diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort.inc | 59 | ||||
-rw-r--r-- | config/snort-dev/snort_barnyard.php | 113 | ||||
-rw-r--r-- | config/snort-dev/snort_define_servers.php | 50 | ||||
-rw-r--r-- | config/snort-dev/snort_gui.inc | 2 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces.php | 37 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 117 | ||||
-rw-r--r-- | config/snort-dev/snort_preprocessors.php | 175 | ||||
-rw-r--r-- | config/snort-dev/snort_rulesets.php | 2 |
8 files changed, 416 insertions, 139 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 08b2aae1..65487703 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -79,9 +79,6 @@ function snort_postinstall() { global $config; conf_mount_rw(); - - exec("/usr/sbin/pw groupadd snort"); - exec('/usr/sbin/pw useradd snort -c "SNORT USER" -d /nonexistent -g snort -s /sbin/nologin'); if(!file_exists("/var/log/snort/")) mwexec("mkdir -p /var/log/snort/"); @@ -283,7 +280,7 @@ function create_snort_sh() /* define snortbarnyardlog_chk */ if ($snortbarnyardlog_info_chk == on) { - $start_barnyard2 = "\nsleep 4\n/usr/local/bin/barnyard2 -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q\n\n"; + $start_barnyard2 = "\nsleep 4\n/usr/local/bin/barnyard2 -u snort -g snort -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q\n\n"; } @@ -395,6 +392,7 @@ rc_start_real() { /bin/rm /var/run/snort_$if_real$id$if_real.pid.lck /usr/local/bin/snort -u snort -g snort -G $id -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q /sbin/ifconfig $if_real_wan polling promisc + $start_barnyard2 sleep 3 /bin/cp /var/log/system.log /var/log/snort/snort_sys_$id$if_real.log @@ -466,12 +464,18 @@ EOD; /* open barnyard2.conf for writing */ function create_barnyard2_conf() { - global $bconfig, $bg; + global $bconfig, $bg, $id, $if_real; /* write out barnyard2_conf */ + + if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/barnyard2.conf")) + { + exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf"); + } + $barnyard2_conf_text = generate_barnyard2_conf(); - $bconf = fopen("/usr/local/etc/snort/$id$if_real/barnyard2.conf", "w"); + $bconf = fopen("/usr/local/etc/snort/snort_$id$if_real/barnyard2.conf", "w"); if(!$bconf) { - log_error("Could not open /usr/local/etc/snort/$id$if_real/barnyard2.conf for writing."); + log_error("Could not open /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf for writing."); exit; } fwrite($bconf, $barnyard2_conf_text); @@ -658,7 +662,8 @@ snort_rules_up_deinstall_cron(""); } -function generate_snort_conf() { +function generate_snort_conf() +{ global $config, $g, $if_real, $id; conf_mount_rw(); @@ -670,19 +675,22 @@ function generate_snort_conf() { // $snort_config_pass_thru = $config['installedpackages']['snortglobal']['rule'][$id]['configpassthru']; /* create basic files */ - if(!file_exists("/usr/local/etc/snort/snort/snort_$id$if_real")) { - exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/"); - exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules"); - - if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/gen-msg.map")) { - exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_$id$if_real/classification.config"); - exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_$id$if_real/gen-msg.map"); - exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_$id$if_real/reference.config"); - exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_$id$if_real/sid-msg.map"); - exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_$id$if_real/unicode.map"); - exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_$id$if_real/threshold.conf"); - exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_$id$if_real/snort.conf"); - exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules"); + if(!file_exists("/usr/local/etc/snort/snort/snort_$id$if_real")) + { + exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/"); + exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules"); + + if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/gen-msg.map")) + { + exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_$id$if_real/classification.config"); + exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_$id$if_real/gen-msg.map"); + exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_$id$if_real/reference.config"); + exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_$id$if_real/sid-msg.map"); + exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_$id$if_real/unicode.map"); + exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_$id$if_real/threshold.conf"); + exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_$id$if_real/snort.conf"); + exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf"); + exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules"); } } @@ -703,11 +711,6 @@ $tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id][ if ($tcpdumplog_info_chk == on) $tcpdumplog_type = "output log_tcpdump: snorttcpd.log"; -/* define snortbarnyardlog_chk */ -$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortbarnyardlog']; -if ($snortbarnyardlog_info_chk == on) - $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D"; - /* define snortunifiedlog */ $snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog']; if ($snortunifiedlog_info_chk == on) @@ -1546,7 +1549,7 @@ $def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['ru if ($def_ssl_ports_ignore_info_chk == "") $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; else - $def_ssl_ports_ignore_type = "$def_ssl_ports_info_chk"; + $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; ////////////////////////////////////////////////////////////////// /* build snort configuration file */ @@ -1744,7 +1747,7 @@ preprocessor stream5_icmp: # ############################## -preprocessor ssl: ports { $def_ssl_ports_ignore_type }, trustservers, noinspect_encrypted +preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted ##################### # diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index cfe4e77d..a28bf0e7 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -57,10 +57,52 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_nat[$id]) { - /* new options */ + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['ip def_sip_proxy_ports'] = $a_nat[$id]['ip def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - /* old options */ $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['descr'] = $a_nat[$id]['descr']; @@ -70,7 +112,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -96,16 +137,62 @@ if ($_POST) { /* if no errors write to conf */ if (!$input_errors) { $natent = array(); - /* repost the options already in conf */ - $natent['enable'] = $pconfig['enable']; - $natent['interface'] = $pconfig['interface']; - $natent['descr'] = $pconfig['descr']; - $natent['performance'] = $pconfig['performance']; - $natent['blockoffenders7'] = $pconfig['blockoffenders7']; - $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; - $natent['alertsystemlog'] = $pconfig['alertsystemlog']; - $natent['tcpdumplog'] = $pconfig['tcpdumplog']; - $natent['flow_depth'] = $pconfig['flow_depth']; + /* repost the options already in conf */ + + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + + /* post new options */ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index 812d379b..aca2f036 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -57,7 +57,17 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_nat[$id]) { - /* new options */ + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; @@ -91,7 +101,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - /* old options */ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; $pconfig['enable'] = $a_nat[$id]['enable']; @@ -103,7 +112,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; if (isset($_GET['dup'])) unset($id); @@ -119,19 +127,29 @@ if ($_POST) { /* if no errors write to conf */ if (!$input_errors) { $natent = array(); - /* repost the options already in conf */ - $natent['enable'] = $pconfig['enable']; - $natent['interface'] = $pconfig['interface']; - $natent['descr'] = $pconfig['descr']; - $natent['performance'] = $pconfig['performance']; - $natent['blockoffenders7'] = $pconfig['blockoffenders7']; - $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; - $natent['alertsystemlog'] = $pconfig['alertsystemlog']; - $natent['tcpdumplog'] = $pconfig['tcpdumplog']; - $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; - $natent['flow_depth'] = $pconfig['flow_depth']; - $natent['barnyard_enable'] = $pconfig['barnyard_enable']; - $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; + /* repost the options already in conf */ + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + /* post new options */ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc index d8743b43..90fc8505 100644 --- a/config/snort-dev/snort_gui.inc +++ b/config/snort-dev/snort_gui.inc @@ -36,7 +36,7 @@ function print_info_box_np2($msg) { echo " <td>\n"; echo " <div style='background-color:#990000' id='redbox'>\n"; echo " <table width='100%'><tr><td width='8%'>\n"; - echo " <img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n"; + echo " <img style='vertical-align:middle' src=\"/snort/alert.jpg\" width=\"32\" height=\"28\">\n"; echo " </td>\n"; echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n"; echo " </td>"; diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 974e2673..1c97f944 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -162,7 +162,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "") { } } -$pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.8 beta"; +$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC1"; include("head.inc"); ?> @@ -192,6 +192,17 @@ padding: 15px 10px 50% 50px; padding-top: 4px; padding-bottom: 4px; } +.listbg3 { + border-right: 1px solid #777777; + border-bottom: 1px solid #777777; + font-size: 11px; + background-color: #777777; + color: #000; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} </style> <noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> @@ -307,7 +318,17 @@ padding: 15px 10px 50% 50px; ?> <?=strtoupper($check_blockoffenders);?> </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + /* convert fake interfaces to real and check if iface is up */ + $if_real2 = convert_friendly_interface_to_real_interface_name($natent['interface']); + $color_up_b = exec("/bin/ps -auwx | grep -v grep | grep \"snort.u2_{$nnats}{$if_real2}\" | awk '{print $2;}'"); + If ($color_up_b != "") { + $class_color_up_bb = "listbg2"; + }else{ + $class_color_up_bb = "listbg"; + } + ?> + <td class="<?=$class_color_up_bb;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; if ($check_snortbarnyardlog_info == "on") @@ -319,7 +340,7 @@ padding: 15px 10px 50% 50px; ?> <?=strtoupper($check_snortbarnyardlog);?> </td> - <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> </td> @@ -351,13 +372,15 @@ padding: 15px 10px 50% 50px; <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> <br> - This is the <strong>Snort Interfaces Menu</strong> where you can see an over view of all your interface settings. + This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings. <br> - Please edit the <strong>Global Settings </strong> tab befor adding an interface. + Please edit the <strong>Global Settings</strong> tab befor adding an interface. <br><br> - Click on the <strong>Plus Icon</strong> to add a interface. + <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.                           <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard. + <br> + <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.      <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard. <br> - Click on the <strong>Edit Icon</strong> to edit interface settings. + <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings. </td> </table> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index cdf2f3e1..881df8a2 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -50,6 +50,52 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_nat[$id]) { + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['ip def_sip_proxy_ports'] = $a_nat[$id]['ip def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['descr'] = $a_nat[$id]['descr']; @@ -59,9 +105,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -150,7 +193,7 @@ if ($_POST["Submit"]) { continue; } -/* if no errors write to conf */ + /* if no errors write to conf */ if (!$input_errors) { $natent = array(); @@ -167,10 +210,55 @@ if ($_POST["Submit"]) { if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } /* if optiion = 0 then the old descr way will not work */ - if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = $pconfig['flow_depth']; } - /* rewrite the options that are not in post */ - $natent['barnyard_enable'] = $pconfig['barnyard_enable']; - $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; + + /* rewrite the options that are not in post */ + /* make shure values are set befor repost or conf.xml will be broken */ + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -246,7 +334,6 @@ echo " document.iform.descr.disabled = endis;\n"; } ?> - document.iform.flow_depth.disabled = endis; document.iform.performance.disabled = endis; document.iform.blockoffenders7.disabled = endis; document.iform.snortalertlogtype.disabled = endis; @@ -432,18 +519,6 @@ if($id != "") <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> </tr> - <tr> - <td valign="top" class="vncell">HTTP server flow depth</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td> - </tr> - </table> - Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.<br> - Setting this value too low may cause false negatives. Value above 0 is in bytes.<br> - <strong>Default value is 0</strong></td> - </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index 88f90b2e..39ed86d4 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -58,8 +58,16 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_nat[$id]) { /* new options */ - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; /* old options */ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; @@ -123,55 +131,63 @@ if ($_POST) { if (!$input_errors) { $natent = array(); /* repost the options already in conf */ - $natent['enable'] = $pconfig['enable']; - $natent['interface'] = $pconfig['interface']; - $natent['descr'] = $pconfig['descr']; - $natent['performance'] = $pconfig['performance']; - $natent['blockoffenders7'] = $pconfig['blockoffenders7']; - $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; - $natent['alertsystemlog'] = $pconfig['alertsystemlog']; - $natent['tcpdumplog'] = $pconfig['tcpdumplog']; - $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; - $natent['flow_depth'] = $pconfig['flow_depth']; - $natent['barnyard_enable'] = $pconfig['barnyard_enable']; - $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; - $natent['def_dns_servers'] = $pconfig['def_dns_servers']; - $natent['def_dns_ports'] = $pconfig['def_dns_ports']; - $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; - $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; - $natent['def_mail_ports'] = $pconfig['def_mail_ports']; - $natent['def_http_servers'] = $pconfig['def_http_servers']; - $natent['def_www_servers'] = $pconfig['def_www_servers']; - $natent['def_http_ports'] = $pconfig['def_http_ports']; - $natent['def_sql_servers'] = $pconfig['def_sql_servers']; - $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; - $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; - $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; - $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; - $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; - $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; - $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; - $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; - $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; - $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; - $natent['def_pop_servers'] = $pconfig['def_pop_servers']; - $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; - $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; - $natent['def_imap_servers'] = $pconfig['def_imap_servers']; - $natent['def_imap_ports'] = $pconfig['def_imap_ports']; - $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; - $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; - $natent['def_auth_ports'] = $pconfig['def_auth_ports']; - $natent['def_finger_ports'] = $pconfig['def_finger_ports']; - $natent['def_irc_ports'] = $pconfig['def_irc_ports']; - $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; - $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; - $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; - $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } /* post new options */ $natent['perform_stat'] = $_POST['perform_stat']; if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } + if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } + $natent['perform_stat'] = $_POST['perform_stat'] ? on : off; + $natent['http_inspect'] = $_POST['http_inspect'] ? on : off; + $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off; + $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? on : off; + $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off; + $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off; + $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off; + $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -268,22 +284,77 @@ if($id != "") ?> <tr> <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> - Please save your settings befor you click start.<br> - Please make sure there are <strong>no spaces</strong> in your definitions. + <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br> + RULES MAY DEPENDENT ON Preprocessors!<br> + Please save your settings befor you click start.<br> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">perform_stat</td> + <td width="22%" valign="top" class="vncell">Enable <br>Performance Statistics</td> <td width="78%" class="vtable"> <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td> + Performance Statistics for this interface.</td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>HTTP Inspect</td> + <td width="78%" class="vtable"> + <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> + </tr> + <tr> + <td valign="top" class="vncell">HTTP server flow depth</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td> + </tr> + </table> + Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.<br> + Setting this value too low may cause false negatives. Value above 0 is in bytes.<br> + <strong>Default value is 0</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>RPC Decode and Back Orifice detector</td> + <td width="78%" class="vtable"> + <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>FTP & Telnet Normalizer</td> + <td width="78%" class="vtable"> + <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode FTP & Telnet traffic and protocol anomalies.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>SMTP Normalizer</td> + <td width="78%" class="vtable"> + <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>Portscan Detection</td> + <td width="78%" class="vtable"> + <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Detects various types of portscans and portsweeps.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>DCE/RPC2 Detection</td> + <td width="78%" class="vtable"> + <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + The dcerpc preprocessor detects and decodes SMB and DCE/RPC traffic.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>DNS Detection</td> + <td width="78%" class="vtable"> + <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + The dns preprocessor (currently) decodes DNS Response traffic and detects a few vulnerabilities.</td> + </tr> <tr> <td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td> <td width="78%" class="vtable"> <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> - <br> <span class="vexpl">Example: "443 465 563 636 989 990 992 993 994 995".</span></td> + <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br> + Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 14d9e01c..e98244d0 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -29,7 +29,7 @@ */ require("guiconfig.inc"); -require("filter.inc"); +require_once("filter.inc"); require_once("service-utils.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { |