repost the options already in conf */
- if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
- if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
- if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
- if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
- if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
- if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
- if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
- if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
- if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
- if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
- if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
- if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
- if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
- if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
- if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
- if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
- if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
- if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
- if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
- if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
- if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
- if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
- if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
- if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
- if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
- if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
-
-
+ /* repost the options already in conf */
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
+ if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+ if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
+ if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
+ if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
+ if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
+ if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
+ if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
+
+
/* post new options */
if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
- if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; }
+ if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; }
if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; }
if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; }
if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; }
- if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; }
+ if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; }
if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; }
if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; }
if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; }
- if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; }
+ if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; }
if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; }
if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; }
if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; }
- if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; }
+ if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; }
if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; }
if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; }
if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; }
- if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; }
+ if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; }
if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; }
if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; }
if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; }
- if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; }
+ if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; }
if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; }
if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
- if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
+ if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
- if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; }
+ if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; }
if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; }
if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; }
if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; }
if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
write_config();
-
+
/* after click go to this page */
-
+
touch($d_snortconfdirty_path);
-
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
sleep(2);
-
+
header("Location: snort_define_servers.php?id=$id");
-
+
exit;
}
}
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists($d_snortconfdirty_path)) {
- write_config();
+ write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
- unlink($d_snortconfdirty_path);
+ unlink($d_snortconfdirty_path);
- }
-
}
+}
+
$pgtitle = "Snort: Interface $id$if_real Define Servers";
include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
@@ -278,29 +279,34 @@ echo "{$snort_general_css}\n";
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
-<form action="snort_define_servers.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-
-<?php
+<form action="snort_define_servers.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
//if (file_exists($d_snortconfdirty_path)) {
if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -312,39 +318,38 @@ echo "{$snort_general_css}\n";
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
-if($id != "")
-{
-
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
+ <tr>
+ <td class="tabnavtbl"><?php
+ if($id != "")
+ {
+
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
+ echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-}
-?>
-</td>
-</tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <?php
- /* display error code if there is no id */
- if($id == "")
- {
- echo "
+ }
+ ?></td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ /* display error code if there is no id */
+ if($id == "")
+ {
+ echo "
<style type=\"text/css\">
.noid {
position:absolute;
@@ -359,239 +364,304 @@ echo '</div>' . "\n";
}
</style>
<div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
-
- }
- ?>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br>
- Please save your settings before you click start.<br>
- Please make sure there are <strong>no spaces</strong> in your definitions.
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Define Servers</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
- <td width="78%" class="vtable">
- <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=htmlspecialchars($pconfig['def_http_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=htmlspecialchars($pconfig['def_www_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=htmlspecialchars($pconfig['def_http_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
- <td width="78%" class="vtable">
- <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
- <td width="78%" class="vtable">
- <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>">
- <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
- <td width="78%" class="vtable">
- <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>">
- <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click start. </td>
- </tr>
- </table>
- </table>
+
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br>
+ Please save your settings before you click start.<br>
+ Please make sure there are <strong>no spaces</strong> in your
+ definitions. </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Define Servers</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_dns_servers"
+ type="text" class="formfld" id="def_dns_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_dns_ports"
+ type="text" class="formfld" id="def_dns_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 53.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_smtp_servers"
+ type="text" class="formfld" id="def_smtp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_smtp_ports"
+ type="text" class="formfld" id="def_smtp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
+ <td width="78%" class="vtable"><input name="def_mail_ports"
+ type="text" class="formfld" id="def_mail_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25,143,465,691.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_http_servers"
+ type="text" class="formfld" id="def_http_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_www_servers"
+ type="text" class="formfld" id="def_www_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_http_ports"
+ type="text" class="formfld" id="def_http_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 80.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_sql_servers"
+ type="text" class="formfld" id="def_sql_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_oracle_ports"
+ type="text" class="formfld" id="def_oracle_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 1521.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_mssql_ports"
+ type="text" class="formfld" id="def_mssql_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 1433.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_telnet_servers"
+ type="text" class="formfld" id="def_telnet_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_telnet_ports"
+ type="text" class="formfld" id="def_telnet_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 23.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_snmp_servers"
+ type="text" class="formfld" id="def_snmp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_snmp_ports"
+ type="text" class="formfld" id="def_snmp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 161.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_ftp_servers"
+ type="text" class="formfld" id="def_ftp_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ftp_ports"
+ type="text" class="formfld" id="def_ftp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 21.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_ssh_servers"
+ type="text" class="formfld" id="def_ssh_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ssh_ports"
+ type="text" class="formfld" id="def_ssh_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is Pfsense SSH port.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_pop_servers"
+ type="text" class="formfld" id="def_pop_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_pop2_ports"
+ type="text" class="formfld" id="def_pop2_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 109.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_pop3_ports"
+ type="text" class="formfld" id="def_pop3_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 110.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
+ <td width="78%" class="vtable"><input name="def_imap_servers"
+ type="text" class="formfld" id="def_imap_servers" size="40"
+ value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_imap_ports"
+ type="text" class="formfld" id="def_imap_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 143.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
+ <td width="78%" class="vtable"><input name="def_sip_proxy_ip"
+ type="text" class="formfld" id="def_sip_proxy_ip" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+ blank to scan all networks.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_sip_proxy_ports"
+ type="text" class="formfld" id="def_sip_proxy_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_auth_ports"
+ type="text" class="formfld" id="def_auth_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 113.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_finger_ports"
+ type="text" class="formfld" id="def_finger_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 79.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_irc_ports"
+ type="text" class="formfld" id="def_irc_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_nntp_ports"
+ type="text" class="formfld" id="def_nntp_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 119.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_rlogin_ports"
+ type="text" class="formfld" id="def_rlogin_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 513.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_rsh_ports"
+ type="text" class="formfld" id="def_rsh_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 514.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports"
+ type="text" class="formfld" id="def_ssl_ports" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports
+ betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save"> <input type="button" class="formbtn" value="Cancel"
+ onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+
+</table>
</form>
</div>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index dc093015..d9652eb3 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -1,32 +1,32 @@
<?php
/* $Id$ */
/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* Setup enviroment */
@@ -48,7 +48,7 @@ $pfsense_rules_filename = "pfsense_rules.tar.gz";
$id_d = $_GET['id_d'];
if (isset($_POST['id_d']))
- $id_d = $_POST['id_d'];
+$id_d = $_POST['id_d'];
/* Time stamps define */
$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
@@ -59,26 +59,26 @@ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
- if ($snortdownload == 'off' && $emergingthreats != 'on')
- {
- $snort_emrging_info = 'stop';
- }
+if ($snortdownload == 'off' && $emergingthreats != 'on')
+{
+ $snort_emrging_info = 'stop';
+}
- if ($oinkid == "" && $snortdownload != 'off')
- {
- $snort_oinkid_info = 'stop';
- }
+if ($oinkid == "" && $snortdownload != 'off')
+{
+ $snort_oinkid_info = 'stop';
+}
+
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
- /* check if main rule directory is empty */
- $if_mrule_dir = "/usr/local/etc/snort/rules";
- $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
if (file_exists('/var/run/snort.conf.dirty')) {
$snort_dirty_d = 'stop';
}
-
+
$pgtitle = "Services: Snort: Update Rules";
include("/usr/local/pkg/snort/snort_head.inc");
@@ -92,81 +92,72 @@ include("/usr/local/pkg/snort/snort_head.inc");
<?php //include("./snort_fbegin.inc"); ?>
-<div id="wrapper" style="top:200px">
- <div id="content">
- <div id="right" style="min-height:200px">
-
-<br>
-
-<!-- after fbegin -->
+<div id="wrapper" style="top: 200px">
+<div id="content">
+<div id="right" style="min-height: 200px"><br>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<!-- after fbegin --> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<form action="./snort_testing.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-</td>
-</tr>
- <br>
- <tr>
+ <tr>
+ <td></td>
+ </tr>
+ <br>
+ <tr>
<td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td align="center" valign="top">
- <!-- progress bar -->
- <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
- <tr>
- <td>
- <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
- </td>
- </tr>
- </table>
- <br />
- <!-- status box -->
- <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea>
- <!-- command output box -->
- <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
- </textarea>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6"
+ cellspacing="0">
+ <tr>
+ <td align="center" valign="top"><!-- progress bar -->
+ <table id="progholder" width='420'
+ style='border-collapse: collapse; border: 1px solid #000000;'
+ cellpadding='2' cellspacing='2'>
+ <tr>
+ <td><img border='0'
+ src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
+ width='280' height='23' name='progressbar' id='progressbar'
+ alt='' /></td>
+ </tr>
+ </table>
+ <br />
+ <!-- status box --> <textarea cols="60" rows="2" name="status"
+ id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea> <!-- command output box --> <textarea
+ cols="60" rows="2" name="output" id="output" wrap="hard">
+ </textarea></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
</table>
<form>
<style type="text/css">
-
#footer {
-position: relative;
-background-color: transparent;
-background-repeat: no-repeat;
-background-attachment: scroll;
-background-position: 0% 0%;
-top: -18px;
-left: 0px;
-width: 810px;
-height: 75px;
-color: #ffffff;
-text-align: center;
-font-size: 0.9em;
-padding-top: 0px;
-margin-bottom: 0px;
-clear: both;
+ position: relative;
+ background-color: transparent;
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: 0% 0%;
+ top: -18px;
+ left: 0px;
+ width: 810px;
+ height: 75px;
+ color: #ffffff;
+ text-align: center;
+ font-size: 0.9em;
+ padding-top: 0px;
+ margin-bottom: 0px;
+ clear: both;
}
-
</style>
-<?php include("fend.inc");?>
-
-<?php
+<?php include("fend.inc");?> <?php
/* Start of code */
/* Begin main code */
@@ -196,8 +187,8 @@ conf_mount_rw();
/* remove old $tmpfname files */
if (file_exists("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
- exec("/bin/rm -r {$tmpfname}");
+ update_status(gettext("Removing old tmp files..."));
+ exec("/bin/rm -r {$tmpfname}");
apc_clear_cache();
}
@@ -213,9 +204,9 @@ conf_mount_rw();
/* If tmp dir does not exist create it */
if (file_exists($tmpfname)) {
- update_status(gettext("The directory tmp exists..."));
+ update_status(gettext("The directory tmp exists..."));
} else {
- mkdir("{$tmpfname}", 700);
+ mkdir("{$tmpfname}", 700);
}
/* unhide progress bar and lets end this party */
@@ -227,12 +218,12 @@ unhide_progress_bar_status();
if ($snortdownload == 'on')
{
if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
- filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+ filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
update_status(gettext("snort.org md5 temp file exists..."));
} else {
update_status(gettext("Downloading snort.org md5 file..."));
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-
+
//$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
$image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
$f = fopen("{$tmpfname}/{$snort_filename_md5}", 'w');
@@ -245,28 +236,28 @@ if ($snortdownload == 'on')
/* download md5 sig from emergingthreats.net */
if ($emergingthreats == "on")
{
- update_status(gettext("Downloading emergingthreats md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done downloading emergingthreats md5"));
+ update_status(gettext("Downloading emergingthreats md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+ $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
+ $f = fopen("{$tmpfname}/version.txt", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done downloading emergingthreats md5"));
}
/* download md5 sig from pfsense.org */
if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("pfsense md5 temp file exists..."));
+ update_status(gettext("pfsense md5 temp file exists..."));
} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ update_status(gettext("Downloading pfsense md5 file..."));
+ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
//$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done downloading pfsense md5."));
+ $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+ $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
+ fwrite($f, $image);
+ fclose($f);
+ update_status(gettext("Done downloading pfsense md5."));
}
/* If md5 file is empty wait 15min exit */
@@ -279,9 +270,9 @@ if ($snortdownload == 'on')
hide_progress_bar_status();
/* Display last time of sucsessful md5 check from cache */
echo "\n\n</body>\n</html>\n";
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
exit(0);
}
}
@@ -290,15 +281,15 @@ conf_mount_ro();
/* If pfsense md5 file is empty wait 15min exit */
if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n\n</body>\n</html>\n";
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
+ update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+ update_output_window(gettext("Rules are released to support Pfsense packages."));
+ hide_progress_bar_status();
+ /* Display last time of sucsessful md5 check from cache */
+ echo "\n\n</body>\n</html>\n";
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
/* Check if were up to date snort.org */
@@ -318,8 +309,8 @@ if ($snortdownload == 'on')
update_status(gettext("Your rules are up to date..."));
update_output_window(gettext("You may start Snort now, check update."));
hide_progress_bar_status();
- echo "\n\n</body>\n</html>\n";
- $snort_md5_check_ok = on;
+ echo "\n\n</body>\n</html>\n";
+ $snort_md5_check_ok = on;
}
}
}
@@ -337,31 +328,31 @@ if ($emergingthreats == "on")
// Will cause switch back to read-only on nanobsd
write_config();
conf_mount_rw();
- if ($emerg_md5_check_new == $emerg_md5_check_old)
+ if ($emerg_md5_check_new == $emerg_md5_check_old)
{
- hide_progress_bar_status();
- $emerg_md5_check_ok = on;
+ hide_progress_bar_status();
+ $emerg_md5_check_ok = on;
}
}
}
/* Check if were up to date pfsense.org */
- if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+ $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+ $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+ /* Write out time of last sucsessful md5 to cache */
+ // Will cause switch back to read-only on nanobsd
+ write_config();
+ conf_mount_rw();
+ if ($pfsense_md5_check_new == $pfsense_md5_check_old)
{
- $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
- $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
- $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
- if ($pfsense_md5_check_new == $pfsense_md5_check_old)
- {
- hide_progress_bar_status();
- $pfsense_md5_check_ok = on;
- }
+ hide_progress_bar_status();
+ $pfsense_md5_check_ok = on;
}
+}
/* Check if were up to date is so, exit */
/* WARNING This code needs constant checks */
@@ -369,12 +360,12 @@ if ($snortdownload == 'on' && $emergingthreats == 'on')
{
if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on')
{
- update_status(gettext("All your rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
+ update_status(gettext("All your rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
@@ -382,12 +373,12 @@ if ($snortdownload == 'on' && $emergingthreats == 'off')
{
if ($snort_md5_check_ok == 'on')
{
- update_status(gettext("Your snort.org rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
+ update_status(gettext("Your snort.org rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
@@ -395,15 +386,15 @@ if ($snortdownload == 'off' && $emergingthreats == 'on')
{
if ($emerg_md5_check_ok == 'on')
{
- update_status(gettext("Your Emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
+ update_status(gettext("Your Emergingthreats rules are up to date..."));
+ update_output_window(gettext("You may start Snort now..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
-
+
/* You are Not Up to date, always stop snort when updating rules for low end machines */;
update_status(gettext("You are NOT up to date..."));
update_output_window(gettext("Stopping Snort service..."));
@@ -418,62 +409,62 @@ if ($chk_if_snort_up != "") {
if ($snortdownload == 'on')
{
if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
- } else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- conf_mount_rw();
- //snort_download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- snort_download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
-
- update_output_window(gettext("Snort rules file downloaded failed..."));
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
- }
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ conf_mount_rw();
+ //snort_download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ snort_download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ if (150000 > filesize("{$tmpfname}/$snort_filename")){
+ update_status(gettext("Error with the snort rules download..."));
+
+ update_output_window(gettext("Snort rules file downloaded failed..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
+ }
}
}
}
-
+
/* download emergingthreats rules file */
-if ($emergingthreats == "on")
+if ($emergingthreats == "on")
{
if ($emerg_md5_check_ok != on)
{
- if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
- {
- update_status(gettext("Emergingthreats tar file exists..."));
- }else{
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading Emergingthreats rules file."));
+ if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+ {
+ update_status(gettext("Emergingthreats tar file exists..."));
+ }else{
+ update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading Emergingthreats rules file."));
}
}
}
/* download pfsense rules file */
if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
-} else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
- // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- }
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Snortrule tar file exists..."));
+ } else {
+ unhide_progress_bar_status();
+ update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+ update_output_window(gettext("May take 4 to 10 min..."));
+ // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
+ download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
+ update_all_status($static_output);
+ update_status(gettext("Done downloading rules file."));
+ }
}
/* Compair md5 sig to file sig */
@@ -508,33 +499,33 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
if ($snortdownload == 'on')
{
if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
-
- if ($pfsense_stable == 'yes')
- {
- $freebsd_version_so = 'FreeBSD-7-2';
- }else{
- $freebsd_version_so = 'FreeBSD-8-0';
- }
-
- update_status(gettext("Extracting Snort.org rules..."));
- update_output_window(gettext("May take a while..."));
- /* extract snort.org rules and add prefix to all snort.org files*/
- exec("/bin/rm -r {$snortdir}/rules");
- sleep(2);
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- chdir ("/usr/local/etc/snort/rules");
- sleep(2);
- exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
-
- /* extract so rules on for x86 for now */
- /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */
- if($snort_arch == 'x86'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+ if ($pfsense_stable == 'yes')
+ {
+ $freebsd_version_so = 'FreeBSD-7-2';
+ }else{
+ $freebsd_version_so = 'FreeBSD-8-0';
+ }
+
+ update_status(gettext("Extracting Snort.org rules..."));
+ update_output_window(gettext("May take a while..."));
+ /* extract snort.org rules and add prefix to all snort.org files*/
+ exec("/bin/rm -r {$snortdir}/rules");
+ sleep(2);
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+ chdir ("/usr/local/etc/snort/rules");
+ sleep(2);
+ exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
+
+ /* extract so rules on for x86 for now */
+ /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */
+ if($snort_arch == 'x86'){
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
" so_rules/chat.rules/" .
" so_rules/dos.rules/" .
" so_rules/exploit.rules/" .
@@ -551,40 +542,40 @@ if ($snortdownload == 'on')
" so_rules/web-client.rules/" .
" so_rules/web-iis.rules/" .
" so_rules/web-misc.rules/");
-
- exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
- exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- }
-
- /* extract base etc files */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
- update_status(gettext("Done extracting Snort.org Rules."));
- }else{
- update_status(gettext("Error extracting Snort.org Rules..."));
- update_output_window(gettext("Error Line 755"));
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
+
+ exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules");
+ exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules");
+ exec("/bin/rm -r {$snortdir}/so_rules");
+ }
+
+ /* extract base etc files */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+ exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+ exec("/bin/rm -r {$snortdir}/etc");
+
+ update_status(gettext("Done extracting Snort.org Rules."));
+ }else{
+ update_status(gettext("Error extracting Snort.org Rules..."));
+ update_output_window(gettext("Error Line 755"));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
}
@@ -605,48 +596,48 @@ if ($emergingthreats == "on")
/* Untar Pfsense rules to tmp */
if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
+ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+ update_status(gettext("Extracting Pfsense rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+ }
}
/* Untar snort signatures */
if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
-if ($premium_url_chk == on) {
- update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
- }
- }
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+ if ($premium_url_chk == on) {
+ update_status(gettext("Extracting Signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+ update_status(gettext("Done extracting Signatures."));
+ }
+ }
}
/* Copy md5 sig to snort dir */
if ($snortdownload == 'on')
{
if ($snort_md5_check_ok != on) {
- if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
- }else{
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- echo "</body>";
- echo "</html>";
- conf_mount_ro();
- exit(0);
+ if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+ update_status(gettext("Copying md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+ }else{
+ update_status(gettext("The md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
-}
-
+}
+
/* Copy emergingthreats md5 sig to snort dir */
if ($emergingthreats == "on")
{
- if ($emerg_md5_check_ok != on)
+ if ($emerg_md5_check_ok != on)
{
if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
{
@@ -659,25 +650,25 @@ if ($emergingthreats == "on")
echo "</html>";
conf_mount_ro();
exit(0);
- }
+ }
}
}
/* Copy Pfsense md5 sig to snort dir */
if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
-} else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
+ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+ update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+ exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+ } else {
+ update_status(gettext("The Pfsense md5 file does not exist..."));
+ update_output_window(gettext("Error copying config..."));
echo "</body>";
echo "</html>";
conf_mount_ro();
exit(0);
- }
+ }
}
-
+
/* Copy signatures dir to snort dir */
if ($snortdownload == 'on')
{
@@ -687,18 +678,18 @@ if ($snortdownload == 'on')
if ($premium_url_chk == on)
{
if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
- }else{
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
-echo "</body>";
-echo "</html>";
-conf_mount_ro();
- exit(0);
+ update_status(gettext("Copying signatures..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+ exec("/bin/rm -r {$snortdir}/doc/signatures");
+ update_status(gettext("Done copying signatures."));
+ }else{
+ update_status(gettext("Directory signatures exist..."));
+ update_output_window(gettext("Error copying signature..."));
+ echo "</body>";
+ echo "</html>";
+ conf_mount_ro();
+ exit(0);
}
}
}
@@ -738,28 +729,28 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
function oinkmaster_conf($id, $if_real, $iface_uuid)
{
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
-if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
+ /* enable disable setting will carry over with updates */
+ /* TODO carry signature changes with the updates */
+ if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) {
-$snort_sid_text = <<<EOD
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+ $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
+ $enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+ foreach($enabled_sid_on_array as $enabled_item_on)
+ $selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+
+ if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+ $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
+ $enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+ foreach($enabled_sid_off_array as $enabled_item_off)
+ $selected_sid_off_sections .= "$enabled_item_off\n";
+ }
+
+ $snort_sid_text = <<<EOD
###########################################
# #
@@ -779,13 +770,13 @@ $selected_sid_off_sections
EOD;
- /* open snort's oinkmaster.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
+/* open snort's oinkmaster.conf for writing */
+$oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
- fwrite($oinkmasterlist, "$snort_sid_text");
+fwrite($oinkmasterlist, "$snort_sid_text");
- /* close snort's oinkmaster.conf file */
- fclose($oinkmasterlist);
+/* close snort's oinkmaster.conf file */
+fclose($oinkmasterlist);
}
}
@@ -796,44 +787,44 @@ EOD;
function oinkmaster_run($id, $if_real, $iface_uuid)
{
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
+ global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+ conf_mount_rw();
if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
{
if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '')
{
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ update_status(gettext("Your first set of rules are being copied..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
}else{
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
-
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+ update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+ update_output_window(gettext("May take a while..."));
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
/* TODO: Remove this code when x64 so rules are ready */
if($snort_arch == 'x64'){
exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules");
}
-
+
}
}
}
@@ -848,17 +839,17 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
$id = -1;
foreach ($rule_array as $value) {
- $id += 1;
+ $id += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ /* make oinkmaster.conf for each interface rule */
+ oinkmaster_conf($id, $if_real, $iface_uuid);
- /* make oinkmaster.conf for each interface rule */
- oinkmaster_conf($id, $if_real, $iface_uuid);
-
- /* run oinkmaster for each interface rule */
- oinkmaster_run($id, $if_real, $iface_uuid);
+ /* run oinkmaster for each interface rule */
+ oinkmaster_run($id, $if_real, $iface_uuid);
}
}
@@ -899,69 +890,67 @@ if (file_exists("/tmp/snort_download_halt.pid")) {
update_output_window(gettext("Snort has restarted with your new set of rules..."));
exec("/bin/rm /tmp/snort_download_halt.pid");
} else {
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("You may start snort now..."));
+ update_status(gettext("The Rules update finished..."));
+ update_output_window(gettext("You may start snort now..."));
}
/* hide progress bar and lets end this party */
hide_progress_bar_status();
conf_mount_ro();
-?>
-
-<?php
+?> <?php
function read_body_firmware($ch, $string) {
- global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
- $length = strlen($string);
- $downloaded += intval($length);
- $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
- $downloadProgress = 100 - $downloadProgress;
- $a = $file_size;
- $b = $downloaded;
- $c = $downloadProgress;
- $text = " Snort download in progress\\n";
- $text .= "----------------------------------------------------\\n";
- $text .= " Downloaded : {$b}\\n";
- $text .= "----------------------------------------------------\\n";
- $counter++;
- if($counter > 150) {
- update_output_window($text);
- update_progress_bar($downloadProgress);
- flush();
- $counter = 0;
- }
- fwrite($fout, $string);
- return $length;
+ global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ $a = $file_size;
+ $b = $downloaded;
+ $c = $downloadProgress;
+ $text = " Snort download in progress\\n";
+ $text .= "----------------------------------------------------\\n";
+ $text .= " Downloaded : {$b}\\n";
+ $text .= "----------------------------------------------------\\n";
+ $counter++;
+ if($counter > 150) {
+ update_output_window($text);
+ update_progress_bar($downloadProgress);
+ flush();
+ $counter = 0;
+ }
+ fwrite($fout, $string);
+ return $length;
}
function snort_download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') {
- global $ch, $fout, $file_size, $downloaded;
- $file_size = 1;
- $downloaded = 1;
- /* open destination file */
- $fout = fopen($destination_file, "wb");
-
- /*
- * Originally by Author: Keyvan Minoukadeh
- * Modified by Scott Ullrich to return Content-Length size
- */
-
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url_file);
- curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
- curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
- curl_setopt($ch, CURLOPT_TIMEOUT, 0);
-
- curl_exec($ch);
- $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if($fout)
- fclose($fout);
- curl_close($ch);
- return ($http_code == 200) ? true : $http_code;
+ global $ch, $fout, $file_size, $downloaded;
+ $file_size = 1;
+ $downloaded = 1;
+ /* open destination file */
+ $fout = fopen($destination_file, "wb");
+
+ /*
+ * Originally by Author: Keyvan Minoukadeh
+ * Modified by Scott Ullrich to return Content-Length size
+ */
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
+ curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
+ curl_setopt($ch, CURLOPT_TIMEOUT, 0);
+
+ curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ if($fout)
+ fclose($fout);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
}
?>
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index d87f905f..0d9822bc 100644
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -1,36 +1,36 @@
<?php
/* $Id$ */
/*
- halt.php
- part of pfSense
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- part of m0n0wall as reboot.php (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ halt.php
+ part of pfSense
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ part of m0n0wall as reboot.php (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -41,59 +41,59 @@ $snort_load_jquery = 'yes';
$snort_load_jquery_colorbox = 'yes';
- /* quick md5s chk */
- if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'))
- {
- $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5');
- }else{
- $snort_org_sig_chk_local = 'N/A';
- }
-
- if(file_exists('/usr/local/etc/snort/version.txt'))
- {
- $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt');
- }else{
- $emergingt_net_sig_chk_local = 'N/A';
- }
-
- if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
- {
- $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
- }else{
- $pfsense_org_sig_chk_local = 'N/A';
- }
+/* quick md5s chk */
+if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'))
+{
+ $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5');
+}else{
+ $snort_org_sig_chk_local = 'N/A';
+}
+
+if(file_exists('/usr/local/etc/snort/version.txt'))
+{
+ $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt');
+}else{
+ $emergingt_net_sig_chk_local = 'N/A';
+}
+
+if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
+{
+ $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
+}else{
+ $pfsense_org_sig_chk_local = 'N/A';
+}
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
- if ($snortdownload != 'on' && $emergingthreats != 'on')
- {
- $snort_emrging_info = 'stop';
- }
-
- if ($oinkid == '' && $snortdownload != 'off')
- {
- $snort_oinkid_info = 'stop';
- }
-
- if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') {
- $error_stop = 'true';
- }
-
-
- /* check if main rule directory is empty */
- $if_mrule_dir = "/usr/local/etc/snort/rules";
- $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
- /* check for logfile */
- if(file_exists('/usr/local/etc/snort/snort_update.log'))
- {
- $update_logfile_chk = 'yes';
- }else{
- $update_logfile_chk = 'no';
- }
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload != 'on' && $emergingthreats != 'on')
+{
+ $snort_emrging_info = 'stop';
+}
+
+if ($oinkid == '' && $snortdownload != 'off')
+{
+ $snort_oinkid_info = 'stop';
+}
+
+if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') {
+ $error_stop = 'true';
+}
+
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+/* check for logfile */
+if(file_exists('/usr/local/etc/snort/snort_update.log'))
+{
+ $update_logfile_chk = 'yes';
+}else{
+ $update_logfile_chk = 'no';
+}
header("snort_help_info.php");
header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
@@ -107,9 +107,10 @@ include_once("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#000000" vlink="#000000" alink="#000000">
+<body
+ link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -125,248 +126,273 @@ echo "$snort_interfaces_css\n";
<?php include("fbegin.inc"); ?>
-<div class="body2">
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<div class="snorttabs" style="margin:1px 10px; width:760px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php?id_d=up"><span>Help</span></a></li>
- </ul>
-</div>
+ <tr>
+ <td>
+
+ <div class="snorttabs" style="margin: 1px 10px; width: 760px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php?id_d=up"><span>Help</span></a></li>
+ </ul>
+ </div>
- </td>
-</tr>
+ </td>
+ </tr>
- <tr>
- <td>
+ <tr>
+ <td>
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
- <li class="snorttabs_active"><a href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li>
- <li><a href="#"><span>Upload Custom Rules</span></a></li>
- <li><a href="#"><span>Gui Update</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li>
+ <li><a href="#"><span>Upload Custom Rules</span></a></li>
+ <li><a href="#"><span>Gui Update</span></a></li>
- </ul>
-</div>
+ </ul>
+ </div>
- </td>
-</tr>
+ </td>
+ </tr>
- <tr>
- <td>
+ <tr>
+ <td>
<div id="mainarea3">
- <table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<!-- grey line -->
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#dddddd'>
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style="background-color:#eeeeee">
- <div height="32" width="725px" style="background-color:#eeeeee">
-
- <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br><br>
- <p style="text-align:left; margin-left:225px;"><font color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font size="1px" color="#000000">&nbsp;&nbsp;<? echo $pfsense_org_sig_chk_local; ?></font><br></p>
-
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<!-- grey line -->
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#eeeeee'>
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color:#eeeeee'>
- <div height="32" width="725px" style='background-color:#eeeeee'>
-
- <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br><br>
-
-<?php
-
- if ($error_stop == 'true') {
-
- echo '
+ <table id="maintable4" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td><!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #dddddd'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style="background-color: #eeeeee">
+ <div height="32" width="725px" style="background-color: #eeeeee">
+
+ <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br>
+ <br>
+ <p style="text-align: left; margin-left: 225px;"><font
+ color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font
+ size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font
+ size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font
+ size="1px" color="#000000">&nbsp;&nbsp;<? echo $pfsense_org_sig_chk_local; ?></font><br>
+ </p>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
+ <br>
+
+ <?php
+
+ if ($error_stop == 'true') {
+
+ echo '
<button class="sexybutton disabled" disabled="disabled" href="/snort/snort_download_rules.php?$id_d=up"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button><br>
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;No rule types have been selected for download. "Global Settings Tab"</font><br>
';
-
- if ($mfolder_chk == 'empty') {
-
- echo '
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>
' . "\n";
- }
-
- echo '</p>' . "\n";
-
- }else{
-
- echo '
+ }
+
+ echo '</p>' . "\n";
+
+ }else{
+
+ echo '
<button class="sexybutton sexysimple example7" href="/snort/snort_download_rules.php?$id_d=up"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button>
' . "\n";
-
- if ($mfolder_chk == 'empty') {
-
- echo '
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>
</p>
';
- }
-
- }
+ }
- ?>
-
- <br>
-
- </div>
- </td>
- </tr>
-</table>
-
-<br>
+ }
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color:#eeeeee'>
- <div height="32" width="725px" style='background-color:#eeeeee'>
+ ?> <br>
- <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br><br>
-
- <?php
+ </div>
+ </td>
+ </tr>
+ </table>
- if ($update_logfile_chk == 'yes') {
- echo '
- <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
- }else{
- echo '
- <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
- }
-
- ?>
- <br><br>
-
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#eeeeee'>
- </div>
- </td>
- </tr>
-</table>
+ <br>
-<br>
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color:#eeeeee'>
- <div height="32" width="725px" style='background-color:#eeeeee'>
+ <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br>
+ <br>
- <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32">
- <font color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' color='#000000'>&nbsp;&nbsp;Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>
-
- </div>
- </td>
- </tr>
-</table>
+ <?php
-<br>
+ if ($update_logfile_chk == 'yes') {
+ echo '
+ <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
+ }else{
+ echo '
+ <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log&nbsp;&nbsp;&nbsp;&nbsp;</span></button>' . "\n";
+ }
+
+ ?> <br>
+ <br>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <img style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"> <font
+ color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px'
+ color='#000000'>&nbsp;&nbsp;Snort.org and Emergingthreats.net
+ will go down from time to time. Please be patient.</font></div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#eeeeee'>
- </div>
- </td>
- </tr>
-</table>
-
</td>
- </tr>
- </table>
+ </tr>
+ </table>
</div>
-<br>
- </td>
- </tr>
-</table> <!-- end of final table -->
-</div>
+ <br>
+ </td>
+ </tr>
+</table>
+<!-- end of final table --></div>
+
+ <?php //include("fend.inc"); ?>
-<?php //include("fend.inc"); ?>
-
- </div> <!-- Right DIV -->
- </div> <!-- Content DIV -->
- <div id="footer">
- <a target="_blank" href="<?=$g['product_website_footer']?>" class="redlnk"><?=$g['product_name']?></a> is &copy;
- <?=$g['product_copyright_years']?> by <a href="<?=$g['product_copyright_url']?>" class="tblnk"><?=$g['product_copyright']?></a>. All Rights Reserved.
- [<a href="/license.php" class="tblnk">view license</a>]
- <br/>
- [<a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a>]
- </div> <!-- Footer DIV -->
-</div> <!-- Wrapper Div -->
-<script type="text/javascript" src="/themes/<?php echo $g['theme']; ?>/bottom-loader.js"></script>
+</div>
+<!-- Right DIV -->
+</div>
+<!-- Content DIV -->
+<div id="footer"><a target="_blank"
+ href="<?=$g['product_website_footer']?>" class="redlnk"><?=$g['product_name']?></a>
+is &copy; <?=$g['product_copyright_years']?> by <a
+ href="<?=$g['product_copyright_url']?>" class="tblnk"><?=$g['product_copyright']?></a>.
+All Rights Reserved. [<a href="/license.php" class="tblnk">view license</a>]
+<br />
+[<a target="_blank" href="https://portal.pfsense.org/?guilead=true"
+ class="tblnk">Commercial Support Available</a>]</div>
+<!-- Footer DIV -->
+</div>
+<!-- Wrapper Div -->
+<script type="text/javascript"
+ src="/themes/<?php echo $g['theme']; ?>/bottom-loader.js"></script>
<?php echo "$snort_custom_rnd_box\n"; ?>
diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php
index 615302e8..94004b94 100644
--- a/config/snort/snort_dynamic_ip_reload.php
+++ b/config/snort/snort_dynamic_ip_reload.php
@@ -2,31 +2,31 @@
/* $Id$ */
/*
- snort_dynamic_ip_reload.php
- Copyright (C) 2009 Robert Zeleya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_dynamic_ip_reload.php
+ Copyright (C) 2009 Robert Zeleya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* NOTE: this file gets included from the pfSense filter.inc plugin process */
/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */
diff --git a/config/snort/snort_gui.inc b/config/snort/snort_gui.inc
index 66f9c148..d2fd4e30 100644
--- a/config/snort/snort_gui.inc
+++ b/config/snort/snort_gui.inc
@@ -1,33 +1,33 @@
<?php
/* $Id$ */
/*
- snort.inc
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2006 Robert Zelaya
- part of pfSense
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort.inc
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2006 Robert Zelaya
+ part of pfSense
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
include_once("/usr/local/pkg/snort/snort.inc");
diff --git a/config/snort/snort_head.inc b/config/snort/snort_head.inc
index 9e009016..70dece63 100644
--- a/config/snort/snort_head.inc
+++ b/config/snort/snort_head.inc
@@ -1,16 +1,16 @@
<?php
/*
- pfSense_MODULE: header
-*/
+ pfSense_MODULE: header
+ */
-/*
+/*
* if user has selected a custom template, use it.
* otherwise default to pfsense tempalte
*/
if($config['theme'] <> "")
- $g['theme'] = $config['theme'];
+$g['theme'] = $config['theme'];
else
- $g['theme'] = "pfsense";
+$g['theme'] = "pfsense";
/*
* If this device is an apple ipod/iphone
@@ -18,8 +18,8 @@ else
*/
$apple_ua = array("iPhone","iPod", "iPad");
foreach($apple_ua as $useragent)
- if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
- $g['theme'] = "pfsense";
+if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
+$g['theme'] = "pfsense";
$pagetitle = gentitle( $pgtitle );
@@ -28,80 +28,86 @@ $pagetitle = gentitle( $pgtitle );
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
- <title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <link rel="apple-touch-icon" href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png"/>
- <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
- file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
- <?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?>
- <?php else: ?>
- <link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css" media="all" />
- <?php endif; ?>
- <link rel="stylesheet" type="text/css" href="../niftycssCode.css">
- <link rel="stylesheet" type="text/css" href="../niftycssprintCode.css" media="print">
-
- <link rel="stylesheet" type="text/css" href="./css/new_tab_menu.css" media="all">
- <link rel="stylesheet" type="text/css" href="./css/sexybuttons.css" media="all"/>
- <link rel="stylesheet" type="text/css" href="./css/colorbox.css" media="all"/>
- <link rel="stylesheet" type="text/css" href="./css/style.css" media="all"/>
-
-
- <script type="text/javascript" src="../javascript/niftyjsCode.js"></script>
- <script type="text/javascript">
+<title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+<link rel="apple-touch-icon"
+ href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png" />
+<?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
+file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
+<?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?>
+<?php else: ?>
+<link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css"
+ media="all" />
+<?php endif; ?>
+<link rel="stylesheet" type="text/css" href="../niftycssCode.css">
+<link rel="stylesheet" type="text/css" href="../niftycssprintCode.css"
+ media="print">
+
+<link rel="stylesheet" type="text/css" href="./css/new_tab_menu.css"
+ media="all">
+<link rel="stylesheet" type="text/css" href="./css/sexybuttons.css"
+ media="all" />
+<link rel="stylesheet" type="text/css" href="./css/colorbox.css"
+ media="all" />
+<link rel="stylesheet" type="text/css" href="./css/style.css"
+ media="all" />
+
+
+<script type="text/javascript" src="../javascript/niftyjsCode.js"></script>
+<script type="text/javascript">
var theme = "<?php echo $g['theme']; ?>";
- </script>
- <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?>
+ </script> <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?>
<?php
- if($_GET['enablefirebuglite']) {
- echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n";
- echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n";
- }
-
- /* only load javascript that you need, jquery and prototype dont play together */
- //if ($snort_load_jquery == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery-1.4.2.min.js\"></script>\n";
- //}
- //if ($snort_load_jquery_colorbox == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery.colorbox.js\"></script>\n";
- echo "\t<script type=\"text/javascript\" src=\"/javascript/sorttable.js\"></script>\n";
- //}
- if ($snort_load_mootools == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/mootools.js\"></script>\n";
- }
- if ($snort_load_sortabletable == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/sortableTable.js\"></script>\n";
- }
-
- /* some pfsense commercial versions require prototype to be in every tab on the GUI, for custom logos */
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/prototype.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/prototype.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/scriptaculous.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/effects.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/dragdrop.js\"></script>\n";
-
- if(file_exists("{$g['www_path']}/javascript/global.js"))
- echo "\t<script type=\"text/javascript\" src=\"../javascript/global.js\"></script>\n";
- /*
- * Find all javascript files that need to be included
- * for this page ... from the arrays ... :)
- * Coded by: Erik Kristensen
- */
+if($_GET['enablefirebuglite']) {
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n";
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n";
+}
+
+/* only load javascript that you need, jquery and prototype dont play together */
+//if ($snort_load_jquery == 'yes') {
+echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery-1.4.2.min.js\"></script>\n";
+//}
+//if ($snort_load_jquery_colorbox == 'yes') {
+echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery.colorbox.js\"></script>\n";
+echo "\t<script type=\"text/javascript\" src=\"/javascript/sorttable.js\"></script>\n";
+//}
+if ($snort_load_mootools == 'yes') {
+ echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/mootools.js\"></script>\n";
+}
+if ($snort_load_sortabletable == 'yes') {
+ echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/sortableTable.js\"></script>\n";
+}
+
+/* some pfsense commercial versions require prototype to be in every tab on the GUI, for custom logos */
+echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/prototype.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/prototype.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/scriptaculous.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/effects.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/dragdrop.js\"></script>\n";
+
+if(file_exists("{$g['www_path']}/javascript/global.js"))
+echo "\t<script type=\"text/javascript\" src=\"../javascript/global.js\"></script>\n";
+/*
+ * Find all javascript files that need to be included
+ * for this page ... from the arrays ... :)
+ * Coded by: Erik Kristensen
+ */
- $dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php');
- $path = "{$g['www_path']}/javascript/" . $dir . "/";
- if (is_dir($path)) {
- if ($dh = opendir($path)) {
- while (($file = readdir($dh)) !== false) {
- if (is_dir($file))
- continue;
- echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n";
- }
- closedir($dh);
+$dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php');
+$path = "{$g['www_path']}/javascript/" . $dir . "/";
+if (is_dir($path)) {
+ if ($dh = opendir($path)) {
+ while (($file = readdir($dh)) !== false) {
+ if (is_dir($file))
+ continue;
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n";
}
+ closedir($dh);
}
+}
if (!isset($closehead))
- echo "</head>";
+echo "</head>";
/* If this page is being remotely managed then do not allow the loading of the contents. */
if($config['remote_managed_pages']['item']) {
@@ -112,7 +118,7 @@ if($config['remote_managed_pages']['item']) {
include("fend.inc");
exit;
}
- }
+ }
}
?> \ No newline at end of file
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index eae518dd..6fe08c17 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -2,31 +2,31 @@
/* $Id$ */
/*
- originally part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+originally part of m0n0wall (http://m0n0.ch/wall)
+Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+Copyright (C) 2008-2009 Robert Zelaya.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
*/
/* TODO: redo check if snort is up */
@@ -37,65 +37,65 @@ require_once("/usr/local/pkg/snort/snort.inc");
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
+$config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
if (isset($config['installedpackages']['snortglobal']['rule'])) {
-$id_gen = count($config['installedpackages']['snortglobal']['rule']);
+ $id_gen = count($config['installedpackages']['snortglobal']['rule']);
}else{
-$id_gen = '0';
+ $id_gen = '0';
}
/* alert file */
$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty');
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if ($d_snortconfdirty_path_ls != '') {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if ($d_snortconfdirty_path_ls != '') {
- write_config();
+ write_config();
- sync_snort_package_empty();
- sync_snort_package();
+ sync_snort_package_empty();
+ sync_snort_package();
- exec('/bin/rm /var/run/snort_conf_*.dirty');
+ exec('/bin/rm /var/run/snort_conf_*.dirty');
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- sleep(2);
- header("Location: /snort/snort_interfaces.php");
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces.php");
- exit;
+ exit;
- }
-
}
-
-
-
+
+}
+
+
+
if (isset($_POST['del_x'])) {
- /* delete selected rules */
- if (is_array($_POST['rule']) && count($_POST['rule'])) {
- foreach ($_POST['rule'] as $rulei) {
-
+ /* delete selected rules */
+ if (is_array($_POST['rule']) && count($_POST['rule'])) {
+ foreach ($_POST['rule'] as $rulei) {
+
/* convert fake interfaces to real */
$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
/* cool code to check if any snort is up */
$snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
-
+
if ($snort_up_ck != "")
{
-
+
$start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
@@ -103,92 +103,92 @@ if (isset($_POST['del_x'])) {
$start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid");
$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
-
+
if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
{
-
- /* dont flood the syslog code */
- //exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
- //sleep(3);
-
-
+
+ /* dont flood the syslog code */
+ //exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
+ //sleep(3);
+
+
/* remove only running instances */
if ($start_up_s != "")
- {
- exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
+ {
+ exec("/bin/kill {$start_up_s}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
if ($start2_upb_s != "")
- {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
+ {
+ exec("/bin/kill {$start2_upb_s}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
+
if ($start_up_r != "")
- {
- exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
+ {
+ exec("/bin/kill {$start_up_r}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
if ($start2_upb_r != "")
- {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
+ {
+ exec("/bin/kill {$start2_upb_r}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
+
+ /* stop syslog flood code */
+ //$if_real_wan_rulei = $a_nat[$rulei]['interface'];
+ //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
+ //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
+ //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
+ //exec("/usr/bin/killall syslogd");
+ //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+ //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
+ //sleep(2);
+ //exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
+ //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
+ //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");
+ //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
- /* stop syslog flood code */
- //$if_real_wan_rulei = $a_nat[$rulei]['interface'];
- //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
- //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
- //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
- //exec("/usr/bin/killall syslogd");
- //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
- //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
- //sleep(2);
- //exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
- //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
- //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");
- //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
-
}
-
+
}
-
+
/* for every iface do these steps */
- conf_mount_rw();
+ conf_mount_rw();
exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
-
+
conf_mount_ro();
-
+
unset($a_nat[$rulei]);
-
- }
-
- write_config();
- sleep(2);
-
- /* if there are no ifaces do not create snort.sh */
- if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) {
- create_snort_sh();
- }else{
- conf_mount_rw();
- exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
- conf_mount_ro();
- }
-
- //touch("/var/run/snort_conf_delete.dirty");
-
+
+ }
+
+ write_config();
+ sleep(2);
+
+ /* if there are no ifaces do not create snort.sh */
+ if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) {
+ create_snort_sh();
+ }else{
+ conf_mount_rw();
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
+ }
+
+ //touch("/var/run/snort_conf_delete.dirty");
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
sleep(2);
- header("Location: /snort/snort_interfaces.php");
- //exit;
+ header("Location: /snort/snort_interfaces.php");
+ //exit;
}
}
@@ -201,13 +201,13 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
$if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
-
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
+
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
-
+
if ($tester2 == 'yes') {
-
+
/* Log Iface stop */
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'");
@@ -220,14 +220,14 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
header( 'Pragma: no-cache' );
sleep(2);
header("Location: /snort/snort_interfaces.php");
-
+
}else{
-
+
sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
-
+
Running_Start($snort_uuid, $if_real, $id);
-
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -246,7 +246,7 @@ include_once("/usr/local/pkg/snort/snort_head.inc");
<body link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -262,33 +262,36 @@ echo "$snort_interfaces_css\n";
<?php include("fbegin.inc"); ?>
-<div class="body2">
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
-<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-
-<?php
+<form action="snort_interfaces_global.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
//if (file_exists($d_snortconfdirty_path)) {
if ($d_snortconfdirty_path_ls != '') {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -300,246 +303,283 @@ echo "$snort_interfaces_css\n";
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li class="snorttabs_active"><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
- </td></tr>
- <tr>
- <td>
- <div id="mainarea2">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
+ <tr>
+ <td>
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li class="snorttabs_active"><a href="/snort/snort_interfaces.php"><span>Snort
+ Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
<td width="5%" class="list">&nbsp;</td>
- <td width="1%" class="list">&nbsp;</td>
- <td width="10%" class="listhdrr">If</td>
- <td width="10%" class="listhdrr">Snort</td>
- <td width="10%" class="listhdrr">Performance</td>
- <td width="10%" class="listhdrr">Block</td>
- <td width="10%" class="listhdrr">Barnyard2</td>
- <td width="50%" class="listhdr">Description</td>
- <td width="3%" class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17"></td>
- <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
- <tr valign="top" id="fr<?=$nnats;?>">
- <?php
+ <td width="1%" class="list">&nbsp;</td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Snort</td>
+ <td width="10%" class="listhdrr">Performance</td>
+ <td width="10%" class="listhdrr">Block</td>
+ <td width="10%" class="listhdrr">Barnyard2</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="3%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
+ <tr valign="top" id="fr<?=$nnats;?>">
+ <?php
- /* convert fake interfaces to real and check if iface is up */
- /* There has to be a smarter way to do this */
- $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']);
- $snort_uuid = $natent['uuid'];
+ /* convert fake interfaces to real and check if iface is up */
+ /* There has to be a smarter way to do this */
+ $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']);
+ $snort_uuid = $natent['uuid'];
- $tester2 = Running_Ck($snort_uuid, $if_real, $id);
+ $tester2 = Running_Ck($snort_uuid, $if_real, $id);
- if ($tester2 == 'no')
- {
- $iconfn = 'pass';
- $class_color_up = 'listbg';
- }else{
- $class_color_up = 'listbg2';
- $iconfn = 'block';
- }
-
- ?>
- <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
- <td class="listt" align="center"></td>
- <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- if (!$natent['interface'] || ($natent['interface'] == "wan"))
- echo "WAN";
- else if(strtolower($natent['interface']) == "lan")
- echo "LAN";
- else if(strtolower($natent['interface']) == "pppoe")
- echo "PPPoE";
- else if(strtolower($natent['interface']) == "pptp")
- echo "PPTP";
- else
- echo strtoupper($natent['interface']);
- ?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
- if ($check_snort_info == "on")
+ if ($tester2 == 'no')
+ {
+ $iconfn = 'pass';
+ $class_color_up = 'listbg';
+ }else{
+ $class_color_up = 'listbg2';
+ $iconfn = 'block';
+ }
+
+ ?>
+ <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif"
+ width="13" height="13" border="0"
+ title="click to toggle start/stop snort"></a><input type="checkbox"
+ id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>"
+ onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
+ <td class="listt" align="center"></td>
+ <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ echo "WAN";
+ else if(strtolower($natent['interface']) == "lan")
+ echo "LAN";
+ else if(strtolower($natent['interface']) == "pppoe")
+ echo "PPPoE";
+ else if(strtolower($natent['interface']) == "pptp")
+ echo "PPTP";
+ else
+ echo strtoupper($natent['interface']);
+ ?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
+ if ($check_snort_info == "on")
{
- $check_snort = enabled;
+ $check_snort = enabled;
} else {
- $check_snort = disabled;
+ $check_snort = disabled;
}
- ?>
- <?=strtoupper($check_snort);?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
+ ?> <?=strtoupper($check_snort);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
if ($check_performance_info != "") {
$check_performance = $check_performance_info;
}else{
$check_performance = "lowmem";
}
- ?>
- <?=strtoupper($check_performance);?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
- if ($check_blockoffenders_info == "on")
+ ?> <?=strtoupper($check_performance);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
{
- $check_blockoffenders = enabled;
+ $check_blockoffenders = enabled;
} else {
- $check_blockoffenders = disabled;
+ $check_blockoffenders = disabled;
}
- ?>
- <?=strtoupper($check_blockoffenders);?>
- </td>
- <?php
+ ?> <?=strtoupper($check_blockoffenders);?></td>
+ <?php
+
+ $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
- $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
-
if ($color2_upb == 'yes') {
$class_color_upb = 'listbg2';
}else{
$class_color_upb = 'listbg';
}
-
- ?>
- <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
- if ($check_snortbarnyardlog_info == "on")
+
+ ?>
+ <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
+ if ($check_snortbarnyardlog_info == "on")
{
$check_snortbarnyardlog = strtoupper(enabled);
}else{
$check_snortbarnyardlog = strtoupper(disabled);
}
- ?>
- <?php echo "$check_snortbarnyardlog";?>
- </td>
- <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <font color="#ffffff">
- <?=htmlspecialchars($natent['descr']);?>&nbsp;
- </td>
- <td valign="middle" class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td>
- </tr>
- </table>
- </tr>
- <?php $i++; $nnats++; endforeach; ?>
- <tr>
- <td class="list" colspan="8"></td>
- <td class="list" valign="middle" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><?php if ($nnats == 0): ?><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
- </tr>
- </table>
+ ?> <?php echo "$check_snortbarnyardlog";?></td>
+ <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;
</td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ <td valign="middle" class="list" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit rule"></a></td>
+ </tr>
+ </table>
+
+ </tr>
+ <?php $i++; $nnats++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
+ width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input
+ name="del" type="image"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="delete selected mappings"
+ onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
- <div id="mainarea4">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="100%">
- <span class="red"><strong>Note:</strong></span>
- <br>
- This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings.
- <br>
- Please edit the <strong>Global Settings</strong> tab before adding an interface.
- <br><br>
- <span class="red"><strong>Warning:</strong></span>
- <br>
- <strong>New settings will not take effect until interface restart.</strong>
- <br><br>
- <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard2.
- <br>
- <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard2.
- <br>
- <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings.
-</td>
-</tr>
- </table>
- </div>
- </tr></td>
+ <tr>
+ <td>
+ <div id="mainarea4">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
+ <td width="100%"><span class="red"><strong>Note:</strong></span> <br>
+ This is the <strong>Snort Menu</strong> where you can see an over
+ view of all your interface settings. <br>
+ Please edit the <strong>Global Settings</strong> tab before adding
+ an interface. <br>
+ <br>
+ <span class="red"><strong>Warning:</strong></span> <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br>
+ <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="Add Icon"> icon to add a
+ interface.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
+ width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong>
+ snort and barnyard2. <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="Edit Icon"> icon to edit a
+ interface and settings.<strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong>
+ snort and barnyard2. <br>
+ <strong> Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="Delete Icon"> icon to
+ delete a interface and settings.</td>
+ </tr>
+ </table>
+ </div>
+
+ </tr>
+ </td>
</table>
-
-<?php
-if ($pkg['tabs'] <> "") {
- echo "</td></tr></table>";
-}
-?>
-</form>
+ <?php
+ if ($pkg['tabs'] <> "") {
+ echo "</td></tr></table>";
+ }
+ ?></form>
</div>
-<br><br><br>
+<br>
+<br>
+<br>
<style type="text/css">
-#footer2
-{
-position: relative;
-background-color: transparent;
-background-image: url("./images/logo22.png");
-background-repeat: no-repeat;
-background-attachment: scroll;
-background-position: 0% 0%;
-top: 10px;
-left: 0px;
-width: 770px;
-height: 60px;
-color: #000000;
-text-align: center;
-font-size: 0.8em;
-padding-top: 40px;
-margin-bottom: -35px;
-clear: both;
+#footer2 {
+ position: relative;
+ background-color: transparent;
+ background-image: url("./images/logo22.png");
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: 0% 0%;
+ top: 10px;
+ left: 0px;
+ width: 770px;
+ height: 60px;
+ color: #000000;
+ text-align: center;
+ font-size: 0.8em;
+ padding-top: 40px;
+ margin-bottom: -35px;
+ clear: both;
}
</style>
- <div id="footer2">
- SNORT registered ® by Sourcefire, Inc, Barnyard2 registered ® by securixlive.com, Orion registered ® by Robert Zelaya,
- Emergingthreats registered ® by emergingthreats.net, Mysql registered ® by Mysql.com
- </div> <!-- Footer DIV -->
+<div id="footer2">SNORT registered ® by Sourcefire, Inc, Barnyard2
+registered ® by securixlive.com, Orion registered ® by Robert Zelaya,
+Emergingthreats registered ® by emergingthreats.net, Mysql registered ®
+by Mysql.com</div>
+<!-- Footer DIV -->
-<?php
+ <?php
-include("fend.inc");
+ include("fend.inc");
-echo $snort_custom_rnd_box;
+ echo $snort_custom_rnd_box;
-?>
+ ?>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index c47baad5..3d58ac17 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -1,34 +1,34 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -43,11 +43,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
@@ -55,272 +55,292 @@ if (isset($_GET['dup'])) {
/* TODO: When inline gets added make the uuid the port number lisstening */
//function gen_snort_uuid($fileline)
//{
- /* return the first 5 */
- //if (preg_match("/...../", $fileline, $matches1))
- //{
- //$uuid_final = "$matches1[0]";
- //}
-//return $uuid_final;
-//}
-
-/* gen uuid for each iface !inportant */
-if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
-$snort_uuid = 0;
-while ($snort_uuid > 65535 || $snort_uuid == 0) {
- $snort_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $snort_uuid;
+/* return the first 5 */
+//if (preg_match("/...../", $fileline, $matches1))
+//{
+//$uuid_final = "$matches1[0]";
+ //}
+ //return $uuid_final;
+ //}
+
+ /* gen uuid for each iface !inportant */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $snort_uuid = 0;
+ while ($snort_uuid > 65535 || $snort_uuid == 0) {
+ $snort_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $snort_uuid;
+ }
}
-}
-/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
+ /* convert fake interfaces to real */
+ $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
-if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') {
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-}
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') {
+ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ }
-if (isset($id) && $a_nat[$id]) {
-
- /* old options */
- $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
- $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
- $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
- $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
- $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
- $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
- $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
- $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
- $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
- $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
- $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
- $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
- $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
- $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
- $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
- $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
- $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
- $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
- $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
- $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
- $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
- $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
- $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
- $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
- $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
- $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
- $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
- $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
- $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
- $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
- $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
- $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
- $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
- $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
- $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
- $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
- $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
- $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['uuid'] = $a_nat[$id]['uuid'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['descr'] = $a_nat[$id]['descr'];
- $pconfig['performance'] = $a_nat[$id]['performance'];
- $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
- $pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
- $pconfig['homelistname'] = $a_nat[$id]['homelistname'];
- $pconfig['externallistname'] = $a_nat[$id]['externallistname'];
- $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname'];
- $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
- $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
- $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
- $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
- $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']);
- $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
- $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
- $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
-
-
- if (!$pconfig['interface'])
+ if (isset($id) && $a_nat[$id]) {
+
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
+ $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
+ $pconfig['enable'] = $a_nat[$id]['enable'];
+ $pconfig['uuid'] = $a_nat[$id]['uuid'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ $pconfig['descr'] = $a_nat[$id]['descr'];
+ $pconfig['performance'] = $a_nat[$id]['performance'];
+ $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
+ $pconfig['whitelistname'] = $a_nat[$id]['whitelistname'];
+ $pconfig['homelistname'] = $a_nat[$id]['homelistname'];
+ $pconfig['externallistname'] = $a_nat[$id]['externallistname'];
+ $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname'];
+ $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype'];
+ $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
+ $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
+ $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+ $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']);
+ $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
+ $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+ $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
+ $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
+
+
+ if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
-} else {
- $pconfig['interface'] = "wan";
-}
+ } else {
+ $pconfig['interface'] = "wan";
+ }
-if (isset($_GET['dup']))
+ if (isset($_GET['dup']))
unset($id);
-/* alert file */
-$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
+ /* alert file */
+ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
+
/* this will exec when alert says apply */
if ($_POST['apply']) {
-
+
if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+
+ write_config();
- write_config();
-
- $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
+ $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
-
- unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
-
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
+
+ unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
+
}
-
+
if (file_exists($d_snortconfdirty_path)) {
-
+
write_config();
-
+
sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
unlink($d_snortconfdirty_path);
-
+
}
-
+
}
-if ($_POST["Submit"]) {
+ if ($_POST["Submit"]) {
+
+
-
-
// if ($config['installedpackages']['snortglobal']['rule']) {
- if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
- $input_errors[] = "Please enter a description for your reference.";
- }
+ if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
+ $input_errors[] = "Please enter a description for your reference.";
+ }
- if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+ if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
$rule_array = $config['installedpackages']['snortglobal']['rule'];
$id_c = -1;
foreach ($rule_array as $value) {
- $id_c += 1;
+ $id_c += 1;
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- if ($_POST['interface'] == $result_lan) {
- $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
- }
+ if ($_POST['interface'] == $result_lan) {
+ $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
}
}
+ }
- /* check for overlaps */
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ /* check for overlaps */
+ foreach ($a_nat as $natent) {
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
continue;
- if ($natent['interface'] != $_POST['interface'])
+ if ($natent['interface'] != $_POST['interface'])
continue;
- }
+ }
- /* if no errors write to conf */
- if (!$input_errors) {
- $natent = array();
-
- /* write to conf for 1st time or rewrite the answer */
- $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
- /* if post write to conf or rewite the answer */
- $natent['enable'] = $_POST['enable'] ? on : off;
- $natent['uuid'] = $pconfig['uuid'];
- $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
- $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
- /* if post = on use on off or rewrite the conf */
- if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
- $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
- $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
- $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
- $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
- $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
- if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
- /* if optiion = 0 then the old descr way will not work */
-
- /* rewrite the options that are not in post */
- /* make shure values are set befor repost or conf.xml will be broken */
- if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
- if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
- if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
- if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
- if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
- if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
- if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
- if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
- if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
- if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
- if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
- if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
- if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
- if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
- if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
- if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
- if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
- if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
- if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
- if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
- if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
- if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
- if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
- if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
- if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
- if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
- if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
- if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
- if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
- if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
- if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
- if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
- if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
- if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
- if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
- if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
- if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
- if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
- if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
- if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
- if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
- if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
- if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
- if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
- if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
- if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
- if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
- if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
-
-
- if (isset($id) && $a_nat[$id])
+ /* if no errors write to conf */
+ if (!$input_errors) {
+ $natent = array();
+
+ /* write to conf for 1st time or rewrite the answer */
+ $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
+ /* if post write to conf or rewite the answer */
+ $natent['enable'] = $_POST['enable'] ? on : off;
+ $natent['uuid'] = $pconfig['uuid'];
+ $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr'];
+ $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance'];
+ /* if post = on use on off or rewrite the conf */
+ if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
+ $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
+ $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
+ $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
+ $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
+ if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
+ /* if optiion = 0 then the old descr way will not work */
+
+ /* rewrite the options that are not in post */
+ /* make shure values are set befor repost or conf.xml will be broken */
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; }
+ if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+
+
+ if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
- else {
- if (is_numeric($after))
+ else {
+ if (is_numeric($after))
array_splice($a_nat, $after+1, 0, array($natent));
- else
+ else
$a_nat[] = $natent;
+ }
+
+ write_config();
+
+ touch("$d_snortconfdirty_path");
+
+ /* if snort.sh crashed this will remove the pid */
+ exec('/bin/rm /tmp/snort.sh.pid');
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces_edit.php?id=$id");
+
+ exit;
}
+ }
+
+ if ($_POST["Submit2"]) {
+
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
+ sleep(1);
+
+ Running_Start($snort_uuid, $if_real, $id);
- write_config();
-
- touch("$d_snortconfdirty_path");
-
- /* if snort.sh crashed this will remove the pid */
- exec('/bin/rm /tmp/snort.sh.pid');
-
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -328,19 +348,13 @@ if ($_POST["Submit"]) {
header( 'Pragma: no-cache' );
sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
-
- exit;
}
-}
-
- if ($_POST["Submit2"]) {
-
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
- sleep(1);
-
- Running_Start($snort_uuid, $if_real, $id);
-
+
+ if ($_POST["Submit3"])
+ {
+
+ Running_Stop($snort_uuid, $if_real, $id);
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -348,59 +362,50 @@ if ($_POST["Submit"]) {
header( 'Pragma: no-cache' );
sleep(2);
header("Location: /snort/snort_interfaces_edit.php?id=$id");
- }
- if ($_POST["Submit3"])
- {
-
- Running_Stop($snort_uuid, $if_real, $id);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- sleep(2);
- header("Location: /snort/snort_interfaces_edit.php?id=$id");
-
- }
+ }
/* This code needs to be below headers */
if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface']))
{
-
+
$snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id);
-
+
if ($snort_up_ck2_info == 'no') {
$snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">';
}else{
$snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">';
- }
+ }
}else{
- $snort_up_ck = '';
+ $snort_up_ck = '';
}
-
-$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
-include("/usr/local/pkg/snort/snort_head.inc");
-?>
+ $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+ ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php
-include("fbegin.inc");
-?>
+ <?php
+ include("fbegin.inc");
+ ?>
-<?php
-echo "{$snort_general_css}\n";
-?>
+ <?php
+ echo "{$snort_general_css}\n";
+ ?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="/themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content</strong></div>
+</noscript>
<script language="JavaScript">
<!--
@@ -431,27 +436,25 @@ echo "
document.iform.configpassthru.disabled = endis;
}
//-->
-</script>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+</script> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
-
-<?php
+<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>"
+ method="post" enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
//if (file_exists($d_snortconfdirty_path)) {
if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -463,311 +466,339 @@ echo "
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
-if ($a_nat[$id]['interface'] != '') {
- /* get the interface name */
- $first = 0;
- $snortInterfaces = array(); /* -gtm */
-
- $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_array = split(',', $if_list);
- //print_r($if_array);
- if($if_array) {
- foreach($if_array as $iface2) {
- $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
-
- if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") {
- $if2 = "ng0";
- }
-
- /* build a list of user specified interfaces -gtm */
- if($if2){
- array_push($snortInterfaces, $if2);
- $first = 1;
- }
- }
-
- if (count($snortInterfaces) < 1) {
- log_error("Snort will not start. You must select an interface for it to listen on.");
- return;
- }
- }
+ <tr>
+ <td class="tabnavtbl"><?php
+ if ($a_nat[$id]['interface'] != '') {
+ /* get the interface name */
+ $first = 0;
+ $snortInterfaces = array(); /* -gtm */
+
+ $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
+ $if_array = split(',', $if_list);
+ //print_r($if_array);
+ if($if_array) {
+ foreach($if_array as $iface2) {
+ $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
+
+ if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") {
+ $if2 = "ng0";
+ }
+
+ /* build a list of user specified interfaces -gtm */
+ if($if2){
+ array_push($snortInterfaces, $if2);
+ $first = 1;
+ }
+ }
-}
+ if (count($snortInterfaces) < 1) {
+ log_error("Snort will not start. You must select an interface for it to listen on.");
+ return;
+ }
+ }
+
+ }
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- }
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- /* hide user tabs when no settings have be saved */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') {
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
}
- }
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
-
-?>
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ /* hide user tabs when no settings have be saved */
+ if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') {
+ if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ }
+ }
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-</td>
-</tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Settings</td>
- </tr>
- <tr>
+ ?></td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq2">Interface</td>
- <td width="22%" valign="top" class="vtable">&nbsp;
- <?php
- // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
- // care with spaces
- if ($pconfig['enable'] == "on")
- $checked = checked;
+ <td width="22%" valign="top" class="vtable">&nbsp; <?php
+ // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
+ // care with spaces
+ if ($pconfig['enable'] == "on")
+ $checked = checked;
- $onclick_enable = "onClick=\"enable_change(false)\">";
+ $onclick_enable = "onClick=\"enable_change(false)\">";
- echo "
+ echo "
<input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable
&nbsp;&nbsp;Enable or Disable</td>\n\n";
- ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">Interface</td>
- <td width="78%" class="vtable">
- <select name="interface" class="formfld">
- <?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
- foreach ($interfaces as $iface => $ifacename): ?>
- <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Choose which interface this rule applies to.<br>
- Hint: in most cases, you'll want to use WAN here.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
- <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Memory Performance</td>
- <td width="78%" class="vtable">
- <select name="performance" class="formfld" id="performance">
- <?php
- $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
- foreach ($interfaces2 as $iface2 => $ifacename2): ?>
- <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename2);?>
- </option>
+ ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Interface</td>
+ <td width="78%" class="vtable"><select name="interface"
+ class="formfld">
+ <?php
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>"
+ <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ class="formfld" id="descr" size="40"
+ value="<?=htmlspecialchars($pconfig['descr']);?>"> <br>
+ <span class="vexpl">You may enter a description here for your
+ reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Memory Performance</td>
+ <td width="78%" class="vtable"><select name="performance"
+ class="formfld" id="performance">
+ <?php
+ $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
+ foreach ($interfaces2 as $iface2 => $ifacename2): ?>
+ <option value="<?=$iface2;?>"
+ <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename2);?></option>
<?php endforeach; ?>
- </select><br>
- <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br>
- </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Choose the networks snort should inspect and whitelist.</td>
- </tr>
- <tr>
+ </select><br>
+ <span class="vexpl">Lowmem and ac-bnfa are recommended for low end
+ systems, Ac: high memory, best performance, ac-std: moderate
+ memory,high performance, acs: small memory, moderateperformance,
+ ac-banded: small memory,moderate performance, ac-sparsebands: small
+ memory, high performance.<br>
+ </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the networks
+ snort should inspect and whitelist.</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Home net</td>
- <td width="78%" class="vtable">
- <select name="homelistname" class="formfld" id="homelistname">
- <?php
- /* find whitelist names and filter by type */
- $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $hid = -1;
- if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; }
- $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub);
- echo "<option value=\"default\" $selected>default</option>
+ <td width="78%" class="vtable"><select name="homelistname"
+ class="formfld" id="homelistname">
+ <?php
+ /* find whitelist names and filter by type */
+ $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
+ $hid = -1;
+ if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; }
+ $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub);
+ echo "<option value=\"default\" $selected>default</option>
";
- foreach ($hlist_select as $value):
- $hid += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') {
- $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name'];
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid'];
- if ($ilistname == $hlist_sub[0]){
- echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $whitelist_uuid\">";
- }
- echo htmlspecialchars($ilistname) . '</option>
+ foreach ($hlist_select as $value):
+ $hid += 1;
+ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') {
+ $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name'];
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid'];
+ if ($ilistname == $hlist_sub[0]){
+ echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
+ }else{
+ echo "<option value=\"$ilistname $whitelist_uuid\">";
+ }
+ echo htmlspecialchars($ilistname) . '</option>
';
- }
- endforeach;
- ?>
+ }
+ endforeach;
+ ?>
</select><br>
- <span class="vexpl">Choose the home net you will like this rule to use.
- </span>&nbsp;<span class="red">Note:</span>&nbsp;Default home net adds only local networks.<br>
- <span class="red">Hint:</span>&nbsp;Most users add a list of friendly ips that the firewall cant see.</td>
- </tr>
- <tr>
+ <span class="vexpl">Choose the home net you will like this rule to
+ use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default home
+ net adds only local networks.<br>
+ <span class="red">Hint:</span>&nbsp;Most users add a list of
+ friendly ips that the firewall cant see.</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">External net</td>
- <td width="78%" class="vtable">
- <select name="externallistname" class="formfld" id="externallistname">
- <?php
- /* find whitelist names and filter by type */
- $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $exid = -1;
- if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; }
- preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub);
- echo "<option value=\"default\" $selected>default</option>
+ <td width="78%" class="vtable"><select name="externallistname"
+ class="formfld" id="externallistname">
+ <?php
+ /* find whitelist names and filter by type */
+ $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
+ $exid = -1;
+ if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; }
+ preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub);
+ echo "<option value=\"default\" $selected>default</option>
";
- foreach ($exlist_select as $value):
- $exid += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') {
- $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name'];
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid'];
- if ($ilistname == $exlist_sub[0]){
- echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $whitelist_uuid\">";
- }
- echo htmlspecialchars($ilistname) . '</option>
+ foreach ($exlist_select as $value):
+ $exid += 1;
+ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') {
+ $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name'];
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid'];
+ if ($ilistname == $exlist_sub[0]){
+ echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
+ }else{
+ echo "<option value=\"$ilistname $whitelist_uuid\">";
+ }
+ echo htmlspecialchars($ilistname) . '</option>
';
- }
- endforeach;
- ?>
+ }
+ endforeach;
+ ?>
</select><br>
- <span class="vexpl">Choose the external net you will like this rule to use.
- </span>&nbsp;<span class="red">Note:</span>&nbsp;Default external net, networks that are not home net.<br>
- <span class="red">Hint:</span>&nbsp;Most users should leave this setting at default.</td>
- </tr>
- <tr>
+ <span class="vexpl">Choose the external net you will like this rule
+ to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+ external net, networks that are not home net.<br>
+ <span class="red">Hint:</span>&nbsp;Most users should leave this
+ setting at default.</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Block offenders</td>
- <td width="78%" class="vtable">
- <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Checking this option will automatically block hosts that generate a Snort alert.</td>
- </tr>
- <tr>
+ <td width="78%" class="vtable"><input name="blockoffenders7"
+ type="checkbox" value="on"
+ <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Checking this option will automatically block hosts that generate a
+ Snort alert.</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Whitelist</td>
- <td width="78%" class="vtable">
- <select name="whitelistname" class="formfld" id="whitelistname">
- <?php
- /* find whitelist names and filter by type, make sure to track by uuid */
- $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
- $wid = -1;
- if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; }
- preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub);
- echo "<option value=\"default\" $selected>default</option>
+ <td width="78%" class="vtable"><select name="whitelistname"
+ class="formfld" id="whitelistname">
+ <?php
+ /* find whitelist names and filter by type, make sure to track by uuid */
+ $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item'];
+ $wid = -1;
+ if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; }
+ preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub);
+ echo "<option value=\"default\" $selected>default</option>
";
- foreach ($wlist_select as $value):
- $wid += 1;
- if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') {
- $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name'];
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid'];
- if ($ilistname == $wlist_sub[0]){
- echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $whitelist_uuid\">";
- }
- echo htmlspecialchars($ilistname) . '</option>
+ foreach ($wlist_select as $value):
+ $wid += 1;
+ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') {
+ $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name'];
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid'];
+ if ($ilistname == $wlist_sub[0]){
+ echo "<option value=\"$ilistname $whitelist_uuid\" selected>";
+ }else{
+ echo "<option value=\"$ilistname $whitelist_uuid\">";
+ }
+ echo htmlspecialchars($ilistname) . '</option>
';
- }
- endforeach;
- ?>
+ }
+ endforeach;
+ ?>
</select><br>
- <span class="vexpl">Choose the whitelist you will like this rule to use.
- </span>&nbsp;<span class="red">Note:</span>&nbsp;Default whitelist adds only local networks.</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell2">Suppression and filtering</td>
- <td width="78%" class="vtable">
- <select name="suppresslistname" class="formfld" id="suppresslistname">
- <?php
- /* find whitelist names and filter by type, make sure to track by uuid */
- $slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
- $sid = -1;
- if ($pconfig['suppresslistname'] == 'default'){ $selected = 'selected'; }
- preg_match('/^([a-zA-z0-9]+)/', $pconfig['suppresslistname'], $slist_sub);
- echo "<option value=\"default\" $selected>default</option>
+ <span class="vexpl">Choose the whitelist you will like this rule to
+ use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+ whitelist adds only local networks.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Suppression and
+ filtering</td>
+ <td width="78%" class="vtable"><select name="suppresslistname"
+ class="formfld" id="suppresslistname">
+ <?php
+ /* find whitelist names and filter by type, make sure to track by uuid */
+ $slist_select = $config['installedpackages']['snortglobal']['suppress']['item'];
+ $sid = -1;
+ if ($pconfig['suppresslistname'] == 'default'){ $selected = 'selected'; }
+ preg_match('/^([a-zA-z0-9]+)/', $pconfig['suppresslistname'], $slist_sub);
+ echo "<option value=\"default\" $selected>default</option>
";
- foreach ($slist_select as $value):
- $sid += 1;
- $ilistname = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['name'];
- $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['uuid'];
- if ($ilistname == $slist_sub[0]){
- echo "<option value=\"$ilistname $suppress_uuid\" selected>";
- }else{
- echo "<option value=\"$ilistname $suppress_uuid\">";
- }
- echo htmlspecialchars($ilistname) . '</option>
+ foreach ($slist_select as $value):
+ $sid += 1;
+ $ilistname = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['name'];
+ $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['uuid'];
+ if ($ilistname == $slist_sub[0]){
+ echo "<option value=\"$ilistname $suppress_uuid\" selected>";
+ }else{
+ echo "<option value=\"$ilistname $suppress_uuid\">";
+ }
+ echo htmlspecialchars($ilistname) . '</option>
';
- endforeach;
- ?>
+ endforeach;
+ ?>
</select><br>
- <span class="vexpl">Choose the suppression or filtering file you will like this rule to use.
- </span>&nbsp;<span class="red">Note:</span>&nbsp;Default option disables suppression and filtering.</td>
- </tr>
-
- <tr>
- <td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Send alerts to main System logs</td>
- <td width="78%" class="vtable">
- <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Snort will send Alerts to the Pfsense system logs.</td>
- </tr>
- <tr>
+ <span class="vexpl">Choose the suppression or filtering file you
+ will like this rule to use. </span>&nbsp;<span class="red">Note:</span>&nbsp;Default
+ option disables suppression and filtering.</td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Choose the types of
+ logs snort should create.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Send alerts to main
+ System logs</td>
+ <td width="78%" class="vtable"><input name="alertsystemlog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will send Alerts to the Pfsense system logs.</td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td>
- <td width="78%" class="vtable">
- <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified2 file</td>
- <td width="78%" class="vtable">
- <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Arguments here will be automatically inserted into the snort configuration.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td>
- <td width="78%" class="vtable">
- <textarea wrap="off" name="configpassthru" cols="75" rows="12" id="configpassthru" class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"></td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click start. </td>
- </tr>
- </table>
- </table>
+ <td width="78%" class="vtable"><input name="tcpdumplog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will log packets to a tcpdump-formatted file. The file then
+ can be analyzed by an application such as Wireshark which
+ understands pcap file formats. <span class="red"><strong>WARNING:</strong></span>
+ File may become large.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log Alerts to a snort
+ unified2 file</td>
+ <td width="78%" class="vtable"><input name="snortunifiedlog"
+ type="checkbox" value="on"
+ <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Snort will log Alerts to a file in the UNIFIED2 format. This is a
+ requirement for barnyard2.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Arguments here will
+ be automatically inserted into the snort configuration.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration
+ pass through</td>
+ <td width="78%" class="vtable"><textarea wrap="off"
+ name="configpassthru" cols="75" rows="12" id="configpassthru"
+ class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save"> <?php echo $snort_up_ck; ?> <input type="button"
+ class="formbtn" value="Cancel" onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start. </td>
+ </tr>
+ </table>
+
+</table>
</form>
</div>
@@ -778,7 +809,7 @@ enable_change(false);
//-->
</script>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
<div>
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index d4c07456..88725b15 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -1,36 +1,36 @@
<?php
/*
- snort_interfaces_global.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Copyright (C) 2008-2009 Robert Zelaya
- Modified for the Pfsense snort package.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_interfaces_global.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Copyright (C) 2008-2009 Robert Zelaya
+ Modified for the Pfsense snort package.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
@@ -50,29 +50,29 @@ $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['auto
$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists("$d_snort_global_dirty_path")) {
- conf_mount_rw();
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists("$d_snort_global_dirty_path")) {
+ conf_mount_rw();
- /* create whitelist and homenet file then sync files */
- sync_snort_package_empty();
- sync_snort_package();
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_empty();
+ sync_snort_package();
- unlink("$d_snort_global_dirty_path");
+ unlink("$d_snort_global_dirty_path");
- write_config();
- conf_mount_ro();
- }
+ write_config();
+ conf_mount_ro();
}
-
+}
+
+
-
/* if no errors move foward */
if (!$input_errors) {
-
- if ($_POST["Submit"]) {
+
+ if ($_POST["Submit"]) {
$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
$config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
@@ -82,7 +82,7 @@ if (!$input_errors) {
$config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize'];
$config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7'];
$config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype'];
- $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off;
+ $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off;
write_config();
sleep(2);
@@ -90,50 +90,50 @@ if (!$input_errors) {
$retval = 0;
- $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
- if ($snort_snortloglimit_info_ck == 'on') {
+ $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
+ if ($snort_snortloglimit_info_ck == 'on') {
snort_snortloglimit_install_cron('');
snort_snortloglimit_install_cron('true');
- }
-
- if ($snort_snortloglimit_info_ck == 'off') {
+ }
+
+ if ($snort_snortloglimit_info_ck == 'off') {
snort_snortloglimit_install_cron('');
- }
-
+ }
+
- /* set the snort block hosts time IMPORTANT */
- $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+ /* set the snort block hosts time IMPORTANT */
+ $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = "";
+ $snort_rm_blocked_false = "";
else
- $snort_rm_blocked_false = "true";
+ $snort_rm_blocked_false = "true";
- if ($snort_rm_blocked_info_ck != "")
- {
+ if ($snort_rm_blocked_info_ck != "")
+ {
snort_rm_blocked_install_cron("");
snort_rm_blocked_install_cron($snort_rm_blocked_false);
}
-
- /* set the snort rules update time */
- $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
+
+ /* set the snort rules update time */
+ $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = "";
+ $snort_rules_up_false = "";
else
- $snort_rules_up_false = "true";
+ $snort_rules_up_false = "true";
- if ($snort_rules_up_info_ck != "")
+ if ($snort_rules_up_info_ck != "")
{
snort_rules_up_install_cron("");
snort_rules_up_install_cron($snort_rules_up_false);
}
-
-
+
+
touch($d_snort_global_dirty_path);
$savemsg = get_std_save_message($retval);
write_config();
sync_snort_package();
-
+
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -141,124 +141,124 @@ if (!$input_errors) {
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Location: /snort/snort_interfaces_global.php");
-
- }
+
+ }
}
-
-
+
+
if ($_POST["Reset"]) {
function snort_deinstall_settings() {
- global $config, $g, $id, $if_real;
- conf_mount_rw();
+ global $config, $g, $id, $if_real;
+ conf_mount_rw();
- exec("/usr/usr/bin/killall snort");
- sleep(2);
- exec("/usr/usr/bin/killall -9 snort");
- sleep(2);
- exec("/usr/usr/bin/killall barnyard2");
- sleep(2);
- exec("/usr/usr/bin/killall -9 barnyard2");
- sleep(2);
+ exec("/usr/usr/bin/killall snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 snort");
+ sleep(2);
+ exec("/usr/usr/bin/killall barnyard2");
+ sleep(2);
+ exec("/usr/usr/bin/killall -9 barnyard2");
+ sleep(2);
- /* Remove snort cron entries Ugly code needs smoothness*/
- function snort_rm_blocked_deinstall_cron($should_install)
- {
- global $config, $g;
- conf_mount_rw();
+ /* Remove snort cron entries Ugly code needs smoothness*/
+ function snort_rm_blocked_deinstall_cron($should_install)
+ {
+ global $config, $g;
+ conf_mount_rw();
- $is_installed = false;
+ $is_installed = false;
- if(!$config['cron']['item'])
- return;
+ if(!$config['cron']['item'])
+ return;
- $x=0;
- foreach($config['cron']['item'] as $item)
- {
- if (strstr($item['command'], "snort2c"))
+ $x=0;
+ foreach($config['cron']['item'] as $item)
{
- $is_installed = true;
- break;
- }
-
- $x++;
-
- }
- if($is_installed == true)
+ if (strstr($item['command'], "snort2c"))
{
- if($x > 0)
- {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
-
- configure_cron();
-
+ $is_installed = true;
+ break;
}
- conf_mount_ro();
-}
-
- function snort_rules_up_deinstall_cron($should_install)
-{
- global $config, $g;
- conf_mount_rw();
+ $x++;
+
+ }
+ if($is_installed == true)
+ {
+ if($x > 0)
+ {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
- $is_installed = false;
+ configure_cron();
- if(!$config['cron']['item'])
- return;
+ }
+ conf_mount_ro();
+
+ }
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
+ function snort_rules_up_deinstall_cron($should_install)
+ {
+ global $config, $g;
+ conf_mount_rw();
+
+ $is_installed = false;
+
+ if(!$config['cron']['item'])
+ return;
+
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
}
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ write_config();
+ conf_mount_rw();
+ }
+ configure_cron();
}
-}
+ }
- snort_rm_blocked_deinstall_cron("");
- snort_rules_up_deinstall_cron("");
-
-
- /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
- /* Keep this as a last step */
- unset($config['installedpackages']['snortglobal']);
- write_config();
- conf_mount_rw();
-
- /* remove all snort iface dir */
- exec('rm -r /usr/local/etc/snort/snort_*');
- exec('rm /var/log/snort/*');
-
- conf_mount_ro();
+ snort_rm_blocked_deinstall_cron("");
+ snort_rules_up_deinstall_cron("");
-}
+
+ /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
+ /* Keep this as a last step */
+ unset($config['installedpackages']['snortglobal']);
+ write_config();
+ conf_mount_rw();
+
+ /* remove all snort iface dir */
+ exec('rm -r /usr/local/etc/snort/snort_*');
+ exec('rm /var/log/snort/*');
+
+ conf_mount_ro();
+
+ }
snort_deinstall_settings();
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- sleep(2);
- header("Location: /snort/snort_interfaces_global.php");
- exit;
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces_global.php");
+
+ exit;
}
@@ -269,7 +269,7 @@ include_once("/usr/local/pkg/snort/snort_head.inc");
<body link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -285,24 +285,27 @@ echo "$snort_interfaces_css\n";
<?php include("fbegin.inc"); ?>
-<div class="body2">
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
-
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
-<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
+<form action="snort_interfaces_global.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message, under form tag or no refresh */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
+
if (!$input_errors) {
if (file_exists($d_snort_global_dirty_path)) {
@@ -312,174 +315,225 @@ echo "$snort_interfaces_css\n";
');
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
-</td>
-</tr>
-
-<tr>
-<td class="tabcont">
-<table id="maintable2" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Please Choose The Type Of Rules You Wish To Download</td>
- </tr>
- <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td>
- <td width="78%" class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="off" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>>
- Do <strong>NOT</strong> Install</td>
- </tr>
- <tr>
- <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="on" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>>
- Install Basic Rules or Premium rules <br>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="https://www.snort.org/signup" target="_blank">Sign Up for a Basic Rule Account</a><br>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended</a>
- </td>
- </tr>
- <tr>
- <td>&nbsp;</td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td>
- </tr>
- <tr>
- <td class="vncell2" valign="top">Code</td>
- <td class="vtable"><input name="oinkmastercode" type="text" class="formfld" id="oinkmastercode" size="52" value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br>
- Obtain a snort.org Oinkmaster code and paste here.</td>
- </table>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> rules</td>
- <td width="78%" class="vtable">
- <input name="emergingthreats" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Update rules automatically</td>
- <td width="78%" class="vtable">
- <select name="autorulesupdate7" class="formfld" id="autorulesupdate7">
- <?php
- $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
- foreach ($interfaces3 as $iface3 => $ifacename3): ?>
- <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename3);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Please select the update times for rules.<br>
- Hint: in most cases, every 12 hours is a good choice.</span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Settings</td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell2">Log Directory Size Limit</td>
- <td width="78%" class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="on" onClick="enable_change(false)" <?php if($pconfig['snortloglimit']=='on' || $pconfig['snortloglimit']=='') echo 'checked'; ?>>
- <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td>
- </tr>
- <tr>
- <td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="off" onClick="enable_change(false)" <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>>
- <strong>Disable</strong> directory size limit<br><br><span class="red"><strong>Warning</span>:</strong> Pfsense Nanobsd should use no more than 10MB of space.
+ <td>
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
</td>
- </tr>
- <tr>
- <td>&nbsp;</td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td class="vncell3" >Size in <strong>MB</strong></td>
- <td class="vtable"><input name="snortloglimitsize" type="text" class="formfld" id="snortloglimitsize" size="7" value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">
- Default is <strong>20%</strong> of available space.</td>
- </table>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell2">Remove blocked hosts every</td>
- <td width="78%" class="vtable">
- <select name="rm_blocked" class="formfld" id="rm_blocked">
- <?php
- $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
- foreach ($interfaces3 as $iface3 => $ifacename3): ?>
- <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename3);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Please select the amount of time you would like hosts to be blocked for.<br>
- Hint: in most cases, 1 hour is a good choice.</span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Alerts file description type</td>
- <td width="78%" class="vtable">
- <select name="snortalertlogtype" class="formfld" id="snortalertlogtype">
- <?php
- $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
- foreach ($interfaces4 as $iface4 => $ifacename4): ?>
- <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename4);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br>
- Hint: Best pratice is to chose full logging.</span>&nbsp;<span class="red"><strong>WARNING:</strong></span>&nbsp;<strong>On change, alert file will be cleared.</strong></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Keep snort settings after deinstall</td>
- <td width="78%" class="vtable">
- <input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Settings will not be removed during deinstall.</td>
- </tr>
- <tr>
- <td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to delete all global and interface settings?')"><span class="red"><strong>&nbsp;WARNING:</strong><br>
- This will reset all global and interface settings.</span>
- </td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- </td>
</tr>
+
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br></strong></span>
- Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span></td>
+ <td class="tabcont">
+ <table id="maintable2" width="100%" border="0" cellpadding="6"
+ cellspacing="0">
+ <tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Please Choose The
+ Type Of Rules You Wish To Download</td>
+ </tr>
+ <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio"
+ id="snortdownload" value="off" onClick="enable_change(false)"
+ <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>>
+ Do <strong>NOT</strong> Install</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortdownload" type="radio"
+ id="snortdownload" value="on" onClick="enable_change(false)"
+ <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install
+ Basic Rules or Premium rules <br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a
+ href="https://www.snort.org/signup" target="_blank">Sign Up for a
+ Basic Rule Account</a><br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a
+ href="http://www.snort.org/vrt/buy-a-subscription"
+ target="_blank">Sign Up for Sourcefire VRT Certified Premium
+ Rules. This Is Highly Recommended</a></td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td>
+ </tr>
+ <tr>
+ <td class="vncell2" valign="top">Code</td>
+ <td class="vtable"><input name="oinkmastercode" type="text"
+ class="formfld" id="oinkmastercode" size="52"
+ value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br>
+ Obtain a snort.org Oinkmaster code and paste here.</td>
+
+ </table>
+
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong>
+ rules</td>
+ <td width="78%" class="vtable"><input name="emergingthreats"
+ type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Emerging Threats is an open source community that produces fastest
+ moving and diverse Snort Rules.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Update rules
+ automatically</td>
+ <td width="78%" class="vtable"><select name="autorulesupdate7"
+ class="formfld" id="autorulesupdate7">
+ <?php
+ $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the update times for rules.<br>
+ Hint: in most cases, every 12 hours is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Settings</td>
+ </tr>
+
+ <tr>
+ <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
+ <td width="22%" valign="top" class="vncell2">Log Directory Size
+ Limit<br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <span class="red"><strong>Note</span>:</strong><br>
+ Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="snortloglimit" type="radio"
+ id="snortloglimit" value="on" onClick="enable_change(false)"
+ <?php if($pconfig['snortloglimit']=='on' || $pconfig['snortloglimit']=='') echo 'checked'; ?>>
+ <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="snortloglimit" type="radio"
+ id="snortloglimit" value="off" onClick="enable_change(false)"
+ <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong>
+ directory size limit<br>
+ <br>
+ <span class="red"><strong>Warning</span>:</strong> Pfsense Nanobsd
+ should use no more than 10MB of space.</td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vncell3">Size in <strong>MB</strong></td>
+ <td class="vtable"><input name="snortloglimitsize" type="text"
+ class="formfld" id="snortloglimitsize" size="7"
+ value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>">
+ Default is <strong>20%</strong> of available space.</td>
+
+ </table>
+
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Remove blocked hosts
+ every</td>
+ <td width="78%" class="vtable"><select name="rm_blocked"
+ class="formfld" id="rm_blocked">
+ <?php
+ $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
+ foreach ($interfaces3 as $iface3 => $ifacename3): ?>
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please select the amount of time you would like
+ hosts to be blocked for.<br>
+ Hint: in most cases, 1 hour is a good choice.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Alerts file description
+ type</td>
+ <td width="78%" class="vtable"><select name="snortalertlogtype"
+ class="formfld" id="snortalertlogtype">
+ <?php
+ $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>"
+ <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?></option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Please choose the type of Alert logging you will
+ like see in your alert file.<br>
+ Hint: Best pratice is to chose full logging.</span>&nbsp;<span
+ class="red"><strong>WARNING:</strong></span>&nbsp;<strong>On
+ change, alert file will be cleared.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Keep snort settings
+ after deinstall</td>
+ <td width="78%" class="vtable"><input name="forcekeepsettings"
+ id="forcekeepsettings" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Settings will not be removed during deinstall.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"><input name="Reset" type="submit"
+ class="formbtn" value="Reset"
+ onclick="return confirm('Do you really want to delete all global and interface settings?')"><span
+ class="red"><strong>&nbsp;WARNING:</strong><br>
+ This will reset all global and interface settings.</span></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save" onClick="enable_change(true)"> <input type="button"
+ class="formbtn" value="Cancel" onclick="history.back()"></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span> Changing any settings on this page will affect all
+ interfaces. Please, double check if your oink code is correct and
+ the type of snort.org account you hold.</span></td>
+ </tr>
+ </table>
+ </td>
</tr>
- </table>
- </td>
- </tr>
- </table>
+</table>
</form>
</div>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
-<?php echo "$snort_custom_rnd_box\n"; ?>
+ <?php echo "$snort_custom_rnd_box\n"; ?>
</body>
</html>
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index ac0b8623..58837799 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -1,39 +1,39 @@
<?php
/* $Id$ */
/*
- firewall_aliases.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -41,15 +41,15 @@ require_once("/usr/local/pkg/snort/snort.inc");
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+$config['installedpackages']['snortglobal']['suppress']['item'] = array();
//aliases_sort(); << what ?
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) {
-$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
+ $id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
}else{
-$id_gen = '0';
+ $id_gen = '0';
}
$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
@@ -62,12 +62,12 @@ if ($_POST) {
$retval = 0;
if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
+ $savemsg = get_std_save_message($retval);
else
- $savemsg = $retval;
+ $savemsg = $retval;
if ($retval == 0) {
if (file_exists($d_suppresslistdirty_path))
- unlink($d_suppresslistdirty_path);
+ unlink($d_suppresslistdirty_path);
}
}
}
@@ -76,12 +76,12 @@ if ($_GET['act'] == "del") {
if ($a_suppress[$_GET['id']]) {
/* make sure rule is not being referenced by any nat or filter rules */
- unset($a_suppress[$_GET['id']]);
- write_config();
- filter_configure();
- touch($d_suppresslistdirty_path);
- header("Location: /snort/snort_interfaces_suppress.php");
- exit;
+ unset($a_suppress[$_GET['id']]);
+ write_config();
+ filter_configure();
+ touch($d_suppresslistdirty_path);
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
}
}
@@ -90,9 +90,10 @@ include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#000000" vlink="#000000" alink="#000000">
+<body
+ link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -101,98 +102,110 @@ include("/usr/local/pkg/snort/snort_head.inc");
});
</script>
-<?php
+<?php
include("fbegin.inc");
echo $snort_general_css;
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
-
-<div class="body2">
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<form action="/snort/snort_interfaces_suppress.php" method="post">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_suppresslistdirty_path)): ?><p>
-<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_suppresslistdirty_path)): ?>
+<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
-</td>
-</tr>
-
-<tr>
-<td class="tabcont">
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-
-<tr>
- <td width="30%" class="listhdrr">File Name</td>
- <td width="70%" class="listhdr">Description</td>
-
- <td width="10%" class="list">
- </td>
-</tr>
- <?php $i = 0; foreach ($a_suppress as $list): ?>
-<tr>
- <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?>
- </td>
- <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF">
- <?=htmlspecialchars($list['descr']);?>&nbsp;
- </td>
-
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
- <td><a href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
- </tr>
- </table>
- </td>
-</tr>
- <?php $i++; endforeach; ?>
-<tr>
- <td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
- </tr>
- </table>
- </td>
-</tr>
+ <tr>
+ <td class="tabnavtbl">
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr>
+ <td width="30%" class="listhdrr">File Name</td>
+ <td width="70%" class="listhdr">Description</td>
+
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_suppress as $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a
+ href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a
+ href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
- </td>
- </tr>
- </table>
<br>
-<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br>Please note that you must restart a running rule so that changes can take effect.</span></p>
-</td>
+<table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create event filtering and
+ suppression for your snort package rules.<br>
+ Please note that you must restart a running rule so that changes can
+ take effect.</span></p></td>
</table>
+
</form>
</div>
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 6a88ce1b..89abe790 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -1,61 +1,61 @@
<?php
/* $Id$ */
/*
- firewall_aliases_edit.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- $config['installedpackages']['snortglobal']['suppress']['item'] = array();
+$config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
/* gen uuid for each iface !inportant */
if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
//$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
-$suppress_uuid = 0;
-while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
- $suppress_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $suppress_uuid;
+ $suppress_uuid = 0;
+ while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
+ $suppress_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $suppress_uuid;
}
}
@@ -68,43 +68,43 @@ $d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
if (!is_string($name))
- return false;
+ return false;
if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
+ return true;
return false;
}
-
-
+
+
if (isset($id) && $a_suppress[$id]) {
-
+
/* old settings */
$pconfig['name'] = $a_suppress[$id]['name'];
$pconfig['uuid'] = $a_suppress[$id]['uuid'];
$pconfig['descr'] = $a_suppress[$id]['descr'];
$pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
-
-
+
+
}
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists("$d_snort_suppress_dirty_path")) {
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists("$d_snort_suppress_dirty_path")) {
- write_config();
+ write_config();
- sync_snort_package_config();
- sync_snort_package();
+ sync_snort_package_config();
+ sync_snort_package();
- unlink("$d_snort_suppress_dirty_path");
+ unlink("$d_snort_suppress_dirty_path");
- }
-
}
+}
+
if ($_POST['submit']) {
unset($input_errors);
@@ -113,21 +113,21 @@ if ($_POST['submit']) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
$x = is_validwhitelistname($_POST['name']);
if (!isset($x)) {
$input_errors[] = "Reserved word used for whitelist file name.";
} else {
if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
}
/* check for name conflicts */
foreach ($a_suppress as $s_list) {
if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
- continue;
+ continue;
if ($s_list['name'] == $_POST['name']) {
$input_errors[] = "A whitelist file name with this name already exists.";
@@ -135,29 +135,29 @@ if ($_POST['submit']) {
}
}
-
+
$s_list = array();
/* post user input */
if (!$input_errors) {
-
+
$s_list['name'] = $_POST['name'];
$s_list['uuid'] = $suppress_uuid;
- $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+ $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
if (isset($id) && $a_suppress[$id])
- $a_suppress[$id] = $s_list;
+ $a_suppress[$id] = $s_list;
else
- $a_suppress[] = $s_list;
+ $a_suppress[] = $s_list;
touch($d_snort_suppress_dirty_path);
write_config();
header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id");
- exit;
+ exit;
}
}
@@ -167,9 +167,11 @@ include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC"
+ onload="<?= $jsevents["body"]["onload"] ?>">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -178,36 +180,34 @@ include("/usr/local/pkg/snort/snort_head.inc");
});
</script>
-<?php
+<?php
include("fbegin.inc");
echo $snort_general_css;
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
-
-<div class="body2">
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="inputerrors"></div>
-<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
-
-<?php
+<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>"
+ method="post" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
//if (file_exists($d_snortconfdirty_path)) {
if (file_exists($d_snort_suppress_dirty_path)) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -218,114 +218,114 @@ echo $snort_general_css;
');
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
-</td>
-</tr>
-
-<tr>
-<td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq2">Name</td>
- <td class="vtable">
- <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
- <br />
- <span class="vexpl">
- The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
- <br />
- <span class="vexpl">
- You may enter a description here for your reference (not parsed).
- </span>
- </td>
- </tr>
-</table>
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <table height="32" width="100%">
<tr>
- <td>
- <div style='background-color:#E0E0E0' id='redbox'>
- <table width='100%'>
- <tr>
- <td width='8%'>
- &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32">
- </td>
- <td width='70%'>
- <font size="2" color='#FF850A'><b>NOTE:</b></font>
- <font size="2" color='#000000'>&nbsp;&nbsp;The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead.</font>
- </td>
- </tr>
- </table>
- </div>
- </td>
+ <td class="tabnavtbl">
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
</tr>
- <script type="text/javascript">
+
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and
+ description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable"><input name="name" type="text" id="name"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the
+ characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
+ Spaces. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your
+ reference (not parsed). </span></td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table height="32" width="100%">
+ <tr>
+ <td>
+ <div style='background-color: #E0E0E0' id='redbox'>
+ <table width='100%'>
+ <tr>
+ <td width='8%'>&nbsp;&nbsp;&nbsp;<img
+ style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"></td>
+ <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font>
+ <font size="2" color='#000000'>&nbsp;&nbsp;The threshold keyword
+ is deprecated as of version 2.8.5. Use the event_filter keyword
+ instead.</font></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+ <script type="text/javascript">
NiftyCheck();
Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
Rounded("td#blackbox","all","#FFF","#000000","smooth");
</script>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="vncell">
- <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
- <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60<br>
- <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10
- </td>
- </tr>
- <tr>
- <td width="100%" class="vtable">
- <textarea wrap="off" name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
-</td>
- </tr>
- <tr>
- <td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
- <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
- <?php endif; ?>
- </td>
- </tr>
- </table>
- </table>
- </td>
- </tr>
- </table>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Apply suppression or
+ filters to rules. Valid keywords are 'suppress', 'event_filter' and
+ 'rate_filter'.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vncell"><b>Example 1;</b>
+ suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
+ <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit,
+ track by_src, count 1, seconds 60<br>
+ <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src,
+ count 100, seconds 1, new_action log, timeout 10</td>
+ </tr>
+ <tr>
+ <td width="100%" class="vtable"><textarea wrap="off"
+ name="suppresspassthru" cols="142" rows="28" id="suppresspassthru"
+ class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="78%"><input id="submit" name="submit" type="submit"
+ class="formbtn" value="Save" /> <input id="cancelbutton"
+ name="cancelbutton" type="button" class="formbtn" value="Cancel"
+ onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+ </table>
+ </td>
+ </tr>
+</table>
</form>
</div>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
</body>
-</html> \ No newline at end of file
+</html>
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php
index 54ee844d..517c5907 100644
--- a/config/snort/snort_interfaces_whitelist.php
+++ b/config/snort/snort_interfaces_whitelist.php
@@ -1,39 +1,39 @@
<?php
/* $Id$ */
/*
- firewall_aliases.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -41,15 +41,15 @@ require_once("/usr/local/pkg/snort/snort.inc");
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
//aliases_sort(); << what ?
$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
-$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+ $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
}else{
-$id_gen = '0';
+ $id_gen = '0';
}
$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
@@ -62,12 +62,12 @@ if ($_POST) {
$retval = 0;
if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
+ $savemsg = get_std_save_message($retval);
else
- $savemsg = $retval;
+ $savemsg = $retval;
if ($retval == 0) {
if (file_exists($d_whitelistdirty_path))
- unlink($d_whitelistdirty_path);
+ unlink($d_whitelistdirty_path);
}
}
}
@@ -76,12 +76,12 @@ if ($_GET['act'] == "del") {
if ($a_whitelist[$_GET['id']]) {
/* make sure rule is not being referenced by any nat or filter rules */
- unset($a_whitelist[$_GET['id']]);
- write_config();
- filter_configure();
- touch($d_whitelistdirty_path);
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
+ unset($a_whitelist[$_GET['id']]);
+ write_config();
+ filter_configure();
+ touch($d_whitelistdirty_path);
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
}
}
@@ -90,9 +90,10 @@ include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -101,107 +102,121 @@ include("/usr/local/pkg/snort/snort_head.inc");
});
</script>
-<?php
+<?php
include("fbegin.inc");
echo $snort_general_css;
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
-
-<div class="body2">
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<form action="/snort/snort_interfaces_whitelist.php" method="post">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_whitelistdirty_path)): ?><p>
-<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_whitelistdirty_path)): ?>
+<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
-</td>
-</tr>
-<tr>
-<td class="tabcont">
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-
-<tr>
- <td width="20%" class="listhdrr">File Name</td>
- <td width="40%" class="listhdrr">Values</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list">
- </td>
-</tr>
- <?php $i = 0; foreach ($a_whitelist as $list): ?>
-<tr>
- <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?>
- </td>
- <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?php
- $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
- echo $addresses;
- if(count($addresses) < 10) {
- echo " ";
- } else {
- echo "...";
- }
- ?>
- </td>
- <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF">
- <?=htmlspecialchars($list['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
- <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
- </tr>
- </table>
- </td>
-</tr>
- <?php $i++; endforeach; ?>
-<tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
- </tr>
- </table>
- </td>
-</tr>
+ <tr>
+ <td class="tabnavtbl">
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <tr>
+ <td width="20%" class="listhdrr">File Name</td>
+ <td width="40%" class="listhdrr">Values</td>
+ <td width="40%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_whitelist as $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?php
+ $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
+ echo $addresses;
+ if(count($addresses) < 10) {
+ echo " ";
+ } else {
+ echo "...";
+ }
+ ?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a
+ href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a
+ href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
- </td>
- </tr>
- </table>
<br>
-<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <p><span class="vexpl">Here you can create whitelist files for your snort package rules.<br>Please add all the ips or networks you want to protect against snort block decisions.<br>Remember that the default whitelist only includes local networks.<br>Be careful, it is very easy to get locked out of you system.</span></p>
-</td>
+<table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create whitelist files for your
+ snort package rules.<br>
+ Please add all the ips or networks you want to protect against snort
+ block decisions.<br>
+ Remember that the default whitelist only includes local networks.<br>
+ Be careful, it is very easy to get locked out of you system.</span></p></td>
</table>
+
</form>
</div>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index 6723ec8a..562ec3bb 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -1,61 +1,61 @@
<?php
/* $Id$ */
/*
- firewall_aliases_edit.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
/* gen uuid for each iface !inportant */
if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
//$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
-$whitelist_uuid = 0;
-while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
- $whitelist_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $whitelist_uuid;
+ $whitelist_uuid = 0;
+ while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
+ $whitelist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $whitelist_uuid;
}
}
@@ -68,17 +68,17 @@ $d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
if (!is_string($name))
- return false;
+ return false;
if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
+ return true;
return false;
}
-
-
+
+
if (isset($id) && $a_whitelist[$id]) {
-
+
/* old settings */
$pconfig['name'] = $a_whitelist[$id]['name'];
$pconfig['uuid'] = $a_whitelist[$id]['uuid'];
@@ -92,34 +92,34 @@ if (isset($id) && $a_whitelist[$id]) {
$pconfig['vips'] = $a_whitelist[$id]['vips'];
$pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
-
+
$addresses = explode(' ', $pconfig['address']);
$address = explode(" ", $addresses[0]);
if ($address[1])
- $addresssubnettest = true;
+ $addresssubnettest = true;
else
- $addresssubnettest = false;
+ $addresssubnettest = false;
}
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists("$d_snort_whitelist_dirty_path")) {
- conf_mount_rw();
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists("$d_snort_whitelist_dirty_path")) {
+ conf_mount_rw();
- /* create whitelist and homenet file then sync files */
- sync_snort_package_empty();
- sync_snort_package();
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_empty();
+ sync_snort_package();
- unlink("$d_snort_whitelist_dirty_path");
+ unlink("$d_snort_whitelist_dirty_path");
- write_config();
- conf_mount_ro();
+ write_config();
+ conf_mount_ro();
- }
-
}
+}
+
if ($_POST['submit']) {
conf_mount_rw();
@@ -134,24 +134,24 @@ if ($_POST['submit']) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
$x = is_validwhitelistname($_POST['name']);
if (!isset($x)) {
$input_errors[] = "Reserved word used for whitelist file name.";
} else {
if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
}
-
+
if (is_validwhitelistname($_POST['address']) == false)
- $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset.";
+ $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset.";
/* check for name conflicts */
foreach ($a_whitelist as $w_list) {
if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
- continue;
+ continue;
if ($w_list['name'] == $_POST['name']) {
$input_errors[] = "A whitelist file name with this name already exists.";
@@ -159,7 +159,7 @@ if ($_POST['submit']) {
}
}
-
+
$w_list = array();
/* post user input */
$w_list['name'] = $_POST['name'];
@@ -171,72 +171,72 @@ if ($_POST['submit']) {
$w_list['wandnsips'] = $_POST['wandnsips']? yes : no;
$w_list['vips'] = $_POST['vips']? yes : no;
$w_list['vpnips'] = $_POST['vpnips']? yes : no;
-
+
$address = $w_list['address'];
$final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto");
- if($final_address_detail <> "") {
- $final_address_details .= $final_address_detail;
+ if($final_address_detail <> "") {
+ $final_address_details .= $final_address_detail;
} else {
$final_address_details .= "Entry added" . " ";
- $final_address_details .= date('r');
- }
- $final_address_details .= "||";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
$isfirst = 0;
-
- /* add another entry code */
- for($x=0; $x<299; $x++) {
- $comd = "\$subnet = \$_POST['address" . $x . "'];";
- eval($comd);
- $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];";
+
+ /* add another entry code */
+ for($x=0; $x<299; $x++) {
+ $comd = "\$subnet = \$_POST['address" . $x . "'];";
+ eval($comd);
+ $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];";
+ eval($comd);
+ if($subnet <> "") {
+ $address .= " ";
+ $address .= $subnet;
+ if($subnet_address <> "") $address .= "" . $subnet_address;
+
+ /* Compress in details to a single key, data separated by pipes.
+ Pulling details here lets us only pull in details for valid
+ address entries, saving us from having to track which ones to
+ process later. */
+ $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
eval($comd);
- if($subnet <> "") {
- $address .= " ";
- $address .= $subnet;
- if($subnet_address <> "") $address .= "" . $subnet_address;
-
- /* Compress in details to a single key, data separated by pipes.
- Pulling details here lets us only pull in details for valid
- address entries, saving us from having to track which ones to
- process later. */
- $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
- eval($comd);
- if($final_address_detail <> "") {
- $final_address_details .= $final_address_detail;
- } else {
- $final_address_details .= "Entry added" . " ";
- $final_address_details .= date('r');
- }
- $final_address_details .= "||";
+ if($final_address_detail <> "") {
+ $final_address_details .= $final_address_detail;
+ } else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
}
+ $final_address_details .= "||";
}
+ }
if (!$input_errors) {
$w_list['address'] = $address;
- $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
$w_list['detail'] = $final_address_details;
if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
+ $a_whitelist[$id] = $w_list;
else
- $a_whitelist[] = $w_list;
+ $a_whitelist[] = $w_list;
touch($d_snort_whitelist_dirty_path);
write_config();
header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id");
- exit;
+ exit;
}
//we received input errors, copy data to prevent retype
else
{
- $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $pconfig['address'] = $address;
- $pconfig['detail'] = $final_address_details;
+ $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $pconfig['address'] = $address;
+ $pconfig['detail'] = $final_address_details;
}
-
+
}
$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
@@ -244,9 +244,11 @@ include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC"
+ onload="<?= $jsevents["body"]["onload"] ?>">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -255,20 +257,18 @@ include("/usr/local/pkg/snort/snort_head.inc");
});
</script>
-<?php
+<?php
include("fbegin.inc");
echo $snort_general_css;
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
-
-<div class="body2">
-
-<script type="text/javascript" src="/snort/javascript/row_helper.js"></script>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
-<input type='hidden' name='address_type' value='textbox' />
-<script type="text/javascript">
+<div class="body2"><script type="text/javascript"
+ src="/snort/javascript/row_helper.js"></script> <input type='hidden'
+ name='address_type' value='textbox' /> <script type="text/javascript">
rowname[0] = "address";
rowtype[0] = "textbox";
rowsize[0] = "30";
@@ -276,28 +276,25 @@ echo $snort_general_css;
rowname[1] = "detail";
rowtype[1] = "textbox";
rowsize[1] = "50";
-</script>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+</script> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="inputerrors"></div>
-<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
-
-<?php
+<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>"
+ method="post" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
//if (file_exists($d_snortconfdirty_path)) {
if (file_exists($d_snort_whitelist_dirty_path)) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -308,196 +305,195 @@ echo $snort_general_css;
');
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
-</td>
-</tr>
-<tr>
-<td class="tabcont">
-
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq2">Name</td>
- <td class="vtable">
- <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
- <br />
- <span class="vexpl">
- The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
- <br />
- <span class="vexpl">
- You may enter a description here for your reference (not parsed).
- </span>
- </td>
- </tr>
<tr>
- <td width="22%" valign="top" class="vncell2">List Type</td>
- <td width="78%" class="vtable">
-
- <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" id="itemhelp">
- <strong>WHITELIST:</strong>&nbsp;&nbsp;&nbsp;This list specifies addresses that Snort Package should not block.<br><br>
- <strong>NETLIST:</strong>&nbsp;&nbsp;&nbsp;This list is for defining addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.
- </div>
-
- <select name="snortlisttype" class="formfld" id="snortlisttype">
- <?php
+ <td class="tabnavtbl">
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add the name and
+ description of the file.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq2">Name</td>
+ <td class="vtable"><input name="name" type="text" id="name"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> The list name may only consist of the
+ characters a-z, A-Z and 0-9. <span class="red">Note: </span> No
+ Spaces. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Description</td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> You may enter a description here for your
+ reference (not parsed). </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">List Type</td>
+ <td width="78%" class="vtable">
+
+ <div
+ style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
+ id="itemhelp"><strong>WHITELIST:</strong>&nbsp;&nbsp;&nbsp;This
+ list specifies addresses that Snort Package should not block.<br>
+ <br>
+ <strong>NETLIST:</strong>&nbsp;&nbsp;&nbsp;This list is for defining
+ addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div>
+
+ <select name="snortlisttype" class="formfld" id="snortlisttype">
+ <?php
$interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
foreach ($interfaces4 as $iface4 => $ifacename4): ?>
- <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename4);?>
- </option>
- <?php endforeach; ?>
- </select>
- <span class="vexpl">
- &nbsp;&nbsp;&nbsp;Choose the type of list you will like see in your <span class="red">Interface Edit Tab</span>.
- </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">WAN IPs</td>
- <td width="78%" class="vtable">
- <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add WAN IPs to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Wan Gateways</td>
- <td width="78%" class="vtable">
- <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add WAN Gateways to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Wan DNS servers</td>
- <td width="78%" class="vtable">
- <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add WAN DNS servers to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td>
- <td width="78%" class="vtable">
- <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add Virtual IP Addresses to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">VPNs</td>
- <td width="78%" class="vtable">
- <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add VPN Addresses to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq2"><div id="addressnetworkport">IP or CIDR items</div></td>
- <td width="78%" class="vtable">
- <table id="maintable">
- <tbody>
- <tr>
- <td colspan="4">
- <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" id="itemhelp">
- For <strong>WHITELIST's</strong> enter <strong>ONLY IPs not CIDRs</strong>. Example: 192.168.4.1<br><br>
- For <strong>NETLIST's</strong> you may enter <strong>IPs and CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24
- </div>
- </td>
- </tr>
- <tr>
- <td><div id="onecolumn">IP or CIDR</div></td>
- <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td>
- </tr>
-
- <?php
- /* cleanup code */
- $counter = 0;
- $address = $pconfig['address'];
- $item = explode(" ", $address);
- $item3 = explode("||", $pconfig['detail']);
- foreach($item as $ww) {
- $address = $item[$counter];
- $item4 = $item3[$counter];
- if($counter > 0) $tracker = $counter + 1;
- ?>
- <tr>
- <td>
- <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" />
- </td>
- <td>
- <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" />
- </td>
- <td>
- <?php
- if($counter > 0)
- echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />";
- ?>
- </td>
- </tr>
- <?php
- $counter++;
-
- } // end foreach
- ?>
- </tbody>
+ <option value="<?=$iface4;?>"
+ <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?></option>
+ <?php endforeach; ?>
+ </select> <span class="vexpl"> &nbsp;&nbsp;&nbsp;Choose the type of
+ list you will like see in your <span class="red">Interface Edit Tab</span>.
+ </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add auto generated
+ ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">WAN IPs</td>
+ <td width="78%" class="vtable"><input name="wanips" type="checkbox"
+ id="wanips" size="40" value="yes"
+ <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN IPs to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan Gateways</td>
+ <td width="78%" class="vtable"><input name="wangateips"
+ type="checkbox" id="wangateips" size="40" value="yes"
+ <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN Gateways to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Wan DNS servers</td>
+ <td width="78%" class="vtable"><input name="wandnsips"
+ type="checkbox" id="wandnsips" size="40" value="yes"
+ <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add WAN DNS servers to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td>
+ <td width="78%" class="vtable"><input name="vips" type="checkbox"
+ id="vips" size="40" value="yes"
+ <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">VPNs</td>
+ <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
+ id="vpnips" size="40" value="yes"
+ <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> Add VPN Addresses to the list. </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Add your own custom
+ ips.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">
+ <div id="addressnetworkport">IP or CIDR items</div>
+ </td>
+ <td width="78%" class="vtable">
+ <table id="maintable">
+ <tbody>
+ <tr>
+ <td colspan="4">
+ <div
+ style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;"
+ id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY
+ IPs not CIDRs</strong>. Example: 192.168.4.1<br>
+ <br>
+ For <strong>NETLIST's</strong> you may enter <strong>IPs and
+ CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="onecolumn">IP or CIDR</div>
+ </td>
+ <td>
+ <div id="threecolumn">Add a Description or leave blank and a date
+ will be added.</div>
+ </td>
+ </tr>
+
+ <?php
+ /* cleanup code */
+ $counter = 0;
+ $address = $pconfig['address'];
+ $item = explode(" ", $address);
+ $item3 = explode("||", $pconfig['detail']);
+ foreach($item as $ww) {
+ $address = $item[$counter];
+ $item4 = $item3[$counter];
+ if($counter > 0) $tracker = $counter + 1;
+ ?>
+ <tr>
+ <td><input name="address<?php echo $tracker; ?>" type="text"
+ id="address<?php echo $tracker; ?>" size="30"
+ value="<?=htmlspecialchars($address);?>" /></td>
+ <td><input name="detail<?php echo $tracker; ?>" type="text"
+ id="detail<?php echo $tracker; ?>" size="50"
+ value="<?=$item4;?>" /></td>
+ <td><?php
+ if($counter > 0)
+ echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />";
+ ?></td>
+ </tr>
+ <?php
+ $counter++;
+
+ } // end foreach
+ ?>
+ </tbody>
+ </table>
+ <a onclick="javascript:addRowTo('maintable'); return false;"
+ href="#"><img border="0"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt=""
+ title="add another entry" /> </a></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><input id="submit" name="submit" type="submit"
+ class="formbtn" value="Save" /> <input id="cancelbutton"
+ name="cancelbutton" type="button" class="formbtn" value="Cancel"
+ onclick="history.back()" /> <?php if (isset($id) && $a_whitelist[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
+ </td>
+ </tr>
</table>
- <a onclick="javascript:addRowTo('maintable'); return false;" href="#"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" />
- </a>
</td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
- <?php if (isset($id) && $a_whitelist[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
- <?php endif; ?>
- </td>
- </tr>
+ </tr>
</table>
- </td>
- </tr>
- </table>
</form>
<script type="text/javascript">
@@ -508,11 +504,9 @@ echo $snort_general_css;
totalrows = <?php echo $counter; ?>;
loaded = <?php echo $counter; ?>;
-</script>
-
-</div>
+</script></div>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
</body>
-</html> \ No newline at end of file
+</html>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 363b9f85..c56f00e9 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -1,34 +1,34 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
@@ -43,11 +43,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_nat[$id]) {
@@ -65,7 +65,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
-
+
/* old options */
$pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
$pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
@@ -74,7 +74,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
$pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
$pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
$pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
$pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
$pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
@@ -122,8 +122,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
-if (isset($_GET['dup']))
- unset($id);
+ if (isset($_GET['dup']))
+ unset($id);
}
/* convert fake interfaces to real */
@@ -131,88 +131,88 @@ $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interfac
$snort_uuid = $pconfig['uuid'];
- /* alert file */
+/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists($d_snortconfdirty_path)) {
- write_config();
+ write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
- unlink($d_snortconfdirty_path);
+ unlink($d_snortconfdirty_path);
- }
-
}
+}
+
- if ($_POST["Submit"]) {
+if ($_POST["Submit"]) {
/* check for overlaps */
-/* if no errors write to conf */
+ /* if no errors write to conf */
if (!$input_errors) {
$natent = array();
/* repost the options already in conf */
- if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
- if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
- if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
- if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
- if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
- if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
- if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
- if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
- if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
- if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
- if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
- if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
- if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
- if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
- if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
- if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
- if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
- if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
- if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
- if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
- if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
- if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
- if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
- if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
- if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
- if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
- if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
- if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
- if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
- if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
- if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
- if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
- if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
- if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
- if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
- if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
- if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
- if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
- if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
- if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
- if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
- if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
- if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
- if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
- if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
- if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
- if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
-
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
+ if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+ if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
+ if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
+ if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
+ if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
+
/* post new options */
$natent['perform_stat'] = $_POST['perform_stat'];
@@ -220,7 +220,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; }
if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
-
+
$natent['perform_stat'] = $_POST['perform_stat'] ? on : off;
$natent['http_inspect'] = $_POST['http_inspect'] ? on : off;
$natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off;
@@ -228,19 +228,19 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
$natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off;
$natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off;
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off;
- $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
+ $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
-
+
write_config();
-
+
/* after click go to this page */
touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -258,7 +258,8 @@ $pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow";
include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
@@ -268,29 +269,34 @@ echo "{$snort_general_css}\n";
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
-
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
-<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
+<form action="snort_preprocessors.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
if (file_exists($d_snortconfdirty_path)) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -302,39 +308,38 @@ echo "{$snort_general_css}\n";
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
-if($id != "")
-{
-
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
+ <tr>
+ <td class="tabnavtbl"><?php
+ if($id != "")
+ {
+
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
+ echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-}
-?>
-</td>
-</tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <?php
- /* display error code if there is no id */
- if($id == "")
- {
- echo "
+ }
+ ?></td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ /* display error code if there is no id */
+ if($id == "")
+ {
+ echo "
<style type=\"text/css\">
.noid {
position:absolute;
@@ -349,138 +354,185 @@ echo '</div>' . "\n";
}
</style>
<div class=\"alert\" ALIGN=CENTER><img src=\"../themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
-
- }
- ?>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br>
- Rules may be dependent on preprocessors!<br>
- Defaults will be used when there is no user input.<br>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Performance Statistics</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable</td>
- <td width="78%" class="vtable">
- <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)">
- Performance Statistics for this interface.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable</td>
- <td width="78%" class="vtable">
- <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)">
- Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
- </tr>
- <tr>
+
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:
+ </strong></span><br>
+ Rules may be dependent on preprocessors!<br>
+ Defaults will be used when there is no user input.<br></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Performance
+ Statistics</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="perform_stat"
+ type="checkbox" value="on"
+ <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Performance Statistics for this
+ interface.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="http_inspect"
+ type="checkbox" value="on"
+ <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Use HTTP Inspect to
+ Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
<td valign="top" class="vncell2">HTTP server flow depth</td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
+ <table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td>
+ <td><input name="flow_depth" type="text" class="formfld"
+ id="flow_depth" size="5"
+ value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong>
+ to <strong>1460</strong> (<strong>-1</strong> disables HTTP
+ inspect, <strong>0</strong> enables all HTTP inspect)</td>
</tr>
- </table>
- Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.<br>
- Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is <strong>0</strong><br>
+ </table>
+ Amount of HTTP server response payload to inspect. Snort's
+ performance may increase by adjusting this value.<br>
+ Setting this value too low may cause false negatives. Values above 0
+ are specified in bytes. Default value is <strong>0</strong><br>
</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
- </tr>
- <tr>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
+ </tr>
+ <tr>
<td valign="top" class="vncell2">Max Queued Bytes</td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
+ <table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="max_queued_bytes" type="text" class="formfld" id="max_queued_bytes" size="5" value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>1048576</strong>, <strong>0</strong> means Maximum )</td>
+ <td><input name="max_queued_bytes" type="text" class="formfld"
+ id="max_queued_bytes" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
+ Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>1048576</strong>, <strong>0</strong>
+ means Maximum )</td>
</tr>
- </table>
- The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is <strong>1048576</strong><br>
+ </table>
+ The number of bytes to be queued for reassembly for TCP sessions in
+ memory. Default value is <strong>1048576</strong><br>
</td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td valign="top" class="vncell2">Max Queued Segs</td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
+ <table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="max_queued_segs" type="text" class="formfld" id="max_queued_segs" size="5" value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>2621</strong>, <strong>0</strong> means Maximum )</td>
+ <td><input name="max_queued_segs" type="text" class="formfld"
+ id="max_queued_segs" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
+ Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>2621</strong>, <strong>0</strong> means
+ Maximum )</td>
</tr>
- </table>
- The number of segments to be queued for reassembly for TCP sessions in memory. Default value is <strong>2621</strong><br>
+ </table>
+ The number of segments to be queued for reassembly for TCP sessions
+ in memory. Default value is <strong>2621</strong><br>
</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Preprocessor Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>RPC Decode and Back Orifice detector</td>
- <td width="78%" class="vtable">
- <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>FTP and Telnet Normalizer</td>
- <td width="78%" class="vtable">
- <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>SMTP Normalizer</td>
- <td width="78%" class="vtable">
- <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>Portscan Detection</td>
- <td width="78%" class="vtable">
- <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Detects various types of portscans and portsweeps.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>DCE/RPC2 Detection</td>
- <td width="78%" class="vtable">
- <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>DNS Detection</td>
- <td width="78%" class="vtable">
- <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
- <td width="78%" class="vtable">
- <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>">
- <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br>
- Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click Start. </td>
- </tr>
- </table>
- </table>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Preprocessor
+ Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ RPC Decode and Back Orifice detector</td>
+ <td width="78%" class="vtable"><input name="other_preprocs"
+ type="checkbox" value="on"
+ <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode RPC traffic and detects Back Orifice traffic on the
+ network.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ FTP and Telnet Normalizer</td>
+ <td width="78%" class="vtable"><input name="ftp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ SMTP Normalizer</td>
+ <td width="78%" class="vtable"><input name="smtp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ Portscan Detection</td>
+ <td width="78%" class="vtable"><input name="sf_portscan"
+ type="checkbox" value="on"
+ <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Detects various types of portscans and portsweeps.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DCE/RPC2 Detection</td>
+ <td width="78%" class="vtable"><input name="dce_rpc_2"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC
+ traffic.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DNS Detection</td>
+ <td width="78%" class="vtable"><input name="dns_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DNS preprocessor decodes DNS Response traffic and detects some
+ vulnerabilities.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports_ignore"
+ type="text" class="formfld" id="def_ssl_ports_ignore" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br>
+ <span class="vexpl"> Encrypted traffic should be ignored by Snort
+ for both performance reasons and to reduce false positives.<br>
+ Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please
+ use spaces and not commas.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save"> <input type="button" class="formbtn" value="Cancel"
+ onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click Start. </td>
+ </tr>
+ </table>
+
+</table>
</form>
</div>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 73de553b..7a82a2d3 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -1,32 +1,32 @@
<?php
/* $Id$ */
/*
- edit_snortrule.php
- Copyright (C) 2004, 2005 Scott Ullrich
- Copyright (C) 2008, 2009 Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ edit_snortrule.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ Copyright (C) 2008, 2009 Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
@@ -42,7 +42,7 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (isset($id) && $a_nat[$id]) {
@@ -64,33 +64,33 @@ $iface_uuid = $a_nat[$id]['uuid'];
$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
-include("/usr/local/pkg/snort/snort_head.inc");
-include("fbegin.inc");
+ include("/usr/local/pkg/snort/snort_head.inc");
+ include("fbegin.inc");
-echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+ echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
+ echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
<tr>\n
<td>\n";
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-echo "</td>\n
+ echo "</td>\n
</tr>\n
<tr>\n
<td>\n
@@ -111,66 +111,66 @@ echo "</td>\n
\n
<p>\n\n";
-echo "Please click on the Update Rules tab to install your selected rule sets.";
-include("fend.inc");
+ echo "Please click on the Update Rules tab to install your selected rule sets.";
+ include("fend.inc");
-echo "</body>";
-echo "</html>";
+ echo "</body>";
+ echo "</html>";
-exit(0);
+ exit(0);
}
function get_middle($source, $beginning, $ending, $init_pos) {
- $beginning_pos = strpos($source, $beginning, $init_pos);
- $middle_pos = $beginning_pos + strlen($beginning);
- $ending_pos = strpos($source, $ending, $beginning_pos);
- $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
- return $middle;
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
}
function write_rule_file($content_changed, $received_file)
{
- //read snort file with writing enabled
- $filehandle = fopen($received_file, "w");
+ //read snort file with writing enabled
+ $filehandle = fopen($received_file, "w");
- //delimiter for each new rule is a new line
- $delimiter = "\n";
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
- //implode the array back into a string for writing purposes
- $fullfile = implode($delimiter, $content_changed);
+ //implode the array back into a string for writing purposes
+ $fullfile = implode($delimiter, $content_changed);
- //write data to file
- fwrite($filehandle, $fullfile);
+ //write data to file
+ fwrite($filehandle, $fullfile);
- //close file handle
- fclose($filehandle);
+ //close file handle
+ fclose($filehandle);
}
function load_rule_file($incoming_file)
{
- //read snort file
- $filehandle = fopen($incoming_file, "r");
+ //read snort file
+ $filehandle = fopen($incoming_file, "r");
- //read file into string, and get filesize
- $contents = fread($filehandle, filesize($incoming_file));
+ //read file into string, and get filesize
+ $contents = fread($filehandle, filesize($incoming_file));
- //close handler
- fclose ($filehandle);
+ //close handler
+ fclose ($filehandle);
- //string for populating category select
- $currentruleset = basename($rulefile);
+ //string for populating category select
+ $currentruleset = basename($rulefile);
- //delimiter for each new rule is a new line
- $delimiter = "\n";
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
- //split the contents of the string file into an array using the delimiter
- $splitcontents = explode($delimiter, $contents);
+ //split the contents of the string file into an array using the delimiter
+ $splitcontents = explode($delimiter, $contents);
- return $splitcontents;
+ return $splitcontents;
}
@@ -184,23 +184,23 @@ if ($_GET['openruleset'] != '' && $_GET['ids'] != '')
while (false !== ($filename = readdir($dh)))
{
- //only populate this array if its a rule file
- $isrulefile = strstr($filename, ".rules");
- if ($isrulefile !== false)
- {
- $files[] = $filename;
- }
+ //only populate this array if its a rule file
+ $isrulefile = strstr($filename, ".rules");
+ if ($isrulefile !== false)
+ {
+ $files[] = $filename;
+ }
}
sort($files);
if ($_GET['openruleset'])
{
- $rulefile = $_GET['openruleset'];
+ $rulefile = $_GET['openruleset'];
}
else
{
- $rulefile = $ruledir.$files[0];
+ $rulefile = $ruledir.$files[0];
}
@@ -209,91 +209,91 @@ $splitcontents = load_rule_file($rulefile);
if ($_POST)
{
-
+
conf_mount_rw();
-
+
if (!$_POST['apply']) {
- //retrieve POST data
- $post_lineid = $_POST['lineid'];
- $post_enabled = $_POST['enabled'];
- $post_src = $_POST['src'];
- $post_srcport = $_POST['srcport'];
- $post_dest = $_POST['dest'];
- $post_destport = $_POST['destport'];
-
+ //retrieve POST data
+ $post_lineid = $_POST['lineid'];
+ $post_enabled = $_POST['enabled'];
+ $post_src = $_POST['src'];
+ $post_srcport = $_POST['srcport'];
+ $post_dest = $_POST['dest'];
+ $post_destport = $_POST['destport'];
+
//clean up any white spaces insert by accident
$post_src = str_replace(" ", "", $post_src);
$post_srcport = str_replace(" ", "", $post_srcport);
$post_dest = str_replace(" ", "", $post_dest);
$post_destport = str_replace(" ", "", $post_destport);
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$post_lineid];
-
- //search string
- $findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //has rule been enabled
- if ($post_enabled == "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
- $counter2 = 1;
- }
- else
- {
- //rule is staying disabled
- $counter2 = 2;
- }
- }
- else
- {
- //has rule been disabled
- if ($post_enabled != "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
- $counter2 = 2;
- }
- else
- {
- //rule is staying enabled
- $counter2 = 1;
- }
- }
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
+
+ //copy rule contents from array into string
+ $tempstring = $splitcontents[$post_lineid];
+
+ //search string
+ $findme = "# alert"; //find string for disabled alerts
+
+ //find if alert is disabled
+ $disabled = strstr($tempstring, $findme);
+
+ //if find alert is false, then rule is disabled
+ if ($disabled !== false)
+ {
+ //has rule been enabled
+ if ($post_enabled == "yes")
+ {
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("# alert", "alert", $tempstring);
+ $counter2 = 1;
+ }
+ else
+ {
+ //rule is staying disabled
+ $counter2 = 2;
+ }
+ }
+ else
+ {
+ //has rule been disabled
+ if ($post_enabled != "yes")
+ {
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("alert", "# alert", $tempstring);
+ $counter2 = 2;
+ }
+ else
+ {
+ //rule is staying enabled
+ $counter2 = 1;
+ }
+ }
+
+ //explode rule contents into an array, (delimiter is space)
+ $rule_content = explode(' ', $tempstring);
+
//insert new values
- $counter2++;
- $rule_content[$counter2] = $post_src;//source location
- $counter2++;
- $rule_content[$counter2] = $post_srcport;//source port location
- $counter2 = $counter2+2;
- $rule_content[$counter2] = $post_dest;//destination location
- $counter2++;
- $rule_content[$counter2] = $post_destport;//destination port location
-
+ $counter2++;
+ $rule_content[$counter2] = $post_src;//source location
+ $counter2++;
+ $rule_content[$counter2] = $post_srcport;//source port location
+ $counter2 = $counter2+2;
+ $rule_content[$counter2] = $post_dest;//destination location
+ $counter2++;
+ $rule_content[$counter2] = $post_destport;//destination port location
+
//implode the array back into string
$tempstring = implode(' ', $rule_content);
-
+
//copy string into file array for writing
- $splitcontents[$post_lineid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $rulefile);
-
- //once file has been written, reload file
- $splitcontents = load_rule_file($rulefile);
-
- $stopMsg = true;
+ $splitcontents[$post_lineid] = $tempstring;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $rulefile);
+
+ //once file has been written, reload file
+ $splitcontents = load_rule_file($rulefile);
+
+ $stopMsg = true;
}
}
else if ($_GET['act'] == "toggle")
@@ -301,108 +301,108 @@ else if ($_GET['act'] == "toggle")
conf_mount_rw();
- $toggleid = $_GET['ids'];
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$toggleid];
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
- //search string
- $findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //rule has been enabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
-
- }
- else
- {
- //has rule been disabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
-
- }
-
- //copy string into array for writing
- $splitcontents[$toggleid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $rulefile);
-
- //once file has been written, reload file
- $splitcontents = load_rule_file($rulefile);
-
- $stopMsg = true;
-
- //write disable/enable sid to config.xml
- if ($disabled == false) {
- $string_sid = strstr($tempstring, 'sid:');
- $sid_pieces = explode(";", $string_sid);
- $sid_off_cut = $sid_pieces[0];
- // sid being turned off
- $sid_off = str_replace("sid:", "", $sid_off_cut);
- // rule_sid_on registers
- $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
- // if off sid is the same as on sid remove it
- $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_on'] = $sid_on_old;
- // rule sid off registers
- $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
- // if off sid is the same as off sid remove it
- $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_off'] = $sid_off_old;
- // add sid off registers to new off sid
- $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
- write_config();
- conf_mount_rw();
+ $toggleid = $_GET['ids'];
+
+ //copy rule contents from array into string
+ $tempstring = $splitcontents[$toggleid];
+
+ //explode rule contents into an array, (delimiter is space)
+ $rule_content = explode(' ', $tempstring);
+
+ //search string
+ $findme = "# alert"; //find string for disabled alerts
+
+ //find if alert is disabled
+ $disabled = strstr($tempstring, $findme);
+
+ //if find alert is false, then rule is disabled
+ if ($disabled !== false)
+ {
+ //rule has been enabled
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("# alert", "alert", $tempstring);
+
+ }
+ else
+ {
+ //has rule been disabled
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("alert", "# alert", $tempstring);
+
+ }
+
+ //copy string into array for writing
+ $splitcontents[$toggleid] = $tempstring;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $rulefile);
+
+ //once file has been written, reload file
+ $splitcontents = load_rule_file($rulefile);
+
+ $stopMsg = true;
+
+ //write disable/enable sid to config.xml
+ if ($disabled == false) {
+ $string_sid = strstr($tempstring, 'sid:');
+ $sid_pieces = explode(";", $string_sid);
+ $sid_off_cut = $sid_pieces[0];
+ // sid being turned off
+ $sid_off = str_replace("sid:", "", $sid_off_cut);
+ // rule_sid_on registers
+ $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
+ // if off sid is the same as on sid remove it
+ $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
+ // write the replace sid back as empty
+ $a_nat[$id]['rule_sid_on'] = $sid_on_old;
+ // rule sid off registers
+ $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
+ // if off sid is the same as off sid remove it
+ $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
+ // write the replace sid back as empty
+ $a_nat[$id]['rule_sid_off'] = $sid_off_old;
+ // add sid off registers to new off sid
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
+ write_config();
+ conf_mount_rw();
- }
- else
- {
- $string_sid = strstr($tempstring, 'sid:');
- $sid_pieces = explode(";", $string_sid);
- $sid_on_cut = $sid_pieces[0];
- // sid being turned off
- $sid_on = str_replace("sid:", "", $sid_on_cut);
- // rule_sid_off registers
- $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
- // if off sid is the same as on sid remove it
- $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_off'] = $sid_off_old;
- // rule sid on registers
- $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
- // if on sid is the same as on sid remove it
- $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_on'] = $sid_on_old;
- // add sid on registers to new on sid
- $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
- write_config();
- conf_mount_rw();
- }
-
+ }
+ else
+ {
+ $string_sid = strstr($tempstring, 'sid:');
+ $sid_pieces = explode(";", $string_sid);
+ $sid_on_cut = $sid_pieces[0];
+ // sid being turned off
+ $sid_on = str_replace("sid:", "", $sid_on_cut);
+ // rule_sid_off registers
+ $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
+ // if off sid is the same as on sid remove it
+ $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
+ // write the replace sid back as empty
+ $a_nat[$id]['rule_sid_off'] = $sid_off_old;
+ // rule sid on registers
+ $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
+ // if on sid is the same as on sid remove it
+ $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
+ // write the replace sid back as empty
+ $a_nat[$id]['rule_sid_on'] = $sid_on_old;
+ // add sid on registers to new on sid
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
+ write_config();
+ conf_mount_rw();
+ }
+
}
if ($_GET['saved'] == 'yes')
{
- $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect.";
+ $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect.";
-// stop_service("snort");
-// sleep(2);
-// start_service("snort");
-// $savemsg = "";
-// $stopMsg = false;
+ // stop_service("snort");
+ // sleep(2);
+ // start_service("snort");
+ // $savemsg = "";
+ // $stopMsg = false;
}
$currentruleset = basename($rulefile);
@@ -416,7 +416,8 @@ $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
@@ -426,23 +427,26 @@ echo "{$snort_general_css}\n";
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
<?php
echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
-?>
-<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?>
+?> <?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?>
</form>
<script type="text/javascript" language="javascript" src="row_toggle.js">
<script src="/javascript/sorttable.js" type="text/javascript">
-</script>
-
-<script language="javascript" type="text/javascript">
+</script> <script language="javascript" type="text/javascript">
<!--
function go()
{
@@ -457,8 +461,7 @@ function go()
location.href = destination;
}
// -->
-</script>
-<script type="text/javascript">
+</script> <script type="text/javascript">
<!--
function popup(url)
{
@@ -475,149 +478,153 @@ function popup(url)
</script>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<?php
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
-?>
-
- </td>
+ <tr>
+ <td><?php
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
+ echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
+ ?></td>
</tr>
<tr>
- <td>
- <div id="mainarea2">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="5%" class="listhdr">SID</td>
- <td width="6%" class="listhdrr">Proto</td>
- <td width="15%" class="listhdrr">Source</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="15%" class="listhdrr">Destination</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="32%" class="listhdrr">Message</td>
-
- </tr>
- <tr>
- <?php
-
- echo "<br>Category: ";
-
- //string for populating category select
- $currentruleset = basename($rulefile);
-
- ?>
- <form name="forms">
- <select name="selectbox" class="formfld" onChange="go()">
- <?php
- $i=0;
- foreach ($files as $value)
- {
- $selectedruleset = "";
- if ($files[$i] === $currentruleset)
- $selectedruleset = "selected";
- ?>
- <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
- <?php
- $i++;
-
- }
- ?>
- </select>
- </form>
- </tr>
- <?php
-
- $counter = 0;
- $printcounter = 0;
-
- foreach ( $splitcontents as $value )
- {
-
- $counter++;
- $disabled = "False";
- $comments = "False";
-
- $tempstring = $splitcontents[$counter];
- $findme = "# alert"; //find string for disabled alerts
-
- //find alert
- $disabled_pos = strstr($tempstring, $findme);
-
-
- //do soemthing, this rule is enabled
- $counter2 = 1;
-
- //retrieve sid value
- $sid = get_middle($tempstring, 'sid:', ';', 0);
-
- //check to see if the sid is numberical
- $is_sid_num = is_numeric($sid);
-
- //if SID is numerical, proceed
- if ($is_sid_num)
- {
-
- //if find alert is false, then rule is disabled
- if ($disabled_pos !== false){
- $counter2 = $counter2+1;
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
- $iconb = "icon_block_d.gif";
- }
- else
- {
- $textss = $textse = "";
- $iconb = "icon_block.gif";
- }
-
- if ($disabled_pos !== false){
- $ischecked = "";
- }else{
- $ischecked = "checked";
- }
-
- $rule_content = explode(' ', $tempstring);
-
- $protocol = $rule_content[$counter2];//protocol location
- $counter2++;
- $source = $rule_content[$counter2];//source location
- $counter2++;
- $source_port = $rule_content[$counter2];//source port location
- $counter2 = $counter2+2;
- $destination = $rule_content[$counter2];//destination location
- $counter2++;
- $destination_port = $rule_content[$counter2];//destination port location
-
- if (strstr($tempstring, 'msg: "'))
- $message = get_middle($tempstring, 'msg: "', '";', 0);
- if (strstr($tempstring, 'msg:"'))
- $message = get_middle($tempstring, 'msg:"', '";', 0);
-
- echo "<tr>
+ <td>
+ <div id="mainarea2">
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="ruletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="5%" class="listhdr">SID</td>
+ <td width="6%" class="listhdrr">Proto</td>
+ <td width="15%" class="listhdrr">Source</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="15%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="32%" class="listhdrr">Message</td>
+
+ </tr>
+ <tr>
+ <?php
+
+ echo "<br>Category: ";
+
+ //string for populating category select
+ $currentruleset = basename($rulefile);
+
+ ?>
+ <form name="forms"><select name="selectbox" class="formfld"
+ onChange="go()">
+ <?php
+ $i=0;
+ foreach ($files as $value)
+ {
+ $selectedruleset = "";
+ if ($files[$i] === $currentruleset)
+ $selectedruleset = "selected";
+ ?>
+ <option
+ value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>"
+ <?=$selectedruleset;?>><?=$files[$i];?></option>
+ "
+ <?php
+ $i++;
+
+ }
+ ?>
+ </select></form>
+ </tr>
+ <?php
+
+ $counter = 0;
+ $printcounter = 0;
+
+ foreach ( $splitcontents as $value )
+ {
+
+ $counter++;
+ $disabled = "False";
+ $comments = "False";
+
+ $tempstring = $splitcontents[$counter];
+ $findme = "# alert"; //find string for disabled alerts
+
+ //find alert
+ $disabled_pos = strstr($tempstring, $findme);
+
+
+ //do soemthing, this rule is enabled
+ $counter2 = 1;
+
+ //retrieve sid value
+ $sid = get_middle($tempstring, 'sid:', ';', 0);
+
+ //check to see if the sid is numberical
+ $is_sid_num = is_numeric($sid);
+
+ //if SID is numerical, proceed
+ if ($is_sid_num)
+ {
+
+ //if find alert is false, then rule is disabled
+ if ($disabled_pos !== false){
+ $counter2 = $counter2+1;
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_block_d.gif";
+ }
+ else
+ {
+ $textss = $textse = "";
+ $iconb = "icon_block.gif";
+ }
+
+ if ($disabled_pos !== false){
+ $ischecked = "";
+ }else{
+ $ischecked = "checked";
+ }
+
+ $rule_content = explode(' ', $tempstring);
+
+ $protocol = $rule_content[$counter2];//protocol location
+ $counter2++;
+ $source = $rule_content[$counter2];//source location
+ $counter2++;
+ $source_port = $rule_content[$counter2];//source port location
+ $counter2 = $counter2+2;
+ $destination = $rule_content[$counter2];//destination location
+ $counter2++;
+ $destination_port = $rule_content[$counter2];//destination port location
+
+ if (strstr($tempstring, 'msg: "'))
+ $message = get_middle($tempstring, 'msg: "', '";', 0);
+ if (strstr($tempstring, 'msg:"'))
+ $message = get_middle($tempstring, 'msg:"', '";', 0);
+
+ echo "<tr>
<td class=\"listt\">
$textss\n";
?>
- <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a>
- <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
- <!-- TODO: add checkbox and save so that that disabling is nicer -->
- <?php
- echo "$textse
+ <a
+ href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>"
+ width="10" height="10" border="0"
+ title="click to toggle enabled/disabled status"></a>
+ <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> -->
+ <!-- TODO: add checkbox and save so that that disabling is nicer -->
+ <?php
+ echo "$textse
</td>
<td class=\"listlr\">
$textss
@@ -627,8 +634,8 @@ echo '</div>' . "\n";
<td class=\"listlr\">
$textss
$protocol";
- ?>
- <?php
+ ?>
+ <?php
$printcounter++;
echo "$textse
</td>
@@ -653,67 +660,78 @@ echo '</div>' . "\n";
$textse
</td>";
?>
- <td class="listbg"><font color="white">
- <?php
- echo "$textss
- $message
- $textse
+ <td class="listbg"><font color="white"> <?php
+ echo "$textss
+ $message
+ $textse
</td>";
- ?>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="javascript: void(0)"onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
- <!-- Codes by Quackit.com -->
- </tr>
- </table>
- </td>
- <?php
- }
- }
- echo " There are $printcounter rules in this category. <br><br>";
- ?>
- </table>
- </td>
- </tr>
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
- <td>Rule Enabled</td>
- </tr>
- <tr>
- <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
- <td nowrap>Rule Disabled</td>
- </tr>
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <!-- TODO: add save and cancel for checkbox options -->
- <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
- </tr>
- </table>
- <tr>
- <td colspan="10">
- <p>
- <!--<strong><span class="red">Warning:<br>
+ ?>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="javascript: void(0)"
+ onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ title="edit rule" width="17" height="17" border="0"></a></td>
+ <!-- Codes by Quackit.com -->
+ </tr>
+ </table>
+ </td>
+ <?php
+ }
+ }
+ echo " There are $printcounter rules in this category. <br><br>";
+ ?>
+
+ </table>
+ </td>
+ </tr>
+ <table class="tabcont" width="100%" border="0" cellspacing="0"
+ cellpadding="0">
+ <tr>
+ <td width="16"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="11" height="11"></td>
+ <td>Rule Enabled</td>
+ </tr>
+ <tr>
+ <td><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif"
+ width="11" height="11"></td>
+ <td nowrap>Rule Disabled</td>
+ </tr>
+ <table class="tabcont" width="100%" border="0" cellspacing="0"
+ cellpadding="0">
+ <tr>
+ <!-- TODO: add save and cancel for checkbox options -->
+ <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
+ </tr>
+ </table>
+ <tr>
+ <td colspan="10">
+ <p><!--<strong><span class="red">Warning:<br>
</span></strong>Editing these r</p>-->
- </td>
- </tr>
- </table>
- </table>
- </td>
- </tr>
-
+
+ </td>
+ </tr>
+ </table>
+ </table>
+
+ </td>
+ </tr>
+
</table>
</div>
-<?php
+ <?php
-include("fend.inc");
+ include("fend.inc");
-echo $snort_custom_rnd_box;
+ echo $snort_custom_rnd_box;
-?>
+ ?>
-</div></body>
+</div>
+</body>
</html>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index f111536f..09e39e7a 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -1,40 +1,40 @@
<?php
/*
- system_edit.php
- Copyright (C) 2004, 2005 Scott Ullrich
- All rights reserved.
-
- Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
- Copyright (C) 2006-2009 Volker Theile
-
- Adapted for Pfsense Snort package by Robert Zelaya
- Copyright (C) 2008-2009 Robert Zelaya
-
- Using dp.SyntaxHighlighter for syntax highlighting
- http://www.dreamprojections.com/SyntaxHighlighter
- Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ system_edit.php
+ Copyright (C) 2004, 2005 Scott Ullrich
+ All rights reserved.
+
+ Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
+ Copyright (C) 2006-2009 Volker Theile
+
+ Adapted for Pfsense Snort package by Robert Zelaya
+ Copyright (C) 2008-2009 Robert Zelaya
+
+ Using dp.SyntaxHighlighter for syntax highlighting
+ http://www.dreamprojections.com/SyntaxHighlighter
+ Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
@@ -49,12 +49,12 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
-
+$id = $_POST['id'];
+
$ids = $_GET['ids'];
if (isset($_POST['ids']))
- $ids = $_POST['ids'];
-
+$ids = $_POST['ids'];
+
if (isset($id) && $a_nat[$id]) {
@@ -96,20 +96,20 @@ $tempstring = $splitcontents[$lineid];
function write_rule_file($content_changed, $received_file)
{
- //read snort file with writing enabled
- $filehandle = fopen($received_file, "w");
+ //read snort file with writing enabled
+ $filehandle = fopen($received_file, "w");
- //delimiter for each new rule is a new line
- $delimiter = "\n";
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
- //implode the array back into a string for writing purposes
- $fullfile = implode($delimiter, $content_changed);
+ //implode the array back into a string for writing purposes
+ $fullfile = implode($delimiter, $content_changed);
- //write data to file
- fwrite($filehandle, $fullfile);
+ //write data to file
+ fwrite($filehandle, $fullfile);
- //close file handle
- fclose($filehandle);
+ //close file handle
+ fclose($filehandle);
}
@@ -117,7 +117,7 @@ function write_rule_file($content_changed, $received_file)
if($_POST['highlight'] <> "") {
if($_POST['highlight'] == "yes" or
- $_POST['highlight'] == "enabled") {
+ $_POST['highlight'] == "enabled") {
$highlight = "yes";
} else {
$highlight = "no";
@@ -127,30 +127,30 @@ if($_POST['highlight'] <> "") {
}
if($_POST['rows'] <> "")
- $rows = $_POST['rows'];
+$rows = $_POST['rows'];
else
- $rows = 1;
+$rows = 1;
if($_POST['cols'] <> "")
- $cols = $_POST['cols'];
+$cols = $_POST['cols'];
else
- $cols = 66;
+$cols = 66;
if ($_POST)
{
if ($_POST['save']) {
-
+
/* get the changes */
- $rule_content2 = $_POST['code'];
-
+ $rule_content2 = $_POST['code'];
+
//copy string into file array for writing
- $splitcontents[$lineid] = $rule_content2;
-
- //write the new .rules file
- write_rule_file($splitcontents, $file);
-
- header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids");
-
+ $splitcontents[$lineid] = $rule_content2;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $file);
+
+ header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids");
+
}
}
@@ -165,13 +165,12 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
- <form action="snort_view_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post">
- <?php if ($savemsg) print_info_box($savemsg);?>
-
- <?php
- if ($file != '/usr/local/etc/snort/snort_update.log')
- {
-
+ <form
+ action="snort_view_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>"
+ method="post"><?php if ($savemsg) print_info_box($savemsg);?> <?php
+ if ($file != '/usr/local/etc/snort/snort_update.log')
+ {
+
echo '
<table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
<tr>
@@ -179,9 +178,9 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
<input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
<hr noshade="noshade" />
' . "\n";
-
- echo 'Disable original rule :';
-
+
+ echo 'Disable original rule :';
+
echo ' <input id="highlighting_enabled" name="highlight2" type="radio" value="yes"'; if($highlight == "yes") echo " checked=\"checked\""; echo '/>
<label for="highlighting_enabled">'; gettext("Enabled"); echo '</label>
@@ -201,28 +200,29 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
</td>
</tr>
</table>';
-
- }
- ?>
-
- <table width='100%'>
- <tr>
- <td valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem">
- <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea <? if ($file != '/usr/local/etc/snort/snort_update.log') { echo 'disabled'; } ?> wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- <?php // include("formend.inc");?>
- </form>
- <? echo "$file\n"; ?>
- </td>
+
+ }
+ ?>
+
+ <table width='100%'>
+ <tr>
+ <td valign="top" class="label">
+ <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea
+ <? if ($file != '/usr/local/etc/snort/snort_update.log') { echo 'disabled'; } ?>
+ wrap="off" style="width: 98%; margin: 7px;"
+ class="<?php echo $language; ?>:showcolumns" rows="33"
+ cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea>
+ </div>
+ </td>
+ </tr>
+ </table>
+ <?php // include("formend.inc");?></form>
+ <? echo "$file\n"; ?></td>
</tr>
</table>
-<?php //include("fend.inc");?>
+ <?php //include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index e7838c9f..42dc27e6 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -1,32 +1,32 @@
<?php
/* $Id$ */
/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- Copyright (C) 2009 Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_rulesets.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -42,8 +42,8 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
-
+$id = $_POST['id'];
+
if (isset($id) && $a_nat[$id]) {
@@ -66,34 +66,34 @@ $pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
-include("/usr/local/pkg/snort/snort_head.inc");
-include("fbegin.inc");
+ include("/usr/local/pkg/snort/snort_head.inc");
+ include("fbegin.inc");
-echo "<p class=\"pgtitle\">";
-if($pfsense_stable == 'yes'){echo $pgtitle;}
-echo "</p>\n";
+ echo "<p class=\"pgtitle\">";
+ if($pfsense_stable == 'yes'){echo $pgtitle;}
+ echo "</p>\n";
-echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+ echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-echo "
+ echo "
<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
<tr>\n
<td>\n";
-
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
+
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-echo "</td>\n
+ echo "</td>\n
</tr>\n
<tr>\n
<td>\n
@@ -114,74 +114,75 @@ echo "</td>\n
\n
<p>\n\n";
-echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
-include("fend.inc");
+ echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
+ include("fend.inc");
-echo "</body>";
-echo "</html>";
+ echo "</body>";
+ echo "</html>";
-exit(0);
+ exit(0);
}
- /* alert file */
+/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists($d_snortconfdirty_path)) {
- write_config();
+ write_config();
- sync_snort_package_all($id, $if_real, $iface_uuid);
- sync_snort_package();
+ sync_snort_package_all($id, $if_real, $iface_uuid);
+ sync_snort_package();
- unlink($d_snortconfdirty_path);
+ unlink($d_snortconfdirty_path);
- }
-
}
- if ($_POST["Submit"]) {
+}
+
+if ($_POST["Submit"]) {
$enabled_items = "";
$isfirst = true;
if (is_array($_POST['toenable'])) {
- foreach($_POST['toenable'] as $toenable) {
- if(!$isfirst)
+ foreach($_POST['toenable'] as $toenable) {
+ if(!$isfirst)
$enabled_items .= "||";
- $enabled_items .= "{$toenable}";
- $isfirst = false;
- }
+ $enabled_items .= "{$toenable}";
+ $isfirst = false;
+ }
}else{
- $enabled_items = $_POST['toenable'];
+ $enabled_items = $_POST['toenable'];
}
$a_nat[$id]['rulesets'] = $enabled_items;
-
+
write_config();
-
+
touch($d_snortconfdirty_path);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- sleep(2);
- sync_snort_package_all($id, $if_real, $iface_uuid);
- header("Location: /snort/snort_rulesets.php?id=$id");
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ sync_snort_package_all($id, $if_real, $iface_uuid);
+ header("Location: /snort/snort_rulesets.php?id=$id");
}
$enabled_rulesets = $a_nat[$id]['rulesets'];
if($enabled_rulesets)
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#000000" vlink="#000000" alink="#000000">
+<body
+ link="#000000" vlink="#000000" alink="#000000">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
@@ -191,120 +192,130 @@ echo "{$snort_general_css}\n";
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
<?php
echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">";
-?>
-
-<?php
+?> <?php
- /* Display message */
+/* Display message */
- if ($input_errors) {
+if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
- }
+}
- if ($savemsg) {
+if ($savemsg) {
print_info_box2($savemsg);
- }
+}
- if (file_exists($d_snortconfdirty_path)) {
+if (file_exists($d_snortconfdirty_path)) {
echo '<p>';
- if($savemsg) {
- print_info_box_np2("{$savemsg}");
- }else{
- print_info_box_np2('
+ if($savemsg) {
+ print_info_box_np2("{$savemsg}");
+ }else{
+ print_info_box_np2('
The Snort configuration has changed and snort needs to be restarted on this interface.<br>
You must apply the changes in order for them to take effect.<br>
');
- }
}
+}
?>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<?php
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
-?>
-
- </td>
+ <tr>
+ <td><?php
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
+ echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
+ ?></td>
</tr>
- <tr>
+ <tr>
<td>
<div id="mainarea2">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Enabled</td>
- <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td>
- <!-- <td class="listhdrr">Description</td> -->
- </tr>
-<?php
- $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
- $dh = opendir($dir);
- while (false !== ($filename = readdir($dh))) {
- $files[] = $filename;
- }
- sort($files);
- foreach($files as $file) {
- if(!stristr($file, ".rules"))
- continue;
- echo "<tr>\n";
- echo "<td align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array))
- if(in_array($file, $enabled_rulesets_array)) {
- $CHECKED = " checked=\"checked\"";
- } else {
- $CHECKED = "";
- }
- else
- $CHECKED = "";
- echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
- echo "</td>\n";
- echo "<td>\n";
- echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
- echo "</td>\n</tr>\n\n";
- //echo "<td>";
- //echo "description";
- //echo "</td>";
- }
-
-?>
- </table>
- </td>
- </tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr>
- </table>
+ <table id="maintable" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td>
+ <!-- <td class="listhdrr">Description</td> -->
+ </tr>
+ <?php
+ $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh))) {
+ $files[] = $filename;
+ }
+ sort($files);
+ foreach($files as $file) {
+ if(!stristr($file, ".rules"))
+ continue;
+ echo "<tr>\n";
+ echo "<td align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array))
+ if(in_array($file, $enabled_rulesets_array)) {
+ $CHECKED = " checked=\"checked\"";
+ } else {
+ $CHECKED = "";
+ }
+ else
+ $CHECKED = "";
+ echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td>\n";
+ echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n</tr>\n\n";
+ //echo "<td>";
+ //echo "description";
+ //echo "</td>";
+ }
+
+ ?>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td>Check the rulesets that you would like Snort to load at startup.</td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td><input value="Save" type="submit" name="Submit" id="Submit" /></td>
+ </tr>
+ </table>
</div>
- </td>
- </tr>
+ </td>
+ </tr>
</table>
</form>
@@ -313,20 +324,20 @@ echo '</div>' . "\n";
</div>
-<?php
+ <?php
-include("fend.inc");
+ include("fend.inc");
-echo $snort_custom_rnd_box;
+ echo $snort_custom_rnd_box;
-?>
+ ?>
</body>
</html>
-<?php
+ <?php
- function get_snort_rule_file_description($filename) {
+ function get_snort_rule_file_description($filename) {
$filetext = file_get_contents($filename);
}