aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/snort/snort.inc160
-rwxr-xr-xconfig/snort/snort.xml2
-rwxr-xr-xconfig/snort/snort_alerts.php37
-rw-r--r--config/snort/snort_blocked.php27
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php143
-rwxr-xr-xconfig/snort/snort_define_servers.php17
-rwxr-xr-xconfig/snort/snort_download_updates.php26
-rw-r--r--config/snort/snort_interfaces_global.php98
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php5
-rwxr-xr-xconfig/snort/snort_preprocessors.php6
-rwxr-xr-xconfig/snort/snort_rules.php36
-rwxr-xr-xconfig/snort/snort_rules_edit.php28
-rw-r--r--config/snort/snort_rules_flowbits.php34
-rwxr-xr-xconfig/snort/snort_rulesets.php25
-rw-r--r--config/widget-snort/snort_alerts.widget.php3
-rw-r--r--config/widget-snort/widget-snort.inc5
-rw-r--r--config/widget-snort/widget-snort.xml2
-rw-r--r--pkg_config.8.xml10
-rw-r--r--pkg_config.8.xml.amd6410
19 files changed, 420 insertions, 254 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index d69f6237..98b80d66 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -47,7 +47,7 @@ global $rebuild_rules;
/* package version */
$snort_version = "2.9.4.6";
-$pfSense_snort_version = "2.6.0";
+$pfSense_snort_version = "2.6.1";
$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
// Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI)
@@ -67,12 +67,9 @@ else {
/* Define some useful constants for Snort */
define("SNORTLOGDIR", "/var/log/snort");
-define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz");
-define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
-define("ET_VERSION", "2.9.0");
define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
-define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
define("FLOWBITS_FILENAME", "flowbit-required.rules");
define("ENFORCING_RULES_FILENAME", "snort.rules");
define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
@@ -83,81 +80,6 @@ $rebuild_rules = false;
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
-function snort_get_alias_value($alias) {
- /***************************************************/
- /* This function returns the value of the passed */
- /* Alias, or an empty string if the value cannot */
- /* be determined. */
- /* */
- /* On Entry: $alias ==> Alias to be evaluated */
- /* Returns: Alias value as a string or an empty */
- /* string */
- /***************************************************/
-
- global $config;
-
- $entries = array();
- $tmp = "";
-
- // If no Aliases are defined in the configuration,
- // return an empty string.
- if (empty($config['aliases']))
- return $tmp;
-
- // See if we were passed a valid Alias and return
- // an empty string if not.
- if (!is_alias($alias))
- return $tmp;
-
- // We have a valid Alias, so find its value or
- // values and return as a string.
- return snort_unpack_alias($alias);
-}
-
-function snort_unpack_alias($alias) {
-
- /**************************************************/
- /* This function unpacks an Alias to determine */
- /* the actual values it represents. Any nested */
- /* Aliases encountered are also unpacked via */
- /* recursive calls to this function. */
- /* */
- /* Fully-qualified-domain-name (FQDN) aliases */
- /* are detected and resolved via a pfctl() call. */
- /**************************************************/
-
- global $config;
- $value = "";
-
- // Find the matching Alias entry in config
- foreach ($config['aliases']['alias'] as $aliased) {
- if($aliased['name'] == $alias) {
- $addr = array();
- $addr = explode(" ", trim($aliased['address']));
- foreach ($addr as $a) {
- if (!is_alias($a) && !empty($a)) {
- if (is_ipaddr($a) || is_subnet($a) || is_port($a))
- // If address, subnet or port, we found the final value
- $value .= $a . " ";
- elseif (is_hostname($a)) {
- // Found a FQDN value for this Alias, so resolve it
- $entries = array();
- exec("/sbin/pfctl -t " . escapeshellarg($alias) . " -T show", $entries);
- $value .= trim(implode(" ", $entries));
- }
- else
- continue;
- }
- elseif (is_alias($a))
- // Found a nested Alias, so recursively resolve it
- $value .= snort_unpack_alias($a) . " ";
- }
- return trim($value);
- }
- }
- return $value;
-}
-
function snort_is_single_addr_alias($alias) {
/***************************************************/
/* This function evaluates the passed Alias to */
@@ -172,12 +94,50 @@ function snort_is_single_addr_alias($alias) {
/***************************************************/
/* If spaces in expanded Alias, it's not a single entity */
- if (strpos(snort_get_alias_value($alias), " ") !== false)
+ if (strpos(trim(filter_expand_alias($alias)), " ") !== false)
return false;
else
return true;
}
+function snort_expand_port_range($ports) {
+ /**************************************************/
+ /* This function examines the passed ports string */
+ /* and expands any embedded port ranges into the */
+ /* individual ports separated by commas. A port */
+ /* range is indicated by a colon in the string. */
+ /* */
+ /* On Entry: $ports ==> string to be evaluated */
+ /* with commas separating */
+ /* the port values. */
+ /* Returns: string with any encountered port */
+ /* ranges expanded. */
+ /**************************************************/
+
+ $value = "";
+
+ // Split the incoming string on the commas
+ $tmp = explode(",", $ports);
+
+ // Look for any included port range and expand it
+ foreach ($tmp as $val) {
+ if (is_portrange($val)) {
+ $start = strtok($val, ":");
+ $end = strtok(":");
+ if ($end !== false) {
+ $val = $start . ",";
+ for ($i = intval($start) + 1; $i < intval($end); $i++)
+ $val .= strval($i) . ",";
+ $val .= $end;
+ }
+ }
+ $value .= $val . ",";
+ }
+
+ // Remove any trailing comma in return value
+ return trim($value, ",");
+}
+
function snort_get_blocked_ips() {
$blocked_ips = "";
exec('/sbin/pfctl -t snort2c -T show', $blocked_ips);
@@ -359,7 +319,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
$vips = $list['vips'];
$vpns = $list['vpnips'];
if (!empty($list['address']) && is_alias($list['address'])) {
- $home_net = explode(" ", trim(snort_get_alias_value($list['address'])));
+ $home_net = explode(" ", trim(filter_expand_alias($list['address'])));
}
}
@@ -2701,7 +2661,7 @@ function snort_generate_conf($snortcfg) {
$portvardef = "";
foreach ($snort_ports as $alias => $avalue) {
if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"]))
- $snort_ports[$alias] = snort_get_alias_value($snortcfg["def_{$alias}"]);
+ $snort_ports[$alias] = trim(filter_expand_alias($snortcfg["def_{$alias}"]));
$snort_ports[$alias] = preg_replace('/\s+/', ',', trim($snort_ports[$alias]));
$portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n";
}
@@ -2749,7 +2709,7 @@ EOD;
$http_inspect_server_opts .= " \\\n\tlog_hostname";
}
- $http_ports = str_replace(",", " ", $snort_ports['http_ports']);
+ $http_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['http_ports']));
/* def http_inspect */
$http_inspect = <<<EOD
@@ -2766,8 +2726,8 @@ preprocessor http_inspect_server: server default profile {$http_server_profile}
EOD;
/* def ftp_preprocessor */
- $telnet_ports = str_replace(",", " ", $snort_ports['telnet_ports']);
- $ftp_ports = str_replace(",", " ", $snort_ports['ftp_ports']);
+ $telnet_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['telnet_ports']));
+ $ftp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ftp_ports']));
$ftp_preprocessor = <<<EOD
# ftp_telnet preprocessor #
preprocessor ftp_telnet: global \
@@ -2818,7 +2778,7 @@ preprocessor ftp_telnet_protocol: ftp client default \
EOD;
- $pop_ports = str_replace(",", " ", $snort_ports['pop3_ports']);
+ $pop_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['pop3_ports']));
$pop_preproc = <<<EOD
# POP preprocessor #
preprocessor pop: \
@@ -2830,7 +2790,7 @@ preprocessor pop: \
EOD;
- $imap_ports = str_replace(",", " ", $snort_ports['imap_ports']);
+ $imap_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['imap_ports']));
$imap_preproc = <<<EOD
# IMAP preprocessor #
preprocessor imap: \
@@ -2842,7 +2802,7 @@ preprocessor imap: \
EOD;
- $smtp_ports = str_replace(",", " ", $snort_ports['mail_ports']);
+ $smtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['mail_ports']));
/* def smtp_preprocessor */
$smtp_preprocessor = <<<EOD
# SMTP preprocessor #
@@ -2894,7 +2854,7 @@ EOD;
$sf_pscan_sense_level = $snortcfg['pscan_sense_level'];
$sf_pscan_ignore_scanners = "\$HOME_NET";
if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) {
- $sf_pscan_ignore_scanners = snort_get_alias_value($snortcfg['pscan_ignore_scanners']);
+ $sf_pscan_ignore_scanners = trim(filter_expand_alias($snortcfg['pscan_ignore_scanners']));
$sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners));
}
@@ -2909,7 +2869,7 @@ preprocessor sfportscan: scan_type { {$sf_pscan_type} } \
EOD;
/* def ssh_preproc */
- $ssh_ports = str_replace(",", " ", $snort_ports['ssh_ports']);
+ $ssh_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssh_ports']));
$ssh_preproc = <<<EOD
# SSH preprocessor #
preprocessor ssh: server_ports { {$ssh_ports} } \
@@ -2923,7 +2883,7 @@ preprocessor ssh: server_ports { {$ssh_ports} } \
EOD;
/* def other_preprocs */
- $sun_rpc_ports = str_replace(",", " ", $snort_ports['sun_rpc_ports']);
+ $sun_rpc_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sun_rpc_ports']));
$other_preprocs = <<<EOD
# Other preprocs #
preprocessor rpc_decode: {$sun_rpc_ports} no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
@@ -2944,7 +2904,7 @@ preprocessor dcerpc2_server: default, policy WinXP, \
EOD;
- $sip_ports = str_replace(",", " ", $snort_ports['sip_ports']);
+ $sip_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sip_ports']));
$sip_preproc = <<<EOD
# SIP preprocessor #
preprocessor sip: max_sessions 40000, \
@@ -2982,7 +2942,7 @@ preprocessor sip: max_sessions 40000, \
EOD;
- $dns_ports = str_replace(",", " ", $snort_ports['dns_ports']);
+ $dns_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['dns_ports']));
/* def dns_preprocessor */
$dns_preprocessor = <<<EOD
# DNS preprocessor #
@@ -2993,7 +2953,7 @@ preprocessor dns: \
EOD;
/* def dnp3_preprocessor */
- $dnp3_ports = str_replace(",", " ", $snort_ports['DNP3_PORTS']);
+ $dnp3_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['DNP3_PORTS']));
$dnp3_preproc = <<<EOD
# DNP3 preprocessor #
preprocessor dnp3: \
@@ -3004,7 +2964,7 @@ preprocessor dnp3: \
EOD;
/* def modbus_preprocessor */
- $modbus_ports = str_replace(",", " ", $snort_ports['MODBUS_PORTS']);
+ $modbus_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['MODBUS_PORTS']));
$modbus_preproc = <<<EOD
# Modbus preprocessor #
preprocessor modbus: \
@@ -3013,7 +2973,7 @@ preprocessor modbus: \
EOD;
/* def gtp_preprocessor */
- $gtp_ports = str_replace(",", " ", $snort_ports['GTP_PORTS']);
+ $gtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['GTP_PORTS']));
$gtp_preproc = <<<EOD
# GTP preprocessor #
preprocessor gtp: ports { {$gtp_ports} }
@@ -3021,7 +2981,7 @@ preprocessor gtp: ports { {$gtp_ports} }
EOD;
/* def ssl_preprocessor */
- $ssl_ports = str_replace(",", " ", $snort_ports['ssl_ports']);
+ $ssl_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssl_ports']));
$ssl_preproc = <<<EOD
# SSL preprocessor #
preprocessor ssl: \
@@ -3058,8 +3018,8 @@ EOD;
$vardef = "";
foreach ($snort_servers as $alias => $avalue) {
if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) {
- $avalue = snort_get_alias_value($snortcfg["def_{$alias}"]);
- $avalue = str_replace(" ", ",", trim($avalue));
+ $avalue = trim(filter_expand_alias($snortcfg["def_{$alias}"]));
+ $avalue = preg_replace('/\s+/', ',', trim($avalue));
}
$vardef .= "var " . strtoupper($alias) . " [{$avalue}]\n";
}
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 3d4c8016..49bec61c 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.4.6</version>
- <title>Services:2.9.4.6 pkg v. 2.6.0</title>
+ <title>Services:2.9.4.6 pkg v. 2.6.1</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 0295ed2f..728de751 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -171,7 +171,7 @@ if ($_POST['todelete'] || $_GET['todelete']) {
$ip = $_GET['todelete'];
if (is_ipaddr($ip)) {
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
- $savemsg = "Host IP address {$ip} has been removed from the Blocked Table.";
+ $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
}
}
@@ -183,7 +183,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
/* Add the new entry to the Suppress List */
if (snort_add_supplist_entry($suppress))
- $savemsg = "An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.";
+ $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
else
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
@@ -208,7 +208,7 @@ if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip")
/* Add the new entry to the Suppress List */
if (snort_add_supplist_entry($suppress))
- $savemsg = "An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.";
+ $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
else
/* We did not find the defined list, so notify the user with an error */
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
@@ -221,8 +221,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($fd)
fclose($fd);
conf_mount_ro();
- /* XXX: This is needed is snort is run as snort user */
- //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
+ /* XXX: This is needed if snort is run as snort user */
mwexec('/bin/chmod 660 /var/log/snort/*', true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
@@ -233,22 +232,28 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($_POST['download']) {
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/snort_{$if_real}{$snort_uuid}");
+ exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
if (file_exists("/tmp/{$file_name}")) {
- $file = "/tmp/snort_logs_{$save_date}.tar.gz";
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
- header("Content-length: ".filesize($file));
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-length: " . filesize("/tmp/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
- readfile("$file");
+ ob_end_clean(); //important or other post will fail
+ readfile("/tmp/{$file_name}");
+
+ // Clean up the temp file
@unlink("/tmp/{$file_name}");
}
- header("Location: /snort/snort_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $savemsg = gettext("An error occurred while creating archive");
}
/* Load up an array with the current Suppression List GID,SID values */
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index a81b03d7..983e8905 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -67,7 +67,6 @@ if ($_POST['download'])
exec('/sbin/pfctl -t snort2c -T show', $blocked_ips_array_save);
/* build the list */
if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) {
- ob_start(); //important or other posts will fail
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_blocked_{$save_date}.tar.gz";
exec('/bin/mkdir -p /tmp/snort_blocked');
@@ -79,24 +78,32 @@ if ($_POST['download'])
file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND);
}
- exec("/usr/bin/tar cf /tmp/{$file_name} /tmp/snort_blocked");
+ // Create a tar gzip archive of blocked host IP addresses
+ exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/snort_blocked snort_block.pf");
+ // If we successfully created the archive, send it to the browser.
if(file_exists("/tmp/{$file_name}")) {
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
- header("Pragma: private"); // needed for IE
- header("Cache-Control: private, must-revalidate"); // needed for IE
- header('Content-type: application/force-download');
- header('Content-Transfer-Encoding: Binary');
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
header("Content-length: " . filesize("/tmp/{$file_name}"));
header("Content-disposition: attachment; filename = {$file_name}");
+ ob_end_clean(); //important or other post will fail
readfile("/tmp/{$file_name}");
- ob_end_clean(); //importanr or other post will fail
+
+ // Clean up the temp files and directory
@unlink("/tmp/{$file_name}");
exec("/bin/rm -fr /tmp/snort_blocked");
} else
- $savemsg = "An error occurred while creating archive";
+ $savemsg = gettext("An error occurred while creating archive");
} else
- $savemsg = "No content on snort block list";
+ $savemsg = gettext("No content on snort block list");
}
if ($_POST['save'])
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 30da4b74..e7263330 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -35,29 +35,25 @@ require_once "/usr/local/pkg/snort/snort.inc";
global $g, $pkg_interface, $snort_gui_include, $rebuild_rules;
-
-if (!defined("VRT_DNLD_FILENAME"))
- define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz");
if (!defined("VRT_DNLD_URL"))
define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
if (!defined("ET_VERSION"))
define("ET_VERSION", "2.9.0");
if (!defined("ET_BASE_DNLD_URL"))
define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/");
+if (!defined("ETPRO_BASE_DNLD_URL"))
+ define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/");
if (!defined("ET_DNLD_FILENAME"))
define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+if (!defined("ETPRO_DNLD_FILENAME"))
+ define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
if (!defined("GPLV2_DNLD_FILENAME"))
define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
if (!defined("GPLV2_DNLD_URL"))
define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
-if (!defined("FLOWBITS_FILENAME"))
- define("FLOWBITS_FILENAME", "flowbit-required.rules");
-if (!defined("ENFORCING_RULES_FILENAME"))
- define("ENFORCING_RULES_FILENAME", "snort.rules");
if (!defined("RULES_UPD_LOGFILE"))
define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
-
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
@@ -72,8 +68,10 @@ else
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$etproid = $config['installedpackages']['snortglobal']['etpro_code'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
$et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
@@ -81,19 +79,39 @@ $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
/* Working directory for downloaded rules tarballs */
$tmpfname = "{$snortdir}/tmp/snort_rules_up";
-/* Snort VRT rules filenames and URL */
-$snort_filename = VRT_DNLD_FILENAME;
-$snort_filename_md5 = VRT_DNLD_FILENAME . ".md5";
+/* Grab the Snort binary version programmatically and use it to construct */
+/* the proper Snort VRT rules tarball and md5 filenames. */
+exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+// Save the version with decimal delimiters for use in extracting the rules
+$snort_version = $snortver[0];
+// Create a collapsed version string for use in the tarball filename
+$snortver[0] = str_replace(".", "", $snortver[0]);
+$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+$snort_filename_md5 = "{$snort_filename}.md5";
$snort_rule_url = VRT_DNLD_URL;
-/* Emerging Threats rules filenames and URL */
-$emergingthreats_filename = ET_DNLD_FILENAME;
-$emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
-$emerging_threats_version = ET_VERSION;
-$emergingthreats_url = ET_BASE_DNLD_URL;
-// If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
-$emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
-$emergingthreats_url .= "snort-" . ET_VERSION . "/";
+/* Set up Emerging Threats rules filenames and URL */
+if ($etpro == "on") {
+ $emergingthreats_filename = ETPRO_DNLD_FILENAME;
+ $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5";
+ $emergingthreats_url = ETPRO_BASE_DNLD_URL;
+ $emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/";
+ $emergingthreats = "on";
+ $et_name = "Emerging Threats Pro";
+ $et_md5_remove = ET_DNLD_FILENAME . ".md5";
+ @unlink("{$snortdir}/{$et_md5_remove}");
+}
+else {
+ $emergingthreats_filename = ET_DNLD_FILENAME;
+ $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
+ $emergingthreats_url = ET_BASE_DNLD_URL;
+ // If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
+ $emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
+ $emergingthreats_url .= "snort-" . ET_VERSION . "/";
+ $et_name = "Emerging Threats Open";
+ $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5";
+ @unlink("{$snortdir}/{$et_md5_remove}");
+}
/* Snort GPLv2 Community Rules filenames and URL */
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
@@ -112,7 +130,13 @@ function snort_download_file_url($url, $file_out) {
/* It provides logging of returned CURL errors. */
/************************************************/
- global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded;
+ global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update;
+
+ // Initialize required variables for pfSense "read_body()" function
+ $file_size = 1;
+ $downloaded = 1;
+ $first_progress_update = TRUE;
+
/* Array of message strings for HTTP Response Codes */
$http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content",
@@ -418,34 +442,34 @@ if ($snortcommunityrules == 'on') {
/* download md5 sig from emergingthreats.net */
if ($emergingthreats == 'on') {
if ($pkg_interface <> "console")
- update_status(gettext("Downloading EmergingThreats md5 file..."));
- error_log(gettext("\tDownloading EmergingThreats md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("Downloading {$et_name} md5 file..."));
+ error_log(gettext("\tDownloading {$et_name} md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log);
$rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}");
if ($rc === true) {
if ($pkg_interface <> "console")
- update_status(gettext("Done downloading EmergingThreats md5 file {$emergingthreats_filename_md5}"));
- error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("Done downloading {$et_name} md5 file {$emergingthreats_filename_md5}"));
+ error_log(gettext("\tChecking {$et_name} md5.\n"), 3, $snort_rules_upd_log);
if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") {
/* Check if were up to date emergingthreats.net */
$emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
$emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
if ($emerg_md5_check_new == $emerg_md5_check_old) {
if ($pkg_interface <> "console")
- update_status(gettext("Emerging Threats rules are up to date..."));
- log_error(gettext("[Snort] Emerging Threat rules are up to date..."));
- error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("{$et_name} rules are up to date..."));
+ log_error(gettext("[Snort] {$et_name} rules are up to date..."));
+ error_log(gettext("\t{$et_name} rules are up to date.\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
}
}
else {
if ($pkg_interface <> "console")
- update_output_window(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated."));
- log_error(gettext("[Snort] EmergingThreats md5 file download failed. Server returned error code '{$rc}'."));
- error_log(gettext("\tEmergingThreats md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log);
+ update_output_window(gettext("{$et_name} md5 file download failed. {$et_name} rules will not be updated."));
+ log_error(gettext("[Snort] {$et_name} md5 file download failed. Server returned error code '{$rc}'."));
+ error_log(gettext("\t{$et_name} md5 file download failed. Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log);
if ($pkg_interface == "console")
error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
- error_log(gettext("\tEmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\t{$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
}
@@ -453,9 +477,9 @@ if ($emergingthreats == 'on') {
/* download emergingthreats rules file */
if ($emergingthreats == "on") {
if ($pkg_interface <> "console")
- update_status(gettext("There is a new set of EmergingThreats rules posted. Downloading {$emergingthreats_filename}..."));
- log_error(gettext("[Snort] There is a new set of EmergingThreats rules posted. Downloading..."));
- error_log(gettext("\tThere is a new set of EmergingThreats rules posted.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext("There is a new set of {$et_name} rules posted. Downloading {$emergingthreats_filename}..."));
+ log_error(gettext("[Snort] There is a new set of {$et_name} rules posted. Downloading..."));
+ error_log(gettext("\tThere is a new set of {$et_name} rules posted.\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tDownloading file '{$emergingthreats_filename}'...\n"), 3, $snort_rules_upd_log);
$rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}");
@@ -463,29 +487,29 @@ if ($emergingthreats == "on") {
if ($rc === true) {
if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){
if ($pkg_interface <> "console")
- update_output_window(gettext("EmergingThreats rules file MD5 checksum failed..."));
- log_error(gettext("[Snort] EmergingThreats rules file download failed. Bad MD5 checksum..."));
+ update_output_window(gettext("{$et_name} rules file MD5 checksum failed..."));
+ log_error(gettext("[Snort] {$et_name} rules file download failed. Bad MD5 checksum..."));
log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}")));
log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")));
- error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\t{$et_name} rules file download failed. {$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
}
else {
if ($pkg_interface <> "console")
- update_status(gettext('Done downloading EmergingThreats rules file.'));
- log_error("[Snort] EmergingThreats rules file update downloaded successfully");
- error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log);
+ update_status(gettext('Done downloading {$et_name} rules file.'));
+ log_error("[Snort] {$et_name} rules file update downloaded successfully");
+ error_log(gettext("\tDone downloading {$et_name} rules file.\n"), 3, $snort_rules_upd_log);
}
}
else {
if ($pkg_interface <> "console") {
- update_status(gettext("The server returned error code {$rc} ... skipping EmergingThreats update..."));
- update_output_window(gettext("EmergingThreats rules file download failed..."));
+ update_status(gettext("The server returned error code {$rc} ... skipping {$et_name} update..."));
+ update_output_window(gettext("{$et_name} rules file download failed..."));
}
- log_error(gettext("[Snort] EmergingThreats rules file download failed. Server returned error '{$rc}'..."));
- error_log(gettext("\tEmergingThreats rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
+ log_error(gettext("[Snort] {$et_name} rules file download failed. Server returned error '{$rc}'..."));
+ error_log(gettext("\t{$et_name} rules file download failed. Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
if ($pkg_interface == "console")
error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
$emergingthreats = 'off';
@@ -497,22 +521,34 @@ if ($emergingthreats == 'on') {
safe_mkdir("{$snortdir}/tmp/emerging");
if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
if ($pkg_interface <> "console") {
- update_status(gettext("Extracting EmergingThreats.org rules..."));
- update_output_window(gettext("Installing EmergingThreats rules..."));
+ update_status(gettext("Extracting {$et_name} rules..."));
+ update_output_window(gettext("Installing {$et_name} rules..."));
}
- error_log(gettext("\tExtracting and installing EmergingThreats.org rules...\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log);
exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/");
+ /* Remove the old Emerging Threats rules files */
+ array_map('unlink', glob("{$snortdir}/rules/emerging-*.rules"));
+ array_map('unlink', glob("{$snortdir}/rules/etpro-*.rules"));
+ array_map('unlink', glob("{$snortdir}/rules/emerging-*ips.txt"));
+ array_map('unlink', glob("{$snortdir}/rules/etpro-*ips.txt"));
+
$files = glob("{$snortdir}/tmp/emerging/rules/*.rules");
foreach ($files as $file) {
$newfile = basename($file);
- @copy($file, "{$snortdir}/rules/{$newfile}");
+ if ($etpro == "on")
+ @copy($file, "{$snortdir}/rules/etpro-{$newfile}");
+ else
+ @copy($file, "{$snortdir}/rules/{$newfile}");
}
/* IP lists for Emerging Threats rules */
$files = glob("{$snortdir}/tmp/emerging/rules/*ips.txt");
foreach ($files as $file) {
$newfile = basename($file);
- @copy($file, "{$snortdir}/rules/{$newfile}");
+ if ($etpro == "on")
+ @copy($file, "{$snortdir}/rules/etpro-{$newfile}");
+ else
+ @copy($file, "{$snortdir}/rules/emerging-{$newfile}");
}
/* base etc files for Emerging Threats rules */
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
@@ -527,10 +563,10 @@ if ($emergingthreats == 'on') {
@copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}");
}
if ($pkg_interface <> "console") {
- update_status(gettext("Extraction of EmergingThreats.org rules completed..."));
- update_output_window(gettext("Installation of EmergingThreats rules completed..."));
+ update_status(gettext("Extraction of {$et_name} rules completed..."));
+ update_output_window(gettext("Installation of {$et_name} rules completed..."));
}
- error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
exec("rm -r {$snortdir}/tmp/emerging");
}
}
@@ -544,6 +580,9 @@ if ($snortdownload == 'on') {
if (substr(php_uname("r"), 0, 1) == '9')
$freebsd_version_so = 'FreeBSD-9-0';
+ /* Remove the old Snort rules files */
+ array_map('unlink', glob("{$snortdir}/rules/snort_*.rules"));
+
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
update_output_window(gettext("Installing Sourcefire VRT rules..."));
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 2a6d47ff..ca549820 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -203,15 +203,18 @@ if ($savemsg)
$server = substr($server, 0, 40) . "...";
$label = strtoupper($key);
$value = "";
- if (!empty($pconfig["def_{$key}"]))
+ $title = "";
+ if (!empty($pconfig["def_{$key}"])) {
$value = htmlspecialchars($pconfig["def_{$key}"]);
+ $title = trim(filter_expand_alias($pconfig["def_{$key}"]));
+ }
?>
<tr>
<td width='22%' valign='top' class='vncell'><?php echo gettext("Define"); ?> <?=$label;?></td>
<td width="78%" class="vtable">
<input name="def_<?=$key;?>" size="40"
type="text" autocomplete="off" class="formfldalias" id="def_<?=$key;?>"
- value="<?=$value;?>"> <br/>
+ value="<?=$value;?>" title="<?=$title;?>"> <br/>
<span class="vexpl"><?php echo gettext("Default value:"); ?> "<?=$server;?>" <br/><?php echo gettext("Leave " .
"blank for default value."); ?></span>
</td>
@@ -226,14 +229,17 @@ if ($savemsg)
$server = substr($server, 0, 40) . "...";
$label = strtoupper($key);
$value = "";
- if (!empty($pconfig["def_{$key}"]))
+ $title = "";
+ if (!empty($pconfig["def_{$key}"])) {
$value = htmlspecialchars($pconfig["def_{$key}"]);
+ $title = trim(filter_expand_alias($pconfig["def_{$key}"]));
+ }
?>
<tr>
<td width='22%' valign='top' class='vncell'><?php echo gettext("Define"); ?> <?=$label;?></td>
<td width="78%" class="vtable">
<input name="def_<?=$key;?>" type="text" size="40" autocomplete="off" class="formfldalias" id="def_<?=$key;?>"
- value="<?=$value;?>"> <br/>
+ value="<?=$value;?>" title="<?=$title;?>"> <br/>
<span class="vexpl"><?php echo gettext("Default value:"); ?> "<?=$server;?>" <br/> <?php echo gettext("Leave " .
"blank for default value."); ?></span>
</td>
@@ -262,6 +268,9 @@ if ($savemsg)
if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
+ // Skip any Aliases that resolve to an empty string
+ if (trim(filter_expand_alias($alias_name['name'])) == "")
+ continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 1f87fbbc..09ab646a 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -40,8 +40,14 @@ require_once("/usr/local/pkg/snort/snort.inc");
$snortdir = SNORTDIR;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
$log = $snort_rules_upd_log;
-$snort_rules_file = VRT_DNLD_FILENAME;
-$emergingthreats_filename = ET_DNLD_FILENAME;
+
+/* Grab the Snort binary version programmatically and */
+/* use it to construct the proper Snort VRT rules */
+/* tarball filename. */
+exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+$snortver[0] = str_replace(".", "", $snortver[0]);
+$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+//$snort_rules_file = VRT_DNLD_FILENAME;
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
/* load only javascript that is needed */
@@ -49,8 +55,18 @@ $snort_load_jquery = 'yes';
$snort_load_jquery_colorbox = 'yes';
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+if ($etpro == "on") {
+ $emergingthreats_filename = ETPRO_DNLD_FILENAME;
+ $et_name = "EMERGING THREATS PRO RULES";
+}
+else {
+ $emergingthreats_filename = ET_DNLD_FILENAME;
+ $et_name = "EMERGING THREATS RULES";
+}
+
/* quick md5s chk */
$snort_org_sig_chk_local = 'N/A';
if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
@@ -138,9 +154,9 @@ h += 96;
<p style="text-align: left; margin-left: 225px;">
<font color="#777777" size="2.5px">
<b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
- <font color="#FF850A" size="1px"><b>SNORT.ORG&nbsp;&nbsp;--></b></font>
+ <font color="#FF850A" size="1px"><b>SNORT VRT RULES&nbsp;&nbsp;--></b></font>
<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET&nbsp;&nbsp;--></b></font>
+ <font color="#FF850A" size="1px"><b><?=$et_name;?>&nbsp;&nbsp;--></b></font>
<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
<font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
@@ -160,7 +176,7 @@ h += 96;
<?php
- if ($snortdownload != 'on' && $emergingthreats != 'on') {
+ if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') {
echo '
<button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
<p style="text-align:left; margin-left:150px;">
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index d28ec2b4..089255b6 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -44,7 +44,9 @@ $snortdir = SNORTDIR;
/* make things short */
$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
+$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
@@ -63,14 +65,22 @@ if ($_POST['rule_update_starttime']) {
$input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'.";
}
+if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode']))
+ $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!";
+
+if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
+ $input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!";
+
/* if no errors move foward */
if (!$input_errors) {
if ($_POST["Submit"]) {
- $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
+ $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
$config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code'];
$config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
if ($_POST['snortloglimitsize']) {
@@ -160,19 +170,14 @@ if ($input_errors)
<td width="78%" class="vtable">
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td><input name="snortdownload" type="radio" id="snortdownload" value="off" onclick="enable_snort_vrt('off')"
- <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?> >&nbsp;&nbsp;</td>
- <td><span class="vexpl"><?php printf(gettext("Do %sNOT%s Install"), '<strong>', '</strong>'); ?></span></td>
- </tr>
- <tr>
- <td><input name="snortdownload" type="radio" id="snortdownload" value="on" onclick="enable_snort_vrt('on')"
+ <td><input name="snortdownload" type="checkbox" id="snortdownload" value="on" onclick="enable_snort_vrt();"
<?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>></td>
- <td><span class="vexpl"><?php echo gettext("Install Basic Rules or Premium rules"); ?></span></td>
+ <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
<tr>
<td>&nbsp;</td>
- <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a Basic Rule Account"); ?> </a><br>
+ <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br>
<a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">
- <?php echo gettext("Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended"); ?></a></td>
+ <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td>
</tr>
<tr>
<td colspan="2">&nbsp;</td>
@@ -180,17 +185,17 @@ if ($input_errors)
</table>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Oinkmaster Configuration"); ?></span></b></td>
+ <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td>
</tr>
<tr>
- <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code"); ?></strong></span></td>
+ <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
<td><input name="oinkmastercode" type="text"
class="formfld" id="oinkmastercode" size="52"
value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"
<?php if($pconfig['snortdownload']<>'on') echo 'disabled'; ?>><br>
<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
</tr>
- </table>
+ </table>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php printf(gettext("Install %sSnort Community%s " .
@@ -198,7 +203,7 @@ if ($input_errors)
<td width="78%" class="vtable">
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="yes"
+ <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
<?php if ($config['installedpackages']['snortglobal']['snortcommunityrules']=="on") echo "checked"; ?> ></td>
<td><span class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " .
"without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset."); ?>
@@ -212,11 +217,41 @@ if ($input_errors)
<td width="78%" class="vtable">
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
- <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>>
- <td><span class="vexpl"><?php echo gettext("Emerging Threats is an open source community that produces fast " .
- "moving and diverse Snort Rules."); ?></span></td>
+ <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="on" onclick="enable_et_rules();"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>></td>
+ <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
+ "is more limited than ETPro."); ?></span></td>
+ </tr>
+ <tr>
+ <td valign="top" width="8%"><input name="emergingthreats_pro" type="checkbox" value="on" onclick="enable_etpro_rules();"
+ <?php if ($config['installedpackages']['snortglobal']['emergingthreats_pro']=="on") echo "checked"; ?>></td>
+ <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
</tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td><a href="http://www.emergingthreats.net/solutions/etpro-ruleset/" target="_blank"><?php echo gettext("Sign Up for an ETPro Account"); ?> </a></td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" .
+ gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2">&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("ETPro Subscription Configuration"); ?></span></b></td>
+ </tr>
+ <tr>
+ <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
+ <td><input name="etpro_code" type="text"
+ class="formfld" id="etpro_code" size="52"
+ value="<?=htmlspecialchars($pconfig['etpro_code']);?>"
+ <?php if($pconfig['emergingthreats_pro']<>'on') echo 'disabled'; ?>><br>
+ <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
+ </tr>
</table>
</td>
</tr>
@@ -330,13 +365,28 @@ if ($input_errors)
<script language="JavaScript">
<!--
-function enable_snort_vrt(btn) {
- if (btn == 'off') {
- document.iform.oinkmastercode.disabled = "true";
+function enable_snort_vrt() {
+ var endis = !(document.iform.snortdownload.checked);
+ document.iform.oinkmastercode.disabled = endis;
+ document.iform.etpro_code.disabled = endis;
+}
+
+function enable_et_rules() {
+ var endis = document.iform.emergingthreats.checked;
+ if (endis) {
+ document.iform.emergingthreats_pro.checked = !(endis);
+ document.iform.etpro_code.disabled = "true";
}
- if (btn == 'on') {
- document.iform.oinkmastercode.disabled = "";
- }
+}
+
+function enable_etpro_rules() {
+ var endis = document.iform.emergingthreats_pro.checked;
+ if (endis) {
+ document.iform.emergingthreats.checked = !(endis);
+ document.iform.etpro_code.disabled = "";
+ }
+ else
+ document.iform.etpro_code.disabled = "true";
}
function enable_change_rules_upd() {
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index fc157375..671fa4e5 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -261,7 +261,7 @@ if ($savemsg)
<div id="addressnetworkport"><?php echo gettext("Alias Name:"); ?></div>
</td>
<td width="78%" class="vtable">
- <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" />
+ <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>
</td>
</tr>
<tr>
@@ -287,6 +287,9 @@ if ($savemsg)
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
continue;
+ // Skip any Alias that resolves to an empty string
+ if (trim(filter_expand_alias($alias_name['name'])) == "")
+ continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 6c839846..95d5a10e 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -1161,8 +1161,8 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore Scanners"); ?></td>
<td width="78%" class="vtable">
- <input name="pscan_ignore_scanners" type="text" size="40" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners"
- value="<?=$pconfig['pscan_ignore_scanners'];?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
+ <input name="pscan_ignore_scanners" type="text" size="40" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners"
+ value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.<br/>
<?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias."); ?><br/>
</td>
@@ -1315,6 +1315,8 @@ include_once("head.inc");
if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
+ if (trim(filter_expand_alias($alias_name['name'])) == "")
+ continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index c9d90597..c9852597 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -33,7 +33,7 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $flowbit_rules_file, $rebuild_rules;
+global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$rules_map = array();
@@ -106,6 +106,7 @@ function add_title_attribute($tag, $title) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
$categories = explode("||", $pconfig['rulesets']);
@@ -117,7 +118,7 @@ else if ($_POST['openruleset'])
else
$currentruleset = $categories[0];
-if (empty($categories[0]) && ($currentruleset != "custom.rules")) {
+if (empty($categories[0]) && ($currentruleset != "custom.rules") && ($currentruleset != "Auto-Flowbit Rules")) {
if (!empty($a_rule[$id]['ips_policy']))
$currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
else
@@ -133,6 +134,9 @@ $ruledir = "{$snortdir}/rules";
$rulefile = "{$ruledir}/{$currentruleset}";
if ($currentruleset != 'custom.rules') {
// Read the current rules file into our rules map array.
+ // If it is the auto-flowbits file, set the full path.
+ if ($currentruleset == "Auto-Flowbit Rules")
+ $rulefile = "{$snortcfgdir}/rules/" . FLOWBITS_FILENAME;
// Test for the special case of an IPS Policy file.
if (substr($currentruleset, 0, 10) == "IPS Policy")
$rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
@@ -193,8 +197,6 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
write_config();
$_GET['openruleset'] = $currentruleset;
-// header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
-// exit;
$anchor = "rule_{$sid}";
}
@@ -334,7 +336,7 @@ if ($_POST['customrules']) {
$rebuild_rules = false;
$output = "";
$retcode = "";
- exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode);
+ exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
if (intval($retcode) != 0) {
$error = "";
$start = count($output);
@@ -436,6 +438,8 @@ if ($savemsg) {
$files = explode("||", $pconfig['rulesets']);
if ($a_rule[$id]['ips_policy_enable'] == 'on')
$files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
+ if ($a_rule[$id]['autoflowbitrules'] == 'on')
+ $files[] = "Auto-Flowbit Rules";
natcasesort($files);
foreach ($files as $value) {
if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_")
@@ -517,6 +521,17 @@ if ($savemsg) {
title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
+ <?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
+ <tr>
+ <td colspan="3">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" .
+ gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") .
+ "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
+ gettext("clicking here") . ".</a>";?></td>
+ </tr>
+ <?php endif;?>
</table>
</td>
</tr>
@@ -564,27 +579,32 @@ if ($savemsg) {
foreach ($rulem as $k2 => $v) {
$sid = snort_get_sid($v['rule']);
$gid = snort_get_gid($v['rule']);
+
if (isset($disablesid[$sid])) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
+ $title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$sid]))) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_block_d.gif";
$disable_cnt++;
+ $title = gettext("Disabled by default. Click to toggle to enabled state");
}
elseif (isset($enablesid[$sid])) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
+ $title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
$textss = $textse = "";
$iconb = "icon_block.gif";
$enable_cnt++;
+ $title = gettext("Enabled by default. Click to toggle to disabled state");
}
// Pick off the first section of the rule (prior to the start of the MSG field),
@@ -611,7 +631,7 @@ if ($savemsg) {
<a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'>
<img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
width=\"11\" height=\"11\" border=\"0\"
- title='" . gettext("Click to toggle enabled/disabled state") . "'></a>
+ title='{$title}'></a>
$textse
</td>
<td class=\"listlr\" align=\"center\">
@@ -638,8 +658,8 @@ if ($savemsg) {
?>
<td align="right" valign="middle" nowrap class="listt">
<a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
</td>
</tr>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index a1f45c07..c0087464 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -37,7 +37,7 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $flowbit_rules_file;
+$flowbit_rules_file = FLOWBITS_FILENAME;
$snortdir = SNORTDIR;
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
@@ -60,10 +60,17 @@ if (isset($id) && $a_rule[$id]) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$file = $_GET['openruleset'];
$contents = '';
$wrap_flag = "off";
+// Correct displayed file title if necessary
+if ($file == "Auto-Flowbit Rules")
+ $displayfile = FLOWBITS_FILENAME;
+else
+ $displayfile = $file;
+
// Read the contents of the argument passed to us.
// It may be an IPS policy string, an individual SID,
// a standard rules file, or a complete file name.
@@ -87,13 +94,18 @@ if (substr($file, 0, 10) == "IPS Policy") {
}
// Is it a SID to load the rule text from?
elseif (isset($_GET['ids'])) {
- $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
+ // If flowbit rule, point to interface-specific file
+ if ($file == "Auto-Flowbit Rules")
+ $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
+ else
+ $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
$contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
$wrap_flag = "soft";
}
+
// Is it our special flowbit rules file?
-elseif ($file == $flowbit_rules_file)
- $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
+elseif ($file == "Auto-Flowbit Rules")
+ $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}");
// Is it a rules file in the ../rules/ directory?
elseif (file_exists("{$snortdir}/rules/{$file}"))
$contents = file_get_contents("{$snortdir}/rules/{$file}");
@@ -101,10 +113,8 @@ elseif (file_exists("{$snortdir}/rules/{$file}"))
elseif (file_exists($file))
$contents = file_get_contents($file);
// It is not something we can display, so exit.
-else {
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}");
- exit;
-}
+else
+ $input_errors[] = gettext("Unable to open file: {$displayfile}");
$pgtitle = array(gettext("Snort"), gettext("File Viewer"));
?>
@@ -128,7 +138,7 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $file; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $displayfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 7a653af8..92330ebf 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -50,6 +50,21 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+// Set who called us so we can return to the correct page with
+// the RETURN button. We will just trust this User-Agent supplied
+// string for now.
+session_start();
+if(!isset($_SESSION['org_referer']))
+ $_SESSION['org_referer'] = $_SERVER['HTTP_REFERER'];
+$referrer = $_SESSION['org_referer'];
+
+if ($_POST['cancel']) {
+ unset($_SESSION['org_referer']);
+ session_write_close();
+ header("Location: {$referrer}");
+ exit;
+}
+
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
@@ -88,14 +103,15 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
if (empty($a_nat[$id]['suppresslistname']) || $a_nat[$id]['suppresslistname'] == 'default') {
$s_list = array();
- $s_list['name'] = $a_nat[$id]['interface'] . "suppress";
$s_list['uuid'] = uniqid();
- $s_list['descr'] = "Auto-generated list for alert suppression";
+ $s_list['name'] = $a_nat[$id]['interface'] . "suppress" . "_" . $s_list['uuid'];
+ $s_list['descr'] = "Auto-generated list for Alert suppression";
$s_list['suppresspassthru'] = base64_encode($suppress);
$a_suppress[] = $s_list;
$a_nat[$id]['suppresslistname'] = $s_list['name'];
$found_list = true;
} else {
+ /* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_nat[$id]['suppresslistname']) {
$found_list = true;
@@ -105,6 +121,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
$alist['suppresspassthru'] = base64_encode($tmplist);
$a_suppress[$a_id] = $alist;
}
+ else {
+ $alist['suppresspassthru'] = base64_encode($suppress);
+ $a_suppress[$a_id] = $alist;
+ }
}
}
}
@@ -112,7 +132,8 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
write_config();
$rebuild_rules = false;
sync_snort_package_config();
- $savemsg = gettext("Wrote suppress rule for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' to the '{$a_nat[$id]['suppresslistname']}' Suppression List.");
+ snort_reload_config($a_nat[$id]);
+ $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
else {
/* We did not find the defined list, so notify the user with an error */
@@ -179,8 +200,9 @@ if ($savemsg)
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus.gif" width='12' height='12' border='0'/></td>
<td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td>
- <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php
- echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/></td>
+ <td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php
+ echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
+ <input name="id" type="hidden" value="<?=$id;?>" /></td>
</tr>
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td>
@@ -272,7 +294,7 @@ if ($savemsg)
<?php if ($count > 20): ?>
<tr>
<td align="center" valign="middle">
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php
+ <input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
<input name="id" type="hidden" value="<?=$id;?>" />
</td>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 7ec0edbd..3c613f84 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -63,6 +63,7 @@ $if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'];
$no_emerging_files = false;
@@ -70,10 +71,13 @@ $no_snort_files = false;
$no_community_files = false;
/* Test rule categories currently downloaded to $SNORTDIR/rules and set appropriate flags */
-$test = glob("{$snortdir}/rules/emerging-*.rules");
+if (($etpro == 'off' || empty($etpro)) && $emergingdownload == 'on')
+ $test = glob("{$snortdir}/rules/emerging-*.rules");
+elseif ($etpro == 'on' && ($emergingdownload == 'off' || empty($emergingdownload)))
+ $test = glob("{$snortdir}/rules/etpro-*.rules");
if (empty($test))
$no_emerging_files = true;
-$test = glob("{$snortdir}/rules/snort_*.rules");
+$test = glob("{$snortdir}/rules/snort*.rules");
if (empty($test))
$no_snort_files = true;
if (!file_exists("{$snortdir}/rules/GPLv2_community.rules"))
@@ -184,10 +188,16 @@ if ($_POST['selectall']) {
}
if ($emergingdownload == 'on') {
- $files = glob("{$snortdir}/rules/emerging*.rules");
+ $files = glob("{$snortdir}/rules/emerging-*.rules");
foreach ($files as $file)
$rulesets[] = basename($file);
}
+ elseif ($etpro == 'on') {
+ $files = glob("{$snortdir}/rules/etpro-*.rules");
+ foreach ($files as $file)
+ $rulesets[] = basename($file);
+ }
+
if ($snortcommunitydownload == 'on') {
$files = glob("{$snortdir}/rules/*_community.rules");
foreach ($files as $file)
@@ -421,7 +431,10 @@ if ($savemsg) {
<tr id="frheader">
<?php if ($emergingdownload == 'on' && !$no_emerging_files): ?>
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
- <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Emerging Threats');?></td>
+ <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td>
+ <?php elseif ($etpro == 'on' && !$no_emerging_files): ?>
+ <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
+ <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td>
<?php else: ?>
<td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("Emerging Threats rules not {$msg_emerging}"); ?></td>
<?php endif; ?>
@@ -446,7 +459,9 @@ if ($savemsg) {
$filename = basename($filename);
if (substr($filename, -5) != "rules")
continue;
- if (strstr($filename, "emerging") && $emergingdownload == 'on')
+ if (strstr($filename, "emerging-") && $emergingdownload == 'on')
+ $emergingrules[] = $filename;
+ else if (strstr($filename, "etpro-") && $etpro == 'on')
$emergingrules[] = $filename;
else if (strstr($filename, "snort") && $snortdownload == 'on') {
if (strstr($filename, ".so.rules"))
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index e488bc49..f4eaa140 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -25,6 +25,9 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+
+require_once("/usr/local/www/widgets/include/widget-snort.inc");
+
global $config, $g;
/* array sorting */
diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc
index 105dd1e7..b9cfbeac 100644
--- a/config/widget-snort/widget-snort.inc
+++ b/config/widget-snort/widget-snort.inc
@@ -1,5 +1,10 @@
<?php
require_once("config.inc");
+
+//set variable for custom title
+$snort_alerts_title = "Snort Alerts";
+$snort_alerts_title_link = "snort/snort_alerts.php";
+
function widget_snort_uninstall() {
global $config;
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
index a6ea7f88..29edcc3f 100644
--- a/config/widget-snort/widget-snort.xml
+++ b/config/widget-snort/widget-snort.xml
@@ -46,7 +46,7 @@
<requirements>Dashboard package and Snort</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>widget-snort</name>
- <version>0.3.4</version>
+ <version>0.3.5</version>
<title>Widget - Snort</title>
<include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file>
<additional_files_needed>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 57296d46..ae4e7f8e 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -500,12 +500,12 @@
<descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr>
<category>Security</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
- <depends_on_package>mysql-client-5.5.30.tbz</depends_on_package>
+ <depends_on_package>mysql-client-5.5.34.tbz</depends_on_package>
<depends_on_package>barnyard2-1.12.tbz</depends_on_package>
<depends_on_package>libnet11-1.1.6,1.tbz</depends_on_package>
<depends_on_package>libdnet-1.11_3.tbz</depends_on_package>
- <depends_on_package>libpcap-1.3.0.tbz</depends_on_package>
- <depends_on_package>daq-2.0.0.tbz</depends_on_package>
+ <depends_on_package>libpcap-1.4.0.tbz</depends_on_package>
+ <depends_on_package>daq-2.0.1.tbz</depends_on_package>
<depends_on_package>snort-2.9.4.6.tbz</depends_on_package>
<depends_on_package_pbi>snort-2.9.4.6-i386.pbi</depends_on_package_pbi>
<build_port_path>/usr/ports/devel/pcre</build_port_path>
@@ -522,7 +522,7 @@
<!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. -->
<build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_UNSET=REACT;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITHOUT_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.4.6 pkg v. 2.6.0</version>
+ <version>2.9.4.6 pkg v. 2.6.1</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
@@ -1550,7 +1550,7 @@
<descr>Dashboard widget for Snort.</descr>
<category>System</category>
<config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file>
- <version>0.3.4</version>
+ <version>0.3.5</version>
<status>BETA</status>
<required_version>1.2</required_version>
<configurationfile>widget-snort.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 06d51d63..05f2f1b0 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -487,12 +487,12 @@
<descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr>
<category>Security</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
- <depends_on_package>mysql-client-5.5.30.tbz</depends_on_package>
+ <depends_on_package>mysql-client-5.5.34.tbz</depends_on_package>
<depends_on_package>barnyard2-1.12.tbz</depends_on_package>
<depends_on_package>libnet11-1.1.6,1.tbz</depends_on_package>
<depends_on_package>libdnet-1.11_3.tbz</depends_on_package>
- <depends_on_package>libpcap-1.3.0.tbz</depends_on_package>
- <depends_on_package>daq-2.0.0.tbz</depends_on_package>
+ <depends_on_package>libpcap-1.4.0.tbz</depends_on_package>
+ <depends_on_package>daq-2.0.1.tbz</depends_on_package>
<depends_on_package>snort-2.9.4.6.tbz</depends_on_package>
<depends_on_package_pbi>snort-2.9.4.6-amd64.pbi</depends_on_package_pbi>
<build_port_path>/usr/ports/devel/pcre</build_port_path>
@@ -509,7 +509,7 @@
<!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. -->
<build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_UNSET=REACT;snort_SET=TARGETBASED PERFPROFILE DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITH_TARGETBASED=true;WITH_PERFPROFILE=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITHOUT_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.4.6 pkg v. 2.6.0</version>
+ <version>2.9.4.6 pkg v. 2.6.1</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
@@ -1537,7 +1537,7 @@
<descr>Dashboard widget for Snort.</descr>
<category>System</category>
<config_file>http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml</config_file>
- <version>0.3.4</version>
+ <version>0.3.5</version>
<status>BETA</status>
<required_version>1.2</required_version>
<configurationfile>widget-snort.xml</configurationfile>