aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/base_file.php23
-rw-r--r--config/snort-dev/snortDBbin16384 -> 16384 bytes
-rw-r--r--config/snort-dev/snortDBrulesbin12288 -> 12288 bytes
-rw-r--r--config/snort-dev/snort_barnyard.php259
-rw-r--r--config/snort-dev/snort_define_servers.php420
-rw-r--r--config/snort-dev/snort_help_info.php2
-rw-r--r--config/snort-dev/snort_interfaces_edit.php4
-rw-r--r--config/snort-dev/snort_json_post.php235
-rw-r--r--config/snort-dev/snort_preprocessors.php307
9 files changed, 1146 insertions, 104 deletions
diff --git a/config/snort-dev/base_file.php b/config/snort-dev/base_file.php
index 003c0b63..168a39fb 100644
--- a/config/snort-dev/base_file.php
+++ b/config/snort-dev/base_file.php
@@ -80,15 +80,13 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
<div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
<ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li class="newtabmenu_active"><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li>
- </li>
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
</ul>
</div>
@@ -104,8 +102,11 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
<form id="iform" >
<input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
- <input type="hidden" name="dbTable" value="SnortSettings" /> <!-- what db-->
- <input type="hidden" name="ifaceTab" value="snort_interfaces_global" /> <!-- what interface tab -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_interfaces_edit" /> <!-- what interface tab -->
+
+
</form>
diff --git a/config/snort-dev/snortDB b/config/snort-dev/snortDB
index 59c4d6f4..bb2f5c7b 100644
--- a/config/snort-dev/snortDB
+++ b/config/snort-dev/snortDB
Binary files differ
diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules
index 24c8207f..7a0acc3f 100644
--- a/config/snort-dev/snortDBrules
+++ b/config/snort-dev/snortDBrules
Binary files differ
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php
new file mode 100644
index 00000000..aea0d93d
--- /dev/null
+++ b/config/snort-dev/snort_barnyard.php
@@ -0,0 +1,259 @@
+<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid);
+
+ if (!is_array($a_list))
+ {
+ $a_list = array();
+ }
+
+
+
+ $pgtitle = "Snort: Interface: Barnyard2 Edit";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+
+<!-- START page custom script -->
+<script language="JavaScript">
+
+// start a jQuery sand box
+jQuery(document).ready(function() {
+
+ // START disable option for snort_interfaces_edit.php
+ endis = !(jQuery('input[name=barnyard_enable]:checked').val());
+
+ disableInputs=new Array(
+ "barnyard_mysql",
+ "barnconfigpassthru",
+ "dce_rpc",
+ "dns_preprocessor",
+ "ftp_preprocessor",
+ "http_inspect",
+ "other_preprocs",
+ "perform_stat",
+ "sf_portscan",
+ "smtp_preprocessor"
+ );
+
+
+ jQuery('[name=interface]').attr('disabled', 'true');
+
+
+ if (endis)
+ {
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true');
+ }
+ }
+
+ jQuery("input[name=barnyard_enable]").live('click', function() {
+
+ endis = !(jQuery('input[name=barnyard_enable]:checked').val());
+
+ if (endis)
+ {
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true');
+ }
+ }else{
+ for (var i = 0; i < disableInputs.length; i++)
+ {
+ jQuery('[name=' + disableInputs[i] + ']').removeAttr('disabled');
+ }
+ }
+
+
+ });
+ // STOP disable option for snort_interfaces_edit.php
+
+
+}); // end of on ready
+
+</script>
+
+
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<div id="loadingWaiting">
+ <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_barnyard" /> <!-- what interface tab -->
+
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Barnyard2 Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_enable" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['barnyard_enable'] == 'on' || $a_list['barnyard_enable'] == '' ? 'checked' : '';?> >
+ <span class="vexpl"><strong>Enable Barnyard2 on this Interface</strong><br>
+ This will enable barnyard2 for this interface. You will also have to set the database credentials.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld" >
+ <option value="wan" selected><?=strtoupper($a_list['interface']); ?></option>
+ </select>
+ <br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Mysql Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=$a_list['barnyard_mysql']; ?>">
+ <br>
+ <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br>
+ Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td>
+ <td width="78%" class="vtable">
+ <textarea name="barnconfigpassthru" cols="75" rows="12" id="barnconfigpassthru" class="formpre2"><?=$a_list['barnconfigpassthru']; ?></textarea>
+ <br>
+ <span class="vexpl">Arguments here will be automatically inserted into the running barnyard2 configuration.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input type="button" class="formbtn" value="Cancel" >
+ <input name="uuid" type="hidden" value="<?=$uuid; ?>">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ Please save your settings befor you click start.</span>
+ </td>
+ </tr>
+
+
+ </form>
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php
new file mode 100644
index 00000000..b6b83b56
--- /dev/null
+++ b/config/snort-dev/snort_define_servers.php
@@ -0,0 +1,420 @@
+<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid);
+
+
+ $pgtitle = "Snort: Interface Define Servers:";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<div id="loadingWaiting">
+ <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_define_servers" /> <!-- what interface tab -->
+
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl">
+ <span class="red"><strong>Note:</strong></span><br>
+ Please save your settings before you click start.<br>
+ Please make sure there are <strong>no spaces</strong> in your definitions.
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Define Servers</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=$a_list['def_dns_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=$a_list['def_dns_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=$a_list['def_smtp_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=$a_list['def_smtp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td>
+ <td width="78%" class="vtable">
+ <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=$a_list['def_mail_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=$a_list['def_http_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=$a_list['def_www_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=$a_list['def_http_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=$a_list['def_sql_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=$a_list['def_oracle_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=$a_list['def_mssql_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=$a_list['def_telnet_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=$a_list['def_telnet_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=$a_list['def_snmp_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=$a_list['def_snmp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=$a_list['def_ftp_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=$a_list['def_ftp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=$a_list['def_ssh_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=$a_list['def_ssh_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=$a_list['def_pop_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=$a_list['def_pop2_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=$a_list['def_pop3_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td>
+ <td width="78%" class="vtable">
+ <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=$a_list['def_imap_servers']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=$a_list['def_imap_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td>
+ <td width="78%" class="vtable">
+ <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=$a_list['def_sip_proxy_ip']; ?>">
+ <br>
+ <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=$a_list['def_sip_proxy_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=$a_list['def_auth_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=$a_list['def_finger_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=$a_list['def_irc_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=$a_list['def_nntp_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=$a_list['def_rlogin_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=$a_list['def_rsh_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=$a_list['def_ssl_ports']; ?>">
+ <br>
+ <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ <input name="uuid" type="hidden" value="<?=$uuid; ?>">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click start.</span>
+ </td>
+ </tr>
+
+
+
+
+ </form>
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>
diff --git a/config/snort-dev/snort_help_info.php b/config/snort-dev/snort_help_info.php
index cd757d3e..2d6b68ce 100644
--- a/config/snort-dev/snort_help_info.php
+++ b/config/snort-dev/snort_help_info.php
@@ -230,7 +230,7 @@ jQuery(document).ready(function() {
<p><font size="5"><strong>Change Log</strong></font></p>
- <p>Changes to this package can be viewed by following <a href="https://rcs.pfsense.org/projects/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>pfSense packages repository</strong></font></a></p>
+ <p>Changes to this package can be viwed by following <a href="https://rcs.pfsense.org/projects/pfsense-packages" target="_blank"><font size="2" color="#990000"><strong>pfSense packages repository</strong></font></a></p>
</div>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 223e7b1e..aec03e3b 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -418,8 +418,8 @@ jQuery(document).ready(function() {
<td width="22%" valign="top"></td>
<td width="78%">
<input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">
- <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ <input name="Submit2" type="submit" class="formbtn" value="Start">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
<input name="uuid" type="hidden" value="<?=$uuid; ?>" >
</td>
</tr>
diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php
index 8aa5b8ea..3fea91c0 100644
--- a/config/snort-dev/snort_json_post.php
+++ b/config/snort-dev/snort_json_post.php
@@ -23,6 +23,27 @@ $snortJsonReturnCode_fail = '
}
';
+ function snortJsonReturnCode($returnStatus)
+ {
+
+ if ($returnStatus == true)
+ {
+ echo '
+ {
+ "snortgeneralsettings": "success", "snortUnhideTabs": "true"
+ }
+ ';
+ }else{
+ echo '
+ {
+ "snortgeneralsettings": "fail"
+ }
+ ';
+ }
+
+ }
+
+
// row from db by uuid
if ($_POST['RMlistDelRow'] == 1)
{
@@ -65,109 +86,143 @@ if ($_POST['RMlistDelRow'] == 1)
// general settings save
if ($_POST['snortSaveSettings'] == 1)
{
-
+
// Save general settings
if ($_POST['dbTable'] == 'SnortSettings')
- {
-
- if ($_POST['ifaceTab'] == 'snort_interfaces_global')
- {
- // checkboxes when set to off never get included in POST thus this code
- $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
-
- }
-
- if ($_POST['ifaceTab'] == 'snort_alerts')
- {
-
- if (!isset($_POST['arefresh']))
- $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
-
- }
-
- if ($_POST['ifaceTab'] == 'snort_blocked')
- {
-
- if (!isset($_POST['brefresh']))
- $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
-
- }
-
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
-
- // update date on every save
- $_POST['date'] = date(U);
-
-
- //print_r($_POST);
- //return true;
-
- conf_mount_rw();
- snortSql_updateSettings($_POST['dbName'], $_POST, 'id', '1');
- conf_mount_ro();
-
- } // end of dbTable SnortSettings
+ {
+
+ if ($_POST['ifaceTab'] == 'snort_interfaces_global')
+ {
+ // checkboxes when set to off never get included in POST thus this code
+ $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_alerts')
+ {
+
+ if (!isset($_POST['arefresh']))
+ $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
+
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_blocked')
+ {
+
+ if (!isset($_POST['brefresh']))
+ $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
+
+ }
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ // update date on every save
+ $_POST['date'] = date(U);
+
+ //print_r($_POST);
+ //return true;
+
+ conf_mount_rw();
+ snortSql_updateSettings($_POST['dbName'], $_POST, 'id', '1');
+ conf_mount_ro();
+
+ echo '
+ {
+ "snortgeneralsettings": "success"
+ }
+ ';
+ return true;
+
+ } // end of dbTable SnortSettings
// Save rules settings
if ($_POST['dbTable'] == 'Snortrules')
{
-
- if ($_POST['ifaceTab'] == 'snort_interfaces_edit')
- {
-
- if (!isset($_POST['enable']))
- $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
+
+ // snort interface edit
+ if ($_POST['ifaceTab'] == 'snort_interfaces_edit')
+ {
+
+ if (!isset($_POST['enable']))
+ $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
+
+ if (!isset($_POST['blockoffenders7']))
+ $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
+
+ if (!isset($_POST['alertsystemlog']))
+ $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
+
+ if (!isset($_POST['tcpdumplog']))
+ $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
+
+ if (!isset($_POST['snortunifiedlog']))
+ $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
+
+ // convert textbox to base64
+ $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
- if (!isset($_POST['blockoffenders7']))
- $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
-
- if (!isset($_POST['alertsystemlog']))
- $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
+ }
+
+ // snort preprocessor edit
+ if ($_POST['ifaceTab'] == 'snort_preprocessors')
+ {
- if (!isset($_POST['tcpdumplog']))
- $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
+ if (!isset($_POST['dce_rpc_2']))
+ $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']);
+
+ if (!isset($_POST['dns_preprocessor']))
+ $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']);
+
+ if (!isset($_POST['ftp_preprocessor']))
+ $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']);
+
+ if (!isset($_POST['http_inspect']))
+ $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']);
+
+ if (!isset($_POST['other_preprocs']))
+ $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']);
+
+ if (!isset($_POST['perform_stat']))
+ $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']);
+
+ if (!isset($_POST['sf_portscan']))
+ $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']);
+
+ if (!isset($_POST['smtp_preprocessor']))
+ $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']);
+
+ }
- if (!isset($_POST['snortunifiedlog']))
- $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
+ // snort barnyard edit
+ if ($_POST['ifaceTab'] == 'snort_barnyard')
+ {
+ // make shure iface is lower case
+ $_POST['interface'] = strtolower($_POST['interface']);
- // convert textbox to base64
- $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
+ if (!isset($_POST['barnyard_enable']))
+ $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']);
+
+ }
+
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ // update date on every save
+ $_POST['date'] = date(U);
- }
-
- // unhide tabs Json
- if ($_POST['ifaceTab'] == 'snort_interfaces_edit')
- {
- $snortUnhideTabs = ', "snortUnhideTabs": "true"';
- }
-
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
-
- // update date on every save
- $_POST['date'] = date(U);
-
-
- //print_r($_POST);
- //return true;
-
- conf_mount_rw();
- snortSql_updateSettings($_POST['dbName'], $_POST, 'uuid', $_POST['uuid']);
- conf_mount_ro();
+
+ //print_r($_POST);
+ //return true;
+
+ snortJsonReturnCode(snortSql_updateSettings($_POST['dbName'], $_POST, 'uuid', $_POST['uuid']));
} // end of dbTable Snortrules
-
- echo '
- {
- "snortgeneralsettings": "success"' . $snortUnhideTabs . '
- }
- ';
- return true;
-
-}
+
+
+} // STOP General Settings Save
// Suppress settings save
if ($_POST['snortSaveSuppresslist'] == 1)
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php
new file mode 100644
index 00000000..bca52a65
--- /dev/null
+++ b/config/snort-dev/snort_preprocessors.php
@@ -0,0 +1,307 @@
+<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+ echo 'error: no uuid';
+ exit(0);
+}
+
+
+$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid);
+
+ $pgtitle = "Snort: Interface Preprocessors and Flow";
+ include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<div id="loadingWaiting">
+ <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p>
+</div>
+
+<?php include("fbegin.inc"); ?>
+<!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2">
+<a href="../index.php" id="status-link2">
+<img src="./images/transparent.gif" border="0"></img>
+</a>
+</div>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+
+ <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="newtabmenu">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+ <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+ <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+ <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+ <li class="newtabmenu_active"><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+ <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td id="tdbggrey">
+ <table width="100%" border="0" cellpadding="10px" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <!-- START MAIN AREA -->
+
+ <form id="iform" >
+ <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_preprocessors" /> <!-- what interface tab -->
+
+
+
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl">
+ <span class="red"><strong>Note:</strong></span>
+ <br>
+ <span class="vexpl">Rules may be dependent on preprocessors!<br>
+ Defaults will be used when there is no user input.</span><br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Performance Statistics</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="perform_stat" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['perform_stat'] == 'on' || $a_list['perform_stat'] == '' ? 'checked' : '';?> >
+ <span class="vexpl">Performance Statistics for this interface.</span>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable">
+ <input name="http_inspect" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['http_inspect'] == 'on' || $a_list['http_inspect'] == '' ? 'checked' : '';?> >
+ <span class="vexpl">Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.</span>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">HTTP server flow depth</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=$a_list['flow_depth']; ?>">
+ <span class="vexpl"><strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</span>
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl">Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.
+ <br>
+ Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is <strong>0</strong></span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Bytes</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="max_queued_bytes" type="text" class="formfld" id="max_queued_bytes" size="5" value="<?=$a_list['max_queued_bytes']; ?>">
+ <span class="vexpl">Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>1048576</strong>, <strong>0</strong>means Maximum )</span>
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl">The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is <strong>1048576</strong></span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell2">Max Queued Segs</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <input name="max_queued_segs" type="text" class="formfld" id="max_queued_segs" size="5" value="<?=$a_list['max_queued_segs']; ?>" >
+ <span class="vexpl">Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>2621</strong>, <strong>0</strong> means Maximum )</span>
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl">The number of segments to be queued for reassembly for TCP sessions in memory. Default value is <strong>2621</strong></span>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Preprocessor Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable <br>
+ RPC Decode and Back Orifice detector
+ </td>
+ <td width="78%" class="vtable">
+ <input name="other_preprocs" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['other_preprocs'] == 'on' || $a_list['other_preprocs'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ FTP and Telnet Normalizer
+ </td>
+ <td width="78%" class="vtable">
+ <input name="ftp_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['ftp_preprocessor'] == 'on' || $a_list['ftp_preprocessor'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Normalize/Decode FTP and Telnet traffic and protocol anomalies.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ SMTP Normalizer
+ </td>
+ <td width="78%" class="vtable">
+ <input name="smtp_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['smtp_preprocessor'] == 'on' || $a_list['smtp_preprocessor'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Normalize/Decode SMTP protocol for enforcement and buffer overflows.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ Portscan Detection
+ </td>
+ <td width="78%" class="vtable">
+ <input name="sf_portscan" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['sf_portscan'] == 'on' || $a_list['sf_portscan'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">Detects various types of portscans and portsweeps.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ DCE/RPC2 Detection
+ </td>
+ <td width="78%" class="vtable">
+ <input name="dce_rpc_2" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['dce_rpc_2'] == 'on' || $a_list['dce_rpc_2'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">
+ Enable
+ <br>
+ DNS Detection
+ </td>
+ <td width="78%" class="vtable">
+ <input name="dns_preprocessor" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['dns_preprocessor'] == 'on' || $a_list['dns_preprocessor'] == '' ? 'checked' : '';?> >
+ <br>
+ <span class="vexpl">The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
+ <td width="78%" class="vtable">
+ <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=$a_list['def_ssl_ports_ignore']; ?>" >
+ <br>
+ <span class="vexpl">Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.
+ <br>
+ Default: "443 465 563 636 989 990 992 993 994 995". <strong>Please use spaces and not commas.</strong></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel" >
+ <input name="uuid" type="hidden" value="<?=$a_list['uuid']; ?>">
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl">
+ <span class="vexpl"><span class="red"><strong>Note:</strong></span> Please save your settings before you click Start.</span>
+ </td>
+ </tr>
+
+
+ </form>
+ <!-- STOP MAIN AREA -->
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</div>
+
+
+<!-- footer do not touch below -->
+<?php
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>