diff options
Diffstat (limited to 'config/snort-dev/snort_interfaces_whitelist.php')
-rw-r--r-- | config/snort-dev/snort_interfaces_whitelist.php | 266 |
1 files changed, 107 insertions, 159 deletions
diff --git a/config/snort-dev/snort_interfaces_whitelist.php b/config/snort-dev/snort_interfaces_whitelist.php index 3167b65f..2dc2d491 100644 --- a/config/snort-dev/snort_interfaces_whitelist.php +++ b/config/snort-dev/snort_interfaces_whitelist.php @@ -1,18 +1,18 @@ <?php /* $Id$ */ /* - - part of pfSense + firewall_aliases.php + Copyright (C) 2004 Scott Ullrich + Copyright (C) 2011 Ermal Luci All rights reserved. + originially part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -24,10 +24,6 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -38,148 +34,117 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -*/ + */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) +$config['installedpackages']['snortglobal']['whitelist']['item'] = array(); -$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); +//aliases_sort(); << what ? +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - if (!is_array($a_whitelist)) - { - $a_whitelist = array(); - } +if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { + $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); +}else{ + $id_gen = '0'; +} - if ($a_whitelist == 'Error') - { - echo 'Error'; - exit(0); +$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; + +if ($_GET['act'] == "del") { + if ($a_whitelist[$_GET['id']]) { + /* make sure rule is not being referenced by any nat or filter rules */ + + unset($a_whitelist[$_GET['id']]); + write_config(); + filter_configure(); + header("Location: /snort/snort_interfaces_whitelist.php"); + exit; } +} - $pgtitle = "Services: Snort: Whitelist"; - include("/usr/local/pkg/snort/snort_head.inc"); +$pgtitle = "Services: Snort: Whitelist"; +include_once("head.inc"); ?> - - + <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> +<?php +include_once("fbegin.inc"); +echo $snort_general_css; +?> -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_whitelistdirty_path)): ?> +<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> - </ul> - </div> - +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> </td> </tr> <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <tr> <!-- db to lookup --> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> <td width="20%" class="listhdrr">File Name</td> - <td width="45%" class="listhdrr">Values</td> - <td width="35%" class="listhdr">Description</td> + <td width="40%" class="listhdrr">Values</td> + <td width="40%" class="listhdr">Description</td> <td width="10%" class="list"></td> </tr> - <?php foreach ($a_whitelist as $list): ?> - <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"true"}' > - <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"><?=$list['filename'];?></td> - <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"> - <?php - $a = 0; - $countList = count($list['list']); - foreach ($list['list'] as $value) - { - - $a++; - - if ($a != $countList || $countList == 1) - { - echo $value['ip']; - } - - if ($a > 0 && $a != $countList) - { - echo ',' . ' '; - }else{ - echo ' '; - } - - } // end foreach - - if ($a > 3) - { - echo '...'; - } - ?> - </td> - <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>'"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?> + <?php $i = 0; foreach ($a_whitelist as $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listr" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?php + $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); + echo $addresses; + if(count($addresses) < 10) { + echo " "; + } else { + echo "..."; + } + ?></td> + <td class="listbg" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> </td> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"> - <a href="snort_interfaces_whitelist_edit.php?uuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit whitelist"></a> - </td> - <td> - <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" > - </a> - </td> + <td valign="middle"><a + href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a + href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" + onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="delete whitelist"></a></td> </tr> </table> </td> @@ -189,53 +154,36 @@ $a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelist <td class="list" colspan="3"></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?uuid=<?=genAlphaNumMixFast(28, 28);?> "><img src="/themes/nervecenter/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="add a new list"></a></td> </tr> </table> </td> </tr> - </table> - </td> - </tr> - - <!-- STOP MAIN AREA --> </table> </td> - </tr> - - </table> - </td> </tr> </table> - -<!-- 2nd box note --> <br> -<div id=mainarea4> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"> - <span class="vexpl"> - <span class="red"><strong>Note:</strong></span> - <p><span class="vexpl"> - Here you can create whitelist files for your snort package rules.<br> - Please add all the ips or networks you want to protect against snort block decisions.<br> +<table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create whitelist files for your + snort package rules.<br> + Please add all the ips or networks you want to protect against snort + block decisions.<br> Remember that the default whitelist only includes local networks.<br> - Be careful, it is very easy to get locked out of you system. - </span></p> - </td> + Be careful, it is very easy to get locked out of you system.</span></p></td> </table> -</div> - -</div> +</form> -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - +</div> +<?php include("fend.inc"); ?> </body> </html> |