diff options
Diffstat (limited to 'config/snort-dev')
59 files changed, 0 insertions, 21608 deletions
diff --git a/config/snort-dev/NOTES.txt b/config/snort-dev/NOTES.txt deleted file mode 100644 index b8c61c39..00000000 --- a/config/snort-dev/NOTES.txt +++ /dev/null @@ -1,17 +0,0 @@ - - -March 26 2019 -Snort-dev 2.8.5.3 pk v. 18 final - -Final day. - -Odds and ends left. - -2.0 group snort gets lost on reboot. - -Pierre POMES code needs to be added. - -Threshold tab needs to be added. - - -Done. diff --git a/config/snort-dev/bin/7.2.x86/barnyard2 b/config/snort-dev/bin/7.2.x86/barnyard2 Binary files differdeleted file mode 100644 index 9266051c..00000000 --- a/config/snort-dev/bin/7.2.x86/barnyard2 +++ /dev/null diff --git a/config/snort-dev/bin/8.0.x86/barnyard2 b/config/snort-dev/bin/8.0.x86/barnyard2 Binary files differdeleted file mode 100755 index 43476338..00000000 --- a/config/snort-dev/bin/8.0.x86/barnyard2 +++ /dev/null diff --git a/config/snort-dev/bin/8.0.x86/md5_files b/config/snort-dev/bin/8.0.x86/md5_files deleted file mode 100644 index 3b283d80..00000000 --- a/config/snort-dev/bin/8.0.x86/md5_files +++ /dev/null @@ -1,9 +0,0 @@ -#For Freebsd 8.0 - - -MD5 (pcre-8.00.tbz) = 8a1ac82500efccefc6418856e27b6cc1 -MD5 (snort-2.8.5.3.tbz) = 826c15872c6d19bcbe2408fb34d165b9 -MD5 (perl-5.10.1.tbz) = f71020a8bd0f197c9bf70eb6d03b92af -MD5 (mysql-client-5.1.45.tbz) = 9cb5878ae922c3d4d0e31efe5712a90a -MD5 (barnyard2) = 4dbff13291a2b8c5018b7ab62f574bc8 - diff --git a/config/snort-dev/bin/8.0.x86/md5_files~ b/config/snort-dev/bin/8.0.x86/md5_files~ deleted file mode 100644 index 3b283d80..00000000 --- a/config/snort-dev/bin/8.0.x86/md5_files~ +++ /dev/null @@ -1,9 +0,0 @@ -#For Freebsd 8.0 - - -MD5 (pcre-8.00.tbz) = 8a1ac82500efccefc6418856e27b6cc1 -MD5 (snort-2.8.5.3.tbz) = 826c15872c6d19bcbe2408fb34d165b9 -MD5 (perl-5.10.1.tbz) = f71020a8bd0f197c9bf70eb6d03b92af -MD5 (mysql-client-5.1.45.tbz) = 9cb5878ae922c3d4d0e31efe5712a90a -MD5 (barnyard2) = 4dbff13291a2b8c5018b7ab62f574bc8 - diff --git a/config/snort-dev/bin/barnyard2 b/config/snort-dev/bin/barnyard2 Binary files differdeleted file mode 100644 index b942e87f..00000000 --- a/config/snort-dev/bin/barnyard2 +++ /dev/null diff --git a/config/snort-dev/bin/oinkmaster_contrib/README.contrib b/config/snort-dev/bin/oinkmaster_contrib/README.contrib deleted file mode 100644 index 6923fa26..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/README.contrib +++ /dev/null @@ -1,84 +0,0 @@ -# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ # - -------------------------------------------------------------------------------- -* oinkgui.pl by Andreas Östling <andreaso@it.su.se> - - A graphical front-end to Oinkmaster written in Perl/Tk. - See README.gui for complete documentation. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* addsid.pl by Andreas Östling <andreaso@it.su.se> - - A script that parses *.rules in all specified directories and adds a - SID to (active) rules that don't have any. (Actually, rev and classtype - are also added if missing, unless you edit addsid.pl and tune this.) The - script first looks for the current highest SID (even in inactive rules) - and starts at the next one, unless this value is below MIN_SID (defined - inside addsid.pl). By default, this value is set to 1000001 since this - is the lowest SID assigned for local usage. Handles multi-line rules. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* create-sidmap.pl by Andreas Östling <andreaso@it.su.se> - - A script that parses all active rules in *.rules in all specified - directories and creates a SID map. (Like Snort's regen-sidmap, but this - one handles multi-line rules.) Result goes to standard output which can - be redirected to a sid-msg.map file. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* makesidex.pl, originally by Jerry Applebaum but later rewritten by - Andreas Östling <andreaso@it.su.se> to handle multi-line rules and - multiple rules directories. - - It reads *.rules in all specified directories, looks for all disabled - rules and prints a "disablesid <sid> # <msg>" line for each disabled rule. - The output can be appended to oinkmaster.conf. - Useful to new Oinkmaster users. -------------------------------------------------------------------------------- - - - -------------------------------------------------------------------------------- -* addmsg.pl by Andreas Östling <andreaso@it.su.se>: - - A script that will parse your oinkmaster.conf for - localsid/enablesid/disablesid lines and add their rule message as a #comment. - If your oinkmaster.conf looks like this before addmsg.pl has been run: - - disablesid 286 - disablesid 287 - disablesid 288 - - It will look something like this afterward: - - disablesid 286 # POP3 EXPLOIT x86 bsd overflow - disablesid 287 # POP3 EXPLOIT x86 bsd overflow - disablesid 288 # POP3 EXPLOIT x86 linux overflow - - addmsg.pl will not touch lines that already has a comment in them. - It's not able to handle SID lists when written like this: - disablesid 1,2,3, ... - But it should handle them if written like this: - disablesid \ - 1, \ - 2, \ - 3 - - The new config file will be printed to standard output, so you - probably want to redirect the output to a file, for example: - - ./addmsg.pl oinkmaster.conf rules/ > oinkmaster.conf.new - - If oinkmaster.conf.new looks ok, simply rename it to oinkmaster.conf. - Do NOT redirect to the same file you read from, as this will destroy - that file. -------------------------------------------------------------------------------- diff --git a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl b/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl deleted file mode 100644 index e5866d6f..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/addmsg.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: addmsg.pl,v 1.19 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -my $USAGE = << "RTFM"; - -Parse Oinkmaster configuration file and add the rule's "msg" string as a -#comment for each disablesid/enablesid line. - -Usage: $0 <oinkmaster.conf> <rulesdir> [rulesdir2, ...] - -The new config file will be printed to standard output, so you -probably want to redirect the output to a new file (*NOT* the same -file you used as input, because that will destroy the file!). -For example: - -$0 /etc/oinkmaster.conf /etc/rules/ > oinkmaster.conf.new - -If oinkmaster.conf.new looks ok, simply rename it to /etc/oinkmaster.conf. - -RTFM - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - - -my $config = shift || die($USAGE); - -my @rulesdirs = @ARGV; -die($USAGE) unless ($#rulesdirs > -1); - -my $verbose = 1; -my (%sidmsgmap, %config); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - - -# Read in oinkmaster.conf. -open(CONFIG, "<" , "$config") or die("could not open \"$config\" for reading: $!\n"); -my @config = <CONFIG>; -close(CONFIG); - - -# Read in *.rules in all rulesdirs and create %sidmsgmap ($sidmsgmap{sid} = msg). -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "<", "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $sidmsgmap{$sid} = $msg - if (defined($single)); - } - } -} - - -# Print new oinkmaster.conf. -while ($_ = shift(@config)) { - if (/^\s*(?:disable|enable|local)sid\s+(\d+)\s*$/ || /^\s*(\d+)\s*,\s*\\$/ || /^\s*(\d+)\s*$/) { - my $sid = $1; - my $is_multiline = 0; - chomp; - - if (/\\$/) { - $is_multiline = 1; - s/\\$//; - } - - $_ = sprintf("%-25s", $_); - if (exists($sidmsgmap{$sid})) { - print "$_ # $sidmsgmap{$sid}"; - } else { - print "$_"; - } - print " \\" if ($is_multiline); - print "\n"; - } else { - print; - } -} - - - -# From oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# From oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl b/config/snort-dev/bin/oinkmaster_contrib/addsid.pl deleted file mode 100644 index 64255d22..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/addsid.pl +++ /dev/null @@ -1,382 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: addsid.pl,v 1.30 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); -sub get_next_available_sid(@); - - -# Set this to the default classtype you want to add, if missing. -# Set to 0 or "" if you don't want to add a classtype. -my $CLASSTYPE = "misc-attack"; - -# If ADD_REV is set to 1, "rev: 1;" will be added to rule if it has no rev. -# Set to 0 if you don't want to add it. -my $ADD_REV = 1; - -# Minimum SID to add. Normally, the next available SID will be used, -# unless it's below this value. Only SIDs >= 1000000 are reserved for -# personal use. -my $MIN_SID = 1000001; - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and add "sid:<sid>;" to -active rules that don't have any "sid" entry, starting with the next -available SID after parsing all rules files (but $MIN_SID at minumum). -Also, "rev:1;" is added to rules without a "rev" entry, and -"classtype:misc-attack;" is added to rules without a "classtype" entry -(edit options at the top of $0 if you want to change this). - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - - -# Start in verbose mode. -my $verbose = 1; - -my (%all_sids, %active_sids, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - -# Find out the next available SID. -my $next_sid = get_next_available_sid(@rulesdirs); - -# Avoid seeing possible warnings about broken rules twice. -$verbose = 0; - -# Add sid/rev/classtype to active rules that don't have any. -foreach my $dir (@rulesdirs) { - opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(OLDFILE, "$dir/$file") - or die("could not open \"$dir/$file\": $!\n"); - my @file = <OLDFILE>; - close(OLDFILE); - - open(NEWFILE, ">", "$dir/$file") - or die("could not open \"$dir/$file\" for writing: $!\n"); - - my ($single, $multi, $nonrule, $msg, $sid); - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - - if (defined($nonrule)) { - print NEWFILE "$nonrule"; - next; - } - - $multi = $single unless (defined($multi)); - - # Don't care about inactive rules. - if ($single =~ /^\s*#/) { - print NEWFILE "$multi"; - next; - } - - my $added; - - # Add SID. - if ($single !~ /sid\s*:\s*\d+\s*;/) { - $added .= "SID $next_sid,"; - $multi =~ s/\)\s*\n/sid:$next_sid;)\n/; - $next_sid++; - } - - # Add revision. - if ($ADD_REV && $single !~ /rev\s*:\s*\d+\s*;/) { - $added .= "rev,"; - $multi =~ s/\)\s*\n/rev:1;)\n/; - } - - # Add classtype. - if ($CLASSTYPE && $single !~ /classtype\s*:\s*.+\s*;/) { - $added .= "classtype $CLASSTYPE,"; - $multi =~ s/\)\s*\n/classtype:$CLASSTYPE;)\n/; - } - - if (defined($added)) { - $added =~ s/,$//; - print "Adding $added to rule \"$msg\"\n" - if (defined($added)); - } - - print NEWFILE "$multi"; - } - - close(NEWFILE); - } - - closedir(RULESDIR); -} - - - -# Read in *.rules in given directory and return highest SID. -sub get_next_available_sid(@) -{ - my @dirs = @_; - - foreach my $dir (@dirs) { - opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n"); - - # Only care about *.rules. - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(OLDFILE, "<$dir/$file") or die("could not open \"$dir/$file\": $!\n"); - my @file = <OLDFILE>; - close(OLDFILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single) && defined($sid)) { - $all_sids{$sid}++; - - # If this is an active rule add to %active_sids and - # warn if it already exists. - if ($single =~ /^\s*alert/) { - print STDERR "WARNING: duplicate SID: $sid\n" - if (exists($active_sids{$sid})); - $active_sids{$sid}++ - } - } - } - } - } - - # Sort sids and use highest one + 1, unless it's below MIN_SID. - @_ = sort {$a <=> $b} keys(%all_sids); - my $sid = pop(@_); - - if (!defined($sid)) { - $sid = $MIN_SID - } else { - $sid++; - } - - # If it's below MIN_SID, use MIN_SID instead. - $sid = $MIN_SID if ($sid < $MIN_SID); - - return ($sid) -} - - - -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# From oinkmaster.pl except that this version -# has been modified so that the sid is *optional*. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; -# } else { -# return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl b/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl deleted file mode 100644 index 26a9040c..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl +++ /dev/null @@ -1,280 +0,0 @@ -#!/usr/local/bin/perl -w - -# $Id: create-sidmap.pl,v 1.21 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - -# Files to ignore. -my %skipfiles = ( - 'deleted.rules' => 1, -); - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse active rules in *.rules in one or more directories and create a SID -map. Result is sent to standard output, which can be redirected to a -sid-msg.map file. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%sidmap, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - - -# Read in all rules from each rules file (*.rules) in each rules dir. -# into %sidmap. -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - next if ($skipfiles{$file}); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single)) { - - warn("WARNING: duplicate SID: $sid (discarding old)\n") - if (exists($sidmap{$sid})); - - $sidmap{$sid} = "$sid || $msg"; - - # Print all references. Borrowed from Brian Caswell's regen-sidmap script. - my $ref = $single; - while ($ref =~ s/(.*)reference\s*:\s*([^\;]+)(.*)$/$1 $3/) { - $sidmap{$sid} .= " || $2" - } - - $sidmap{$sid} .= "\n"; - } - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%sidmap)) { - print "$sidmap{$sid}"; -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl b/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl deleted file mode 100644 index 80354735..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/makesidex.pl +++ /dev/null @@ -1,261 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use strict; - -sub get_next_entry($ $ $ $ $ $); -sub parse_singleline_rule($ $ $); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -my $USAGE = << "RTFM"; - -Parse *.rules in one or more directories and look for all rules that are -disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to -standard output for all those rules. This output can be redirected to a -file, which will be understood by Oinkmaster. - -Usage: $0 <rulesdir> [rulesdir2, ...] - -RTFM - -my $verbose = 1; - -my (%disabled, %config); - -my @rulesdirs = @ARGV; - -die($USAGE) unless ($#rulesdirs > -1); - -$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic"; - -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -foreach my $rulesdir (@rulesdirs) { - opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n"); - - while (my $file = readdir(RULESDIR)) { - next unless ($file =~ /\.rules$/); - - open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n"); - my @file = <FILE>; - close(FILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - $single = $multi if (defined($multi)); - $disabled{$sid} = $msg - if (defined($single) && $single =~ /^\s*#/); - } - } -} - -# Print results. -foreach my $sid (sort { $a <=> $b } keys(%disabled)) { - printf("%-25s # %s\n", "disablesid $sid", $disabled{$sid}); -} - - - -# Same as in oinkmaster.pl. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - } else { # non-rule line - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid or msg?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Same as in oinkmaster.pl. -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl b/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl deleted file mode 100644 index 4e96f7db..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/oinkgui.pl +++ /dev/null @@ -1,1046 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: oinkgui.pl,v 1.52 2005/12/31 13:42:46 andreas_o Exp $ # - -# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use 5.006001; - -use strict; -use File::Spec; -use Tk; -use Tk::Balloon; -use Tk::BrowseEntry; -use Tk::FileSelect; -use Tk::NoteBook; -use Tk::ROText; - -use constant CSIDL_DRIVES => 17; - -sub update_rules(); -sub clear_messages(); -sub create_cmdline($); -sub fileDialog($ $ $ $); -sub load_config(); -sub save_config(); -sub save_messages(); -sub update_file_label_color($ $ $); -sub create_fileSelectFrame($ $ $ $ $ $); -sub create_checkbutton($ $ $); -sub create_radiobutton($ $ $); -sub create_actionbutton($ $ $); -sub execute_oinkmaster(@); -sub logmsg($ $); - - -my $version = 'Oinkmaster GUI v1.1'; - -my @oinkmaster_conf = qw( - /etc/oinkmaster.conf - /usr/local/etc/oinkmaster.conf -); - -# List of URLs that will show up in the URL BrowseEntry. -my @urls = qw( - http://www.bleedingsnort.com/bleeding.rules.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz - http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz - http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.3.tar.gz -); - -my %color = ( - background => 'Bisque3', - button => 'Bisque2', - label => 'Bisque1', - notebook_bg => 'Bisque2', - notebook_inact => 'Bisque3', - file_label_ok => '#00e000', - file_label_not_ok => 'red', - out_frame_fg => 'white', - out_frame_bg => 'black', - entry_bg => 'white', - button_active => 'white', - button_bg => 'Bisque4', -); - -my %config = ( - animate => 1, - careful => 0, - enable_all => 0, - check_removed => 0, - output_mode => 'normal', - diff_mode => 'detailed', - perl => $^X, - oinkmaster => "", - oinkmaster_conf => "", - outdir => "", - url => "", - varfile => "", - backupdir => "", - editor => "", -); - -my %help = ( - - # File locations. - oinkscript => 'Location of the executable Oinkmaster script (oinkmaster.pl).', - oinkconf => 'The Oinkmaster configuration file to use.', - outdir => 'Where to put the new rules. This should be the directory where you '. - 'store your current rules.', - - url => 'Alternate location of rules archive to download/copy. '. - 'Leave empty to use the location set in oinkmaster.conf.', - varfile => 'Variables that exist in downloaded snort.conf but not in '. - 'this file will be added to it. Leave empty to skip.', - backupdir => 'Directory to put tarball of old rules before overwriting them. '. - 'Leave empty to skip backup.', - editor => 'Full path to editor to execute when pressing the "edit" button '. - '(wordpad is recommended on Windows). ', - - # Checkbuttons. - careful => 'In careful mode, Oinkmaster will just check for changes, '. - 'not update anything.', - enable => 'Some rules may be commented out by default (for a reason!). '. - 'This option will make Oinkmaster enable those.', - removed => 'Check for rules files that exist in the output directory but not '. - 'in the downloaded rules archive.', - - # Action buttons. - clear => 'Clear current output messages.', - save => 'Save current output messages to file.', - exit => 'Exit the GUI.', - update => 'Execute Oinkmaster to update the rules.', - test => 'Test current Oinkmaster configuration. ' . - 'If there are no fatal errors, you are ready to update the rules.', - version => 'Request version information from Oinkmaster.', -); - - -my $gui_config_file = ""; -my $use_fileop = 0; - - -#### MAIN #### - -select STDERR; -$| = 1; -select STDOUT; -$| = 1; - -# Find out if can use Win32::FileOp. -if ($^O eq 'MSWin32') { - BEGIN { $^W = 0 } - $use_fileop = 1 if (eval "require Win32::FileOp"); -} - -# Find out which oinkmaster.pl file to default to. -foreach my $dir (File::Spec->path()) { - my $file = "$dir/oinkmaster"; - if (-f "$file" && (-x "$file" || $^O eq 'MSWin32')) { - $config{oinkmaster} = $file; - last; - } elsif (-f "$file.pl" && (-x "$file" || $^O eq 'MSWin32')) { - $config{oinkmaster} = "$file.pl"; - last; - } -} - -# Find out which oinkmaster config file to default to. -foreach my $file (@oinkmaster_conf) { - if (-e "$file") { - $config{oinkmaster_conf} = $file; - last; - } -} - -# Find out where the GUI config file is (it's not required). -if ($ENV{HOME}) { - $gui_config_file = "$ENV{HOME}/.oinkguirc" -} elsif ($ENV{HOMEDRIVE} && $ENV{HOMEPATH}) { - $gui_config_file = "$ENV{HOMEDRIVE}$ENV{HOMEPATH}\\.oinkguirc"; -} - - -# Create main window. -my $main = MainWindow->new( - -background => "$color{background}", - -title => "$version", -); - - -# Create scrolled frame with output messages. -my $out_frame = $main->Scrolled('ROText', - -setgrid => 'true', - -scrollbars => 'e', - -background => $color{out_frame_bg}, - -foreground => $color{out_frame_fg}, -); - - -my $help_label = $main->Label( - -relief => 'groove', - -background => "$color{label}", -); - -my $balloon = $main->Balloon( - -statusbar => $help_label, -); - - -# Create notebook. -my $notebook = $main->NoteBook( - -ipadx => 6, - -ipady => 6, - -background => $color{notebook_bg}, - -inactivebackground => $color{notebook_inact}, - -backpagecolor => $color{background}, -); - - -# Create tab with required files/dirs. -my $req_tab = $notebook->add("required", - -label => "Required files and directories", - -underline => 0, -); - -$req_tab->configure(-bg => "$color{notebook_inact}"); - - -# Create frame with oinkmaster.pl location. -my $filetypes = [ - ['Oinkmaster script', 'oinkmaster.pl'], - ['All files', '*' ] -]; - -my $oinkscript_frame = - create_fileSelectFrame($req_tab, "oinkmaster.pl", 'EXECFILE', - \$config{oinkmaster}, 'NOEDIT', $filetypes); - -$balloon->attach($oinkscript_frame, -statusmsg => $help{oinkscript}); - - -# Create frame with oinkmaster.conf location. -$filetypes = [ - ['configuration files', '.conf'], - ['All files', '*' ] -]; - -my $oinkconf_frame = - create_fileSelectFrame($req_tab, "oinkmaster.conf", 'ROFILE', - \$config{oinkmaster_conf}, 'EDIT', $filetypes); - -$balloon->attach($oinkconf_frame, -statusmsg => $help{oinkconf}); - - -# Create frame with output directory. -my $outdir_frame = - create_fileSelectFrame($req_tab, "output directory", 'WRDIR', - \$config{outdir}, 'NOEDIT', undef); - -$balloon->attach($outdir_frame, -statusmsg => $help{outdir}); - - - -# Create tab with optional files/dirs. -my $opt_tab = $notebook->add("optional", - -label => "Optional files and directories", - -underline => 0, -); - -$opt_tab->configure(-bg => "$color{notebook_inact}"); - -# Create frame with alternate URL location. -$filetypes = [ - ['compressed tar files', '.tar.gz'] -]; - -my $url_frame = - create_fileSelectFrame($opt_tab, "Alternate URL", 'URL', - \$config{url}, 'NOEDIT', $filetypes); - -$balloon->attach($url_frame, -statusmsg => $help{url}); - - -# Create frame with variable file. -$filetypes = [ - ['Snort configuration files', ['.conf', '.config']], - ['All files', '*' ] -]; - -my $varfile_frame = - create_fileSelectFrame($opt_tab, "Variable file", 'WRFILE', - \$config{varfile}, 'EDIT', $filetypes); - -$balloon->attach($varfile_frame, -statusmsg => $help{varfile}); - - -# Create frame with backup dir location. -my $backupdir_frame = - create_fileSelectFrame($opt_tab, "Backup directory", 'WRDIR', - \$config{backupdir}, 'NOEDIT', undef); - -$balloon->attach($backupdir_frame, -statusmsg => $help{backupdir}); - - -# Create frame with editor location. -$filetypes = [ - ['executable files', ['.exe']], - ['All files', '*' ] -]; - -my $editor_frame = - create_fileSelectFrame($opt_tab, "Editor", 'EXECFILE', - \$config{editor}, 'NOEDIT', $filetypes); - -$balloon->attach($editor_frame, -statusmsg => $help{editor}); - - - -$notebook->pack( - -expand => 'no', - -fill => 'x', - -padx => '5', - -pady => '5', - -side => 'top' -); - - -# Create the frame to the left. -my $left_frame = $main->Frame( - -background => "$color{label}", - -border => '2', -)->pack( - -side => 'left', - -fill => 'y', -); - - -# Create "GUI settings" label. -$left_frame->Label( - -text => "GUI settings:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - -create_actionbutton($left_frame, "Load saved settings", \&load_config); -create_actionbutton($left_frame, "Save current settings", \&save_config); - - -# Create "options" label at the top of the left frame. -$left_frame->Label( - -text => "Options:", - -background => "$color{label}", -)->pack(-side => 'top', - -fill => 'x', -); - - -# Create checkbuttons in the left frame. -$balloon->attach( - create_checkbutton($left_frame, "Careful mode", \$config{careful}), - -statusmsg => $help{careful} -); - -$balloon->attach( - create_checkbutton($left_frame, "Enable all", \$config{enable_all}), - -statusmsg => $help{enable} -); - -$balloon->attach( - create_checkbutton($left_frame, "Check for removed files", \$config{check_removed}), - -statusmsg => $help{removed} -); - - -# Create "mode" label. -$left_frame->Label( - -text => "Output mode:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - -# Create mode radiobuttons in the left frame. -create_radiobutton($left_frame, "super-quiet", \$config{output_mode}); -create_radiobutton($left_frame, "quiet", \$config{output_mode}); -create_radiobutton($left_frame, "normal", \$config{output_mode}); -create_radiobutton($left_frame, "verbose", \$config{output_mode}); - -# Create "Diff mode" label. -$left_frame->Label( - -text => "Diff mode:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - -create_radiobutton($left_frame, "detailed", \$config{diff_mode}); -create_radiobutton($left_frame, "summarized", \$config{diff_mode}); -create_radiobutton($left_frame, "remove common", \$config{diff_mode}); - - -# Create "activity messages" label. -$main->Label( - -text => "Output messages:", - -width => '130', - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - - -# Pack output frame. -$out_frame->pack( - -expand => 'yes', - -fill => 'both', -); - - -# Pack help label below output window. -$help_label->pack( - -fill => 'x', -); - - -# Create "actions" label. -$left_frame->Label( - -text => "Actions:", - -background => "$color{label}", -)->pack( - -side => 'top', - -fill => 'x', -); - - -# Create action buttons. - -$balloon->attach( - create_actionbutton($left_frame, "Update rules!", \&update_rules), - -statusmsg => $help{update} -); - -$balloon->attach( - create_actionbutton($left_frame, "Clear output messages", \&clear_messages), - -statusmsg => $help{clear} -); - -$balloon->attach( - create_actionbutton($left_frame, "Save output messages", \&save_messages), - -statusmsg => $help{save} -); - -$balloon->attach( - create_actionbutton($left_frame, "Exit", \&exit), - -statusmsg => $help{exit} -); - - - -# Make the mousewheel scroll the output window. Taken from Mastering Perl/Tk. -if ($^O eq 'MSWin32') { - $out_frame->bind('<MouseWheel>' => - [ sub { $_[0]->yview('scroll', -($_[1] / 120) * 3, 'units')}, - Ev('D') ] - ); -} else { - $out_frame->bind('<4>' => sub { - $_[0]->yview('scroll', -3, 'units') unless $Tk::strictMotif; - }); - - $out_frame->bind('<5>' => sub { - $_[0]->yview('scroll', +3, 'units') unless $Tk::strictMotif; - }); -} - - - -# Now the fun begins. -if ($config{animate}) { - foreach (split(//, "Welcome to $version")) { - logmsg("$_", 'MISC'); - $out_frame->after(5); - } -} else { - logmsg("Welcome to $version", 'MISC'); -} - -logmsg("\n\n", 'MISC'); - -# Load gui settings into %config. -load_config(); - - -# Warn if any required file/directory is not set. -logmsg("No oinkmaster.pl set, please select one above!\n\n", 'ERROR') - if ($config{oinkmaster} !~ /\S/); - -logmsg("No oinkmaster configuration file set, please select one above!\n\n", 'ERROR') - if ($config{oinkmaster_conf} !~ /\S/); - -logmsg("Output directory is not set, please select one above!\n\n", 'ERROR') - if ($config{outdir} !~ /\S/); - - -MainLoop; - - - -#### END #### - - - -sub fileDialog($ $ $ $) -{ - my $var_ref = shift; - my $title = shift; - my $type = shift; - my $filetypes = shift; - my $dirname; - - if ($type eq 'WRDIR') { - if ($use_fileop) { - $dirname = Win32::FileOp::BrowseForFolder("title", CSIDL_DRIVES); - } else { - my $fs = $main->FileSelect(); - $fs->configure(-verify => ['-d', '-w'], -title => $title); - $dirname = $fs->Show; - } - $$var_ref = $dirname if ($dirname); - } elsif ($type eq 'EXECFILE' || $type eq 'ROFILE' || $type eq 'WRFILE' || $type eq 'URL') { - my $filename = $main->getOpenFile(-title => $title, -filetypes => $filetypes); - $$var_ref = $filename if ($filename); - } elsif ($type eq 'SAVEFILE') { - my $filename = $main->getSaveFile(-title => $title, -filetypes => $filetypes); - $$var_ref = $filename if ($filename); - } else { - logmsg("Unknown type ($type)\n", 'ERROR'); - } -} - - - -sub update_file_label_color($ $ $) -{ - my $label = shift; - my $filename = shift; - my $type = shift; - - $filename =~ s/^\s+//; - $filename =~ s/\s+$//; - - unless ($filename) { - $label->configure(-background => $color{file_label_not_ok}); - return (1); - } - - if ($type eq "URL") { - if ($filename =~ /^(?:http|ftp|scp):\/\/.+\.tar\.gz$/) { - $label->configure(-background => $color{file_label_ok}); - } elsif ($filename =~ /^(?:file:\/\/)*(.+\.tar\.gz)$/) { - my $file = $1; - if (-f "$file" && -r "$file") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "ROFILE") { - if (-f "$filename" && -r "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "EXECFILE") { - if (-f "$filename" && (-x "$filename" || $^O eq 'MSWin32')) { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "WRFILE") { - if (-f "$filename" && -w "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } elsif ($type eq "WRDIR") { - if (-d "$filename" && -w "$filename") { - $label->configure(-background => $color{file_label_ok}); - } else { - $label->configure(-background => $color{file_label_not_ok}); - } - } else { - print STDERR "incorrect type ($type)\n"; - exit; - } - - return (1); -} - - - -sub create_checkbutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $var_ref = shift; - - my $button = $frame->Checkbutton( - -text => $name, - -background => $color{button}, - -activebackground => $color{button_active}, - -highlightbackground => $color{button_bg}, - -variable => $var_ref, - -relief => 'raise', - -anchor => 'w', - )->pack( - -fill => 'x', - -side => 'top', - -pady => '1', - ); - - return ($button); -} - - - -sub create_actionbutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $func_ref = shift; - - my $button = $frame->Button( - -text => $name, - -command => sub { - &$func_ref; - $out_frame->focus; - }, - -background => $color{button}, - -activebackground => $color{button_active}, - -highlightbackground => $color{button_bg}, - )->pack( - -fill => 'x', - ); - - return ($button); -} - - - -sub create_radiobutton($ $ $) -{ - my $frame = shift; - my $name = shift; - my $mode_ref = shift; - - my $button = $frame->Radiobutton( - -text => $name, - -highlightbackground => $color{button_bg}, - -background => $color{button}, - -activebackground => $color{button_active}, - -variable => $mode_ref, - -relief => 'raised', - -anchor => 'w', - -value => $name, - )->pack( - -side => 'top', - -pady => '1', - -fill => 'x', - ); - - return ($button); -} - - - -# Create <label><entry><browsebutton> in given frame. -sub create_fileSelectFrame($ $ $ $ $ $) -{ - my $win = shift; - my $name = shift; - my $type = shift; # FILE|DIR|URL - my $var_ref = shift; - my $edtype = shift; # EDIT|NOEDIT - my $filetypes = shift; - - # Create frame. - my $frame = $win->Frame( - -bg => $color{background}, - )->pack( - -padx => '2', - -pady => '2', - -fill => 'x' - ); - - # Create label. - my $label = $frame->Label( - -text => $name, - -width => '16', - -relief => 'raised', - -background => "$color{file_label_not_ok}", - )->pack( - -side => 'left' - ); - - my $entry; - - if ($type eq 'URL') { - $entry = $frame->BrowseEntry( - -textvariable => $var_ref, - -background => $color{entry_bg}, - -width => '80', - -choices => \@urls, - -validate => 'key', - -validatecommand => sub { update_file_label_color($label, $_[0], $type) }, - )->pack( - -side => 'left', - -expand => 'yes', - -fill => 'x' - ); - } else { - $entry = $frame->Entry( - -textvariable => $var_ref, - -background => $color{entry_bg}, - -width => '80', - -validate => 'key', - -validatecommand => sub { update_file_label_color($label, $_[0], $type) }, - )->pack( - -side => 'left', - -expand => 'yes', - -fill => 'x' - ); - } - - # Create edit-button if file is ediable. - if ($edtype eq 'EDIT') { - my $edit_but = $frame->Button( - -text => "Edit", - -background => "$color{button}", - -command => sub { - unless (-e "$$var_ref") { - logmsg("Select an existing file first!\n\n", 'ERROR'); - return; - } - - if ($config{editor}) { - $main->Busy(-recurse => 1); - logmsg("Launching " . $config{editor} . - ", close it to continue the GUI.\n\n", 'MISC'); - sleep(2); - system($config{editor}, $$var_ref); # MainLoop will be put on hold... - $main->Unbusy; - } else { - logmsg("No editor set\n\n", 'ERROR'); - } - } - )->pack( - -side => 'left', - ); - } - - # Create browse-button. - my $but = $frame->Button( - -text => "browse ...", - -background => $color{button}, - -command => sub { - fileDialog($var_ref, $name, $type, $filetypes); - } - )->pack( - -side => 'left', - ); - - return ($frame); -} - - - -sub logmsg($ $) -{ - my $text = shift; - my $type = shift; - - return unless (defined($text)); - - $out_frame->tag(qw(configure OUTPUT -foreground grey)); - $out_frame->tag(qw(configure ERROR -foreground red)); - $out_frame->tag(qw(configure MISC -foreground white)); - $out_frame->tag(qw(configure EXEC -foreground bisque2)); - - $out_frame->insert('end', "$text", "$type"); - $out_frame->see('end'); - $out_frame->update; -} - - - - -sub execute_oinkmaster(@) -{ - my @cmd = @_; - my @obfuscated_cmd; - - # Obfuscate possible password in url. - foreach my $line (@cmd) { - if ($line =~ /^(\S+:\/\/.+?):.+?@(.+)/) { - push(@obfuscated_cmd, "$1:*password*\@$2"); - } else { - push(@obfuscated_cmd, $line); - } - } - - logmsg("@obfuscated_cmd:\n", 'EXEC'); - - $main->Busy(-recurse => 1); - - if ($^O eq 'MSWin32') { - open(OINK, "@cmd 2>&1|"); - while (<OINK>) { - logmsg($_, 'OUTPUT'); - } - close(OINK); - } else { - if (open(OINK,"-|")) { - while (<OINK>) { - logmsg($_, 'OUTPUT'); - } - } else { - open(STDERR, '>&STDOUT'); - exec(@cmd); - } - close(OINK); - } - - $main->Unbusy; - logmsg("done.\n\n", 'EXEC'); -} - - - -sub clear_messages() -{ - $out_frame->delete('1.0','end'); - $out_frame->update; -} - - - -sub save_messages() -{ - my $text = $out_frame->get('1.0', 'end'); - my $title = 'Save output messages'; - my $filename; - - my $filetypes = [ - ['Log files', ['.log', '.txt']], - ['All files', '*' ] - ]; - - - if (length($text) > 1) { - fileDialog(\$filename, $title, 'SAVEFILE', $filetypes); - if (defined($filename)) { - - unless (open(LOG, ">", "$filename")) { - logmsg("Could not open $filename for writing: $!\n\n", 'ERROR'); - return; - } - - print LOG $text; - close(LOG); - logmsg("Successfully saved output messages to $filename\n\n", 'MISC'); - } - - } else { - logmsg("Nothing to save.\n\n", 'ERROR'); - } -} - - - -sub update_rules() -{ - my @cmd; - - create_cmdline(\@cmd) || return; - clear_messages(); - execute_oinkmaster(@cmd); -} - - - -sub create_cmdline($) -{ - my $cmd_ref = shift; - - my $oinkmaster = $config{oinkmaster}; - my $oinkmaster_conf = $config{oinkmaster_conf}; - my $outdir = $config{outdir}; - my $varfile = $config{varfile}; - my $url = $config{url}; - my $backupdir = $config{backupdir}; - - # Assume file:// if url prefix is missing. - if ($url) { - $url = "file://$url" unless ($url =~ /(?:http|ftp|file|scp):\/\//); - if ($url =~ /.+<oinkcode>.+/) { - logmsg("You must replace <oinkcode> with your real oinkcode, see the FAQ!\n\n", 'ERROR'); - return (0); - } - } - - $oinkmaster = File::Spec->rel2abs($oinkmaster) - if ($oinkmaster); - - $outdir = File::Spec->canonpath("$outdir"); - $backupdir = File::Spec->canonpath("$backupdir"); - - # Clean leading/trailing whitespaces. - foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir, - \$varfile, \$url, \$backupdir) { - $$var_ref =~ s/^\s+//; - $$var_ref =~ s/\s+$//; - } - - unless ($config{oinkmaster} && -f "$config{oinkmaster}" && - (-x "$config{oinkmaster}" || $^O eq 'MSWin32')) { - logmsg("Location of oinkmaster.pl is not set correctly!\n\n", 'ERROR'); - return; - } - - unless ($oinkmaster_conf && -f "$oinkmaster_conf") { - logmsg("Location of configuration file is not set correctlyy!\n\n", 'ERROR'); - return (0); - } - - unless ($outdir && -d "$outdir") { - logmsg("Output directory is not set correctly!\n\n", 'ERROR'); - return (0); - } - - # Add leading/trailing "" if win32. - foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir, - \$varfile, \$url, \$backupdir) { - if ($^O eq 'MSWin32' && $$var_ref) { - $$var_ref = "\"$$var_ref\""; - } - } - - push(@$cmd_ref, - "$config{perl}", "$oinkmaster", - "-C", "$oinkmaster_conf", - "-o", "$outdir"); - - push(@$cmd_ref, "-c") if ($config{careful}); - push(@$cmd_ref, "-e") if ($config{enable_all}); - push(@$cmd_ref, "-r") if ($config{check_removed}); - push(@$cmd_ref, "-q") if ($config{output_mode} eq "quiet"); - push(@$cmd_ref, "-Q") if ($config{output_mode} eq "super-quiet"); - push(@$cmd_ref, "-v") if ($config{output_mode} eq "verbose"); - push(@$cmd_ref, "-m") if ($config{diff_mode} eq "remove common"); - push(@$cmd_ref, "-s") if ($config{diff_mode} eq "summarized"); - push(@$cmd_ref, "-U", "$varfile") if ($varfile); - push(@$cmd_ref, "-b", "$backupdir") if ($backupdir); - - push(@$cmd_ref, "-u", "$url") - if ($url); - - return (1); -} - - - -# Load $config file into %config hash. -sub load_config() -{ - unless (defined($gui_config_file) && $gui_config_file) { - logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR'); - return; - } - - unless (-e "$gui_config_file") { - logmsg("$gui_config_file does not exist, keeping current/default settings\n\n", 'MISC'); - return; - } - - unless (open(RC, "<", "$gui_config_file")) { - logmsg("Could not open $gui_config_file for reading: $!\n\n", 'ERROR'); - return; - } - - while (<RC>) { - next unless (/^(\S+)=(.*)/); - $config{$1} = $2; - } - - close(RC); - logmsg("Successfully loaded GUI settings from $gui_config_file\n\n", 'MISC'); -} - - - -# Save %config into file $config. -sub save_config() -{ - unless (defined($gui_config_file) && $gui_config_file) { - logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR'); - return; - } - - unless (open(RC, ">", "$gui_config_file")) { - logmsg("Could not open $gui_config_file for writing: $!\n\n", 'ERROR'); - return; - } - - print RC "# Automatically created by Oinkgui. ". - "Do not edit directly unless you have to.\n"; - - foreach my $option (sort(keys(%config))) { - print RC "$option=$config{$option}\n"; - } - - close(RC); - logmsg("Successfully saved current GUI settings to $gui_config_file\n\n", 'MISC'); -} diff --git a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl b/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl deleted file mode 100644 index f9c4d215..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl +++ /dev/null @@ -1,2754 +0,0 @@ -#!/usr/bin/perl -w - -# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ # - -# Copyright (c) 2001-2006 Andreas Östling <andreaso@it.su.se> -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the author nor the names of its -# contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -use 5.006001; - -use strict; -use File::Basename; -use File::Copy; -use File::Path; -use File::Spec; -use Getopt::Long; -use File::Temp qw(tempdir); - -sub show_usage(); -sub parse_cmdline($); -sub read_config($ $); -sub sanity_check(); -sub download_file($ $); -sub unpack_rules_archive($ $ $); -sub join_tmp_rules_dirs($ $ @); -sub process_rules($ $ $ $ $ $); -sub process_rule($ $ $ $ $ $ $ $); -sub setup_rules_hash($ $); -sub get_first_only($ $ $); -sub print_changes($ $); -sub print_changetype($ $ $ $); -sub print_summary_change($ $); -sub make_backup($ $); -sub get_changes($ $ $); -sub update_rules($ @); -sub copy_rules($ $); -sub is_in_path($); -sub get_next_entry($ $ $ $ $ $); -sub get_new_vars($ $ $ $); -sub add_new_vars($ $); -sub write_new_vars($ $); -sub msdos_to_cygwin_path($); -sub parse_mod_expr($ $ $ $); -sub untaint_path($); -sub approve_changes(); -sub parse_singleline_rule($ $ $); -sub join_multilines($); -sub minimize_diff($ $); -sub catch_sigint(); -sub clean_exit($); - - -my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '. - 'Andreas Östling <andreaso@it.su.se>'; -my $OUTFILE = 'snortrules.tar.gz'; -my $RULES_DIR = 'rules'; - -my $PRINT_NEW = 1; -my $PRINT_OLD = 2; -my $PRINT_BOTH = 3; - -my %config = ( - careful => 0, - check_removed => 0, - config_test_mode => 0, - enable_all => 0, - interactive => 0, - make_backup => 0, - minimize_diff => 0, - min_files => 1, - min_rules => 1, - quiet => 0, - summary_output => 0, - super_quiet => 0, - update_vars => 0, - use_external_bins => 1, - verbose => 0, - use_path_checks => 1, - rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic", - tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} || '/tmp', -); - - -# Regexp to match the start of a multi-line rule. -# %ACTIONS% will be replaced with content of $config{actions} later. -# sid and msg will then be looked for in parse_singleline_rule(). -my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.*\\\\\s*\n$'; # '; - -# Regexp to match a single-line rule. -# sid and msg will then be looked for in parse_singleline_rule(). -my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'. - '\s.+;\s*\)\s*$'; # '; - -# Match var line where var name goes into $1. -my $VAR_REGEXP = '^\s*var\s+(\S+)\s+(\S+)'; - -# Allowed characters in misc paths/filenames, including the ones in the tarball. -my $OK_PATH_CHARS = 'a-zA-Z\d\ _\(\)\[\]\.\-+:\\\/~@,='; - -# Default locations for configuration file. -my @DEFAULT_CONFIG_FILES = qw( - /etc/oinkmaster.conf - /usr/local/etc/oinkmaster.conf -); - -my @DEFAULT_DIST_VAR_FILES = qw( - snort.conf -); - -my (%loaded, $tmpdir); - - - -#### MAIN #### - -# No buffering. -select(STDERR); -$| = 1; -select(STDOUT); -$| = 1; - - -my $start_date = scalar(localtime); - -# Assume the required Perl modules are available if we're on Windows. -$config{use_external_bins} = 0 if ($^O eq "MSWin32"); - -# Parse command line arguments and add at least %config{output_dir}. -parse_cmdline(\%config); - -# If no config was specified on command line, look for one in default locations. -if ($#{$config{config_files}} == -1) { - foreach my $config (@DEFAULT_CONFIG_FILES) { - if (-e "$config") { - push(@{${config{config_files}}}, $config); - last; - } - } -} - -# If no dist var file was specified on command line, set to default file(s). -if ($#{$config{dist_var_files}} == -1) { - foreach my $var_file (@DEFAULT_DIST_VAR_FILES) { - push(@{${config{dist_var_files}}}, $var_file); - } -} - -# If config is still not defined, we can't continue. -if ($#{$config{config_files}} == -1) { - clean_exit("configuration file not found in default locations\n". - "(@DEFAULT_CONFIG_FILES)\n". - "Put it there or use the \"-C <file>\" argument."); -} - -read_config($_, \%config) for @{$config{config_files}}; - -# Now substitute "%ACTIONS%" with $config{rule_actions}, which may have -# been modified after reading the config file. -$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; -$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/; - -# If we're told not to use external binaries, load the Perl modules now. -unless ($config{use_external_bins}) { - print STDERR "Loading Perl modules.\n" if ($config{verbose}); - - eval { - require IO::Zlib; - require Archive::Tar; - require LWP::UserAgent; - }; - - clean_exit("failed to load required Perl modules:\n\n$@\n". - "Install them or set use_external_bins to 1 ". - "if you want to use external binaries instead.") - if ($@); -} - - -# Do some basic sanity checking and exit if something fails. -# A new PATH will be set. -sanity_check(); - -$SIG{INT} = \&catch_sigint; - -# Create temporary dir. -$tmpdir = tempdir("oinkmaster.XXXXXXXXXX", DIR => File::Spec->rel2abs($config{tmp_basedir})) - or clean_exit("could not create temporary directory in $config{tmp_basedir}: $!"); - -# If we're in config test mode and have come this far, we're done. -if ($config{config_test_mode}) { - print "No fatal errors in configuration.\n"; - clean_exit(""); -} - -umask($config{umask}) if exists($config{umask}); - -# Download and unpack all the rules archives into separate tmp dirs. -my @url_tmpdirs; -foreach my $url (@{$config{url}}) { - my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir) - or clean_exit("could not create temporary directory in $tmpdir: $!"); - push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR"); - if ($url =~ /^dir:\/\/(.+)/) { - mkdir("$url_tmpdir/$RULES_DIR") - or clean_exit("Could not create $url_tmpdir/$RULES_DIR"); - copy_rules($1, "$url_tmpdir/$RULES_DIR"); - } else { - download_file($url, "$url_tmpdir/$OUTFILE"); - unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR); - } -} - -# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory. -# File matching 'skipfile' a directive will not be copied. -# Filenames (with full path) will be stored as %new_files{filename}. -# Will exit in case of duplicate filenames. -my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files, @url_tmpdirs); - -# Make sure we have at least the minimum number of files. -clean_exit("not enough rules files in downloaded rules archive(s).\n". - "Number of rules files is $num_files but minimum is set to $config{min_files}.") - if ($num_files < $config{min_files}); - -# This is to read in possible 'localsid' rules. -my %rh_tmp = setup_rules_hash(\%new_files, $config{output_dir}); - -# Disable/modify/clean downloaded rules. -my $num_rules = process_rules(\@{$config{sid_modify_list}}, - \%{$config{sid_disable_list}}, - \%{$config{sid_enable_list}}, - \%{$config{sid_local_list}}, - \%rh_tmp, - \%new_files); - -# Make sure we have at least the minimum number of rules. -clean_exit("not enough rules in downloaded archive(s).\n". - "Number of rules is $num_rules but minimum is set to $config{min_rules}.") - if ($num_rules < $config{min_rules}); - -# Setup a hash containing the content of all processed rules files. -my %rh = setup_rules_hash(\%new_files, $config{output_dir}); - -# Compare the new rules to the old ones. -my %changes = get_changes(\%rh, \%new_files, $RULES_DIR); - -# Check for variables that exist in dist snort.conf(s) but not in local snort.conf. -get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile}, \@url_tmpdirs) - if ($config{update_vars}); - - -# Find out if something had changed. -my $something_changed = 0; - -$something_changed = 1 - if (keys(%{$changes{modified_files}}) || - keys(%{$changes{added_files}}) || - keys(%{$changes{removed_files}}) || - $#{$changes{new_vars}} > -1); - - -# Update files listed in %changes{modified_files} (copy the new files -# from the temporary directory into our output directory) and add new -# variables to the local snort.conf if requested, unless we're running in -# careful mode. Create backup first if running with -b. -my $printed = 0; -if ($something_changed) { - if ($config{careful}) { - print STDERR "Skipping backup since we are running in careful mode.\n" - if ($config{make_backup} && (!$config{quiet})); - } else { - if ($config{interactive}) { - print_changes(\%changes, \%rh); - $printed = 1; - } - - if (!$config{interactive} || ($config{interactive} && approve_changes)) { - make_backup($config{output_dir}, $config{backup_dir}) - if ($config{make_backup}); - - add_new_vars(\%changes, $config{varfile}) - if ($config{update_vars}); - - update_rules($config{output_dir}, keys(%{$changes{modified_files}})); - } - } -} else { - print STDERR "No files modified - no need to backup old files, skipping.\n" - if ($config{make_backup} && !$config{quiet}); -} - -print "\nOinkmaster is running in careful mode - not updating anything.\n" - if ($something_changed && $config{careful}); - -print_changes(\%changes, \%rh) - if (!$printed && ($something_changed || !$config{quiet})); - - -# Everything worked. Do a clean exit without any error message. -clean_exit(""); - - -# END OF MAIN # - - - -# Show usage information and exit. -sub show_usage() -{ - my $progname = basename($0); - - print STDERR << "RTFM"; - -$VERSION - -Usage: $progname -o <outdir> [options] - -<outdir> is where to put the new files. -This should be the directory where you store your Snort rules. - -Options: --b <dir> Backup your old rules into <dir> before overwriting them --c Careful mode (dry run) - check for changes but do not update anything --C <file> Use this configuration file instead of the default - May be specified multiple times to load multiple files --e Enable all rules that are disabled by default --h Show this usage information --i Interactive mode - you will be asked to approve the changes (if any) --m Minimize diff when printing result by removing common parts in rules --q Quiet mode - no output unless changes were found --Q Super-quiet mode - like -q but even more quiet --r Check for rules files that exist in the output directory - but not in the downloaded rules archive --s Leave out details in rules results, just print SID, msg and filename --S <file> Look for new variables in this file in the downloaded archive instead - of the default (@DEFAULT_DIST_VAR_FILES). Used in conjunction with -U. - May be specified multiple times to search multiple files. --T Config test - just check configuration file(s) for errors/warnings --u <url> Download from this URL instead of URL(s) in the configuration file - (http|https|ftp|file|scp:// ... .tar.gz|.gz, or dir://<dir>) - May be specified multiple times to grab multiple rules archives --U <file> Merge new variables from downloaded snort.conf(s) into <file> --v Verbose mode (debug) --V Show version and exit - -RTFM - exit; -} - - - -# Parse the command line arguments and exit if we don't like them. -sub parse_cmdline($) -{ - my $cfg_ref = shift; - - Getopt::Long::Configure("bundling"); - - my $cmdline_ok = GetOptions( - "b=s" => \$$cfg_ref{backup_dir}, - "c" => \$$cfg_ref{careful}, - "C=s" => \@{$$cfg_ref{config_files}}, - "e" => \$$cfg_ref{enable_all}, - "h" => \&show_usage, - "i" => \$$cfg_ref{interactive}, - "m" => \$$cfg_ref{minimize_diff}, - "o=s" => \$$cfg_ref{output_dir}, - "q" => \$$cfg_ref{quiet}, - "Q" => \$$cfg_ref{super_quiet}, - "r" => \$$cfg_ref{check_removed}, - "s" => \$$cfg_ref{summary_output}, - "S=s" => \@{$$cfg_ref{dist_var_files}}, - "T" => \$$cfg_ref{config_test_mode}, - "u=s" => \@{$$cfg_ref{url}}, - "U=s" => \$$cfg_ref{varfile}, - "v" => \$$cfg_ref{verbose}, - "V" => sub { - print "$VERSION\n"; - exit(0); - } - ); - - - show_usage unless ($cmdline_ok && $#ARGV == -1); - - $$cfg_ref{quiet} = 1 if ($$cfg_ref{super_quiet}); - $$cfg_ref{update_vars} = 1 if ($$cfg_ref{varfile}); - - if ($$cfg_ref{backup_dir}) { - $$cfg_ref{backup_dir} = File::Spec->canonpath($$cfg_ref{backup_dir}); - $$cfg_ref{make_backup} = 1; - } - - # Cannot specify dist var files without specifying var target file. - if (@{$$cfg_ref{dist_var_files}} && !$$cfg_ref{update_vars}) { - clean_exit("You can not specify distribution variable file(s) without ". - "also specifying local file to merge into"); - } - - # -o <dir> is the only required option in normal usage. - if ($$cfg_ref{output_dir}) { - $$cfg_ref{output_dir} = File::Spec->canonpath($$cfg_ref{output_dir}); - } else { - warn("Error: no output directory specified.\n"); - show_usage(); - } - - # Mark that url was set on command line (so we don't override it later). - $$cfg_ref{cmdline_url} = 1 if ($#{$config{url}} > -1); -} - - - -# Read in stuff from the configuration file. -sub read_config($ $) -{ - my $config_file = shift; - my $cfg_ref = shift; - my $linenum = 0; - my $multi; - my %templates; - - $config_file = File::Spec->canonpath(File::Spec->rel2abs($config_file)); - - clean_exit("configuration file \"$config_file\" does not exist.\n") - unless (-e "$config_file"); - - clean_exit("\"$config_file\" is not a file.\n") - unless (-f "$config_file"); - - print STDERR "Loading $config_file\n" - unless ($config{quiet}); - - # Avoid loading the same file multiple times to avoid infinite recursion etc. - if ($^O eq "MSWin32") { - clean_exit("attempt to load \"$config_file\" twice.") - if ($loaded{$config_file}++); - } else { - my ($dev, $ino) = (stat($config_file))[0,1] - or clean_exit("unable to stat $config_file: $!"); - clean_exit("attempt to load \"$config_file\" twice.") - if ($loaded{$dev, $ino}++); - } - - open(CONF, "<", "$config_file") - or clean_exit("could not open configuration file \"$config_file\": $!"); - my @conf = <CONF>; - close(CONF); - - LINE:while ($_ = shift(@conf)) { - $linenum++; - - unless ($multi) { - s/^\s*//; - s/^#.*//; - } - - # Multi-line start/continuation. - if (/\\\s*\n$/) { - s/\\\s*\n$//; - s/^\s*#.*//; - - # Be strict about removing #comments in modifysid/define_template statements, as - # they may contain other '#' chars. - if (defined($multi) && ($multi =~ /^modifysid/i || $multi =~ /^define_template/i)) { - s/#.*// if (/^\s*\d+[,\s\d]+#/); - } else { - s/\s*\#.*// unless (/^modifysid/i || /^define_template/i); - } - - $multi .= $_; - next LINE; - } - - # Last line of multi-line directive. - if (defined($multi)) { - $multi .= $_; - $_ = $multi; - undef($multi); - } - - # Remove traling whitespaces (*after* a possible multi-line is rebuilt). - s/\s*$//; - - # Remove comments unless it's a modifysid/define_template line - # (the "#" may be part of the modifysid expression). - s/\s*\#.*// unless (/^modifysid/i || /^define_template/i); - - # Skip blank lines. - next unless (/\S/); - - # Use a template and make $_ a "modifysid" line. - if (/^use_template\s+(\S+)\s+(\S+[^"]*)\s*(".*")*(?:#.*)*/i) { - my ($template_name, $sid, $args) = ($1, $2, $3); - - if (exists($templates{$template_name})) { - my $template = $templates{$template_name}; # so we don't substitute %ARGx% globally - - # Evaluate each "%ARGx%" in the template to the corresponding value. - if (defined($args)) { - my @args = split(/"\s+"/, $args); - foreach my $i (1 .. @args) { - $args[$i - 1] =~ s/^"//; - $args[$i - 1] =~ s/"$//; - $template =~ s/%ARG$i%/$args[$i - 1]/g; - } - } - - # There should be no %ARGx% stuff left now. - if ($template =~ /%ARG\d%/) { - warn("WARNING: too few arguments for template \"$template_name\"\n"); - $_ = "error"; # so it will be reported as an invalid line later - } - - unless ($_ eq "error") { - $_ = "modifysid $sid $template\n"; - print STDERR "Template \"$template_name\" expanded to: $_" - if ($config{verbose}); - } - - } else { - warn("WARNING: template \"$template_name\" has not been defined\n"); - } - } - - # new template definition. - if (/^define_template\s+(\S+)\s+(".+"\s+\|\s+".*")\s*(?:#.*)*$/i) { - my ($template_name, $template) = ($1, $2); - - if (exists($templates{$template_name})) { - warn("WARNING: line $linenum in $config_file: ". - "template \"$template_name\" already defined, keeping old\n"); - } else { - $templates{$template_name} = $template; - } - - # modifysid <SIDORFILE[,SIDORFILE, ...]> "substthis" | "withthis" - } elsif (/^modifysids*\s+(\S+.*)\s+"(.+)"\s+\|\s+"(.*)"\s*(?:#.*)*$/i) { - my ($sid_list, $subst, $repl) = ($1, $2, $3); - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n") - unless(parse_mod_expr(\@{$$cfg_ref{sid_modify_list}}, - $sid_list, $subst, $repl)); - - # disablesid <SID[,SID, ...]> - } elsif (/^disablesids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_disable_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # localsid <SID[,SID, ...]> - } elsif (/^localsids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_local_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # enablesid <SID[,SID, ...]> - } elsif (/^enablesids*\s+(\d.*)/i) { - my $sid_list = $1; - foreach my $sid (split(/\s*,\s*/, $sid_list)) { - if ($sid =~ /^\d+$/) { - $$cfg_ref{sid_enable_list}{$sid}++; - } else { - warn("WARNING: line $linenum in $config_file: ". - "\"$sid\" is not a valid SID, ignoring\n"); - } - } - - # skipfile <file[,file, ...]> - } elsif (/^skipfiles*\s+(.*)/i) { - my $args = $1; - foreach my $file (split(/\s*,\s*/, $args)) { - if ($file =~ /^\S+$/) { - $config{verbose} && print STDERR "Adding file to ignore list: $file.\n"; - $$cfg_ref{file_ignore_list}{$file}++; - } else { - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n"); - } - } - - } elsif (/^url\s*=\s*(.*)/i) { - push(@{$$cfg_ref{url}}, $1) - unless ($$cfg_ref{cmdline_url}); - - } elsif (/^path\s*=\s*(.+)/i) { - $$cfg_ref{path} = $1; - - } elsif (/^update_files\s*=\s*(.+)/i) { - $$cfg_ref{update_files} = $1; - - } elsif (/^rule_actions\s*=\s*(.+)/i) { - $$cfg_ref{rule_actions} = $1; - - } elsif (/^umask\s*=\s*([0-7]{4})$/i) { - $$cfg_ref{umask} = oct($1); - - } elsif (/^min_files\s*=\s*(\d+)/i) { - $$cfg_ref{min_files} = $1; - - } elsif (/^min_rules\s*=\s*(\d+)/i) { - $$cfg_ref{min_rules} = $1; - - } elsif (/^tmpdir\s*=\s*(.+)/i) { - $$cfg_ref{tmp_basedir} = $1; - - } elsif (/^use_external_bins\s*=\s*([01])/i) { - $$cfg_ref{use_external_bins} = $1; - - } elsif (/^scp_key\s*=\s*(.+)/i) { - $$cfg_ref{scp_key} = $1; - - } elsif (/^use_path_checks\s*=\s*([01])/i) { - $$cfg_ref{use_path_checks} = $1; - - } elsif (/^user_agent\s*=\s*(.+)/i) { - $$cfg_ref{user_agent} = $1; - - } elsif (/^include\s+(\S+.*)/i) { - my $include = $1; - read_config($include, $cfg_ref); - } else { - warn("WARNING: line $linenum in $config_file is invalid, ignoring\n"); - } - } -} - - - -# Make a few basic tests to make sure things look ok. -# Will also set a new PATH as defined in the config file. -sub sanity_check() -{ - my @req_params = qw(path update_files); # required parameters in conf - my @req_binaries = qw(gzip tar); # required binaries (unless we use modules) - - # Can't use both quiet mode and verbose mode. - clean_exit("quiet mode and verbose mode at the same time doesn't make sense.") - if ($config{quiet} && $config{verbose}); - - # Can't use multiple output modes. - clean_exit("can't use multiple output modes at the same time.") - if ($config{minimize_diff} && $config{summary_output}); - - # Make sure all required variables are defined in the config file. - foreach my $param (@req_params) { - clean_exit("the required parameter \"$param\" is not defined in the configuration file.") - unless (exists($config{$param})); - } - - # We now know a path was defined in the config, so set it. - # If we're under cygwin and path was specified as msdos style, convert - # it to cygwin style to avoid problems. - if ($^O eq "cygwin" && $config{path} =~ /^[a-zA-Z]:[\/\\]/) { - $ENV{PATH} = ""; - foreach my $path (split(/;/, $config{path})) { - $ENV{PATH} .= "$path:" if (msdos_to_cygwin_path(\$path)); - } - chop($ENV{PATH}); - } else { - $ENV{PATH} = $config{path}; - } - - # Reset environment variables that may cause trouble. - delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - - # Make sure $config{update_files} is a valid regexp. - eval { - "foo" =~ /$config{update_files}/; - }; - - clean_exit("update_files (\"$config{update_files}\") is not a valid regexp: $@") - if ($@); - - # Make sure $config{rule_actions} is a valid regexp. - eval { - "foo" =~ /$config{rule_actions}/; - }; - - clean_exit("rule_actions (\"$config{rule_actions}\") is not a valid regexp: $@") - if ($@); - - # If a variable file (probably local snort.conf) has been specified, - # it must exist. It must also be writable unless we're in careful mode. - if ($config{update_vars}) { - $config{varfile} = untaint_path($config{varfile}); - - clean_exit("variable file \"$config{varfile}\" does not exist.") - unless (-e "$config{varfile}"); - - clean_exit("variable file \"$config{varfile}\" is not a file.") - unless (-f "$config{varfile}"); - - clean_exit("variable file \"$config{varfile}\" is not writable by you.") - if (!$config{careful} && !-w "$config{varfile}"); - - # Make sure dist var files don't contain [back]slashes - # (probably means user confused it with local var file). - my %dist_var_files; - foreach my $dist_var_file (@{${config{dist_var_files}}}) { - clean_exit("variable file \"$dist_var_file\" specified multiple times") - if (exists($dist_var_files{$dist_var_file})); - $dist_var_files{$dist_var_file} = 1; - clean_exit("variable file \"$dist_var_file\" contains slashes or backslashes ". - "but it must be specified as a filename (without path) ". - "that exists in the downloaded rules, e.g. \"snort.conf\"") - if ($dist_var_file =~ /\// || $dist_var_file =~ /\\/); - } - } - - # Make sure all required binaries can be found, unless - # we're used to use Perl modules instead. - # Wget is only required if url is http[s] or ftp. - if ($config{use_external_bins}) { - foreach my $binary (@req_binaries) { - clean_exit("$binary not found in PATH ($ENV{PATH}).") - unless (is_in_path($binary)); - } - } - - # Make sure $url is defined (either by -u <url> or url=... in the conf). - clean_exit("URL not specified. Specify at least one \"url=<url>\" in the \n". - "Oinkmaster configuration file or use the \"-u <url>\" argument") - if ($#{$config{url}} == -1); - - # Make sure all urls look ok, and untaint them. - my @urls = @{$config{url}}; - $#{$config{url}} = -1; - foreach my $url (@urls) { - clean_exit("incorrect URL: \"$url\"") - unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/ - || $url =~ /^(dir:\/\/.+)/); - my $ok_url = $1; - - if ($ok_url =~ /^dir:\/\/(.+)/) { - my $dir = untaint_path($1); - clean_exit("\"$dir\" does not exist or is not a directory") - unless (-d $dir); - - # Simple check if the output dir is specified as url (probably a mistake). - if (File::Spec->canonpath(File::Spec->rel2abs($dir)) - eq File::Spec->canonpath(File::Spec->rel2abs($config{output_dir}))) { - clean_exit("Download directory can not be same as output directory"); - } - } - push(@{$config{url}}, $ok_url); - } - - # Wget must be found if url is http[s]:// or ftp://. - if ($config{use_external_bins}) { - clean_exit("wget not found in PATH ($ENV{PATH}).") - if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget")); - } - - # scp must be found if scp://... - clean_exit("scp not found in PATH ($ENV{PATH}).") - if ($config{'url'} =~ /^scp:/ && !is_in_path("scp")); - - # ssh key must exist if specified and url is scp://... - clean_exit("ssh key \"$config{scp_key}\" does not exist.") - if ($config{'url'} =~ /^scp:/ && exists($config{scp_key}) - && !-e $config{scp_key}); - - # Untaint output directory string. - $config{output_dir} = untaint_path($config{output_dir}); - - # Make sure the output directory exists and is readable. - clean_exit("the output directory \"$config{output_dir}\" doesn't exist ". - "or isn't readable by you.") - if (!-d "$config{output_dir}" || !-x "$config{output_dir}"); - - # Make sure the output directory is writable unless running in careful mode. - clean_exit("the output directory \"$config{output_dir}\" isn't writable by you.") - if (!$config{careful} && !-w "$config{output_dir}"); - - # Make sure we have read permission on all rules files in the output dir, - # and also write permission unless we're in careful mode. - # This is to avoid bailing out in the middle of an execution if a copy - # fails because of permission problem. - opendir(OUTDIR, "$config{output_dir}") - or clean_exit("could not open directory $config{output_dir}: $!"); - - while ($_ = readdir(OUTDIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_})); - - if (/$config{update_files}/) { - unless (-r "$config{output_dir}/$_") { - closedir(OUTDIR); - clean_exit("no read permission on \"$config{output_dir}/$_\"\n". - "Read permission is required on all rules files ". - "inside the output directory.\n") - } - - if (!$config{careful} && !-w "$config{output_dir}/$_") { - closedir(OUTDIR); - clean_exit("no write permission on \"$config{output_dir}/$_\"\n". - "Write permission is required on all rules files ". - "inside the output directory.\n") - } - } - } - - closedir(OUTDIR); - - # Make sure the backup directory exists and is writable if running with -b. - if ($config{make_backup}) { - $config{backup_dir} = untaint_path($config{backup_dir}); - clean_exit("the backup directory \"$config{backup_dir}\" doesn't exist or ". - "isn't writable by you.") - if (!-d "$config{backup_dir}" || !-w "$config{backup_dir}"); - } - - # Convert tmp_basedir to cygwin style if running cygwin and msdos style was specified. - if ($^O eq "cygwin" && $config{tmp_basedir} =~ /^[a-zA-Z]:[\/\\]/) { - msdos_to_cygwin_path(\$config{tmp_basedir}) - or clean_exit("could not convert temporary dir to cygwin style"); - } - - # Make sure temporary directory exists. - clean_exit("the temporary directory \"$config{tmp_basedir}\" does not ". - "exist or isn't writable by you.") - if (!-d "$config{tmp_basedir}" || !-w "$config{tmp_basedir}"); - - # Also untaint it. - $config{tmp_basedir} = untaint_path($config{tmp_basedir}); - - # Make sure stdin and stdout are ttys if we're running in interactive mode. - clean_exit("you can not run in interactive mode when STDIN/STDOUT is not a TTY.") - if ($config{interactive} && !(-t STDIN && -t STDOUT)); -} - - - -# Download the rules archive. -sub download_file($ $) -{ - my $url = shift; - my $localfile = shift; - my $log = "$tmpdir/wget.log"; - my $ret; - - # If there seems to be a password in the url, replace it with "*password*" - # and use new string when printing the url to screen. - my $obfuscated_url = $url; - $obfuscated_url = "$1:*password*\@$2" - if ($obfuscated_url =~ /^(\S+:\/\/.+?):.+?@(.+)/); - - # Ofbuscate oinkcode as well. - $obfuscated_url = "$1*oinkcode*$2" - if ($obfuscated_url =~ /^(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i); - - my @user_agent_opt; - @user_agent_opt = ("-U", $config{user_agent}) if (exists($config{user_agent})); - - # Use wget if URL starts with "http[s]" or "ftp" and we use external binaries. - if ($config{use_external_bins} && $url =~ /^(?:https*|ftp)/) { - print STDERR "Downloading file from $obfuscated_url... " - unless ($config{quiet}); - - if ($config{verbose}) { - print STDERR "\n"; - my @wget_cmd = ("wget", "-v", "-O", $localfile, $url, @user_agent_opt); - clean_exit("could not download from $obfuscated_url") - if (system(@wget_cmd)); - - } else { - my @wget_cmd = ("wget", "-v", "-o", $log, "-O", $localfile, $url, @user_agent_opt); - if (system(@wget_cmd)) { - my $log_output; - open(LOG, "<", "$log") - or clean_exit("could not open $log for reading: $!"); - # Sanitize oinkcode in wget's log (password is automatically sanitized). - while (<LOG>) { - $_ = "$1*oinkcode*$2" - if (/(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i); - $log_output .= $_; - } - close(LOG); - clean_exit("could not download from $obfuscated_url. ". - "Output from wget follows:\n\n $log_output"); - } - print STDERR "done.\n" unless ($config{quiet}); - } - - # Use LWP if URL starts with "http[s]" or "ftp" and use_external_bins=0. - } elsif (!$config{use_external_bins} && $url =~ /^(?:https*|ftp)/) { - print STDERR "Downloading file from $obfuscated_url... " - unless ($config{quiet}); - - my %lwp_opt; - $lwp_opt{agent} = $config{user_agent} if (exists($config{user_agent})); - - my $ua = LWP::UserAgent->new(%lwp_opt); - $ua->env_proxy; - my $request = HTTP::Request->new(GET => $url); - my $response = $ua->request($request, $localfile); - - clean_exit("could not download from $obfuscated_url: " . $response->status_line) - unless $response->is_success; - - print "done.\n" unless ($config{quiet}); - - # Grab file from local filesystem if file://... - } elsif ($url =~ /^file/) { - $url =~ s/^file:\/\///; - - clean_exit("the file $url does not exist.") - unless (-e "$url"); - - clean_exit("the file $url is empty.") - unless (-s "$url"); - - print STDERR "Copying file from $url... " - unless ($config{quiet}); - - copy("$url", "$localfile") - or clean_exit("unable to copy $url to $localfile: $!"); - - print STDERR "done.\n" - unless ($config{quiet}); - - # Grab file using scp if scp://... - } elsif ($url =~ /^scp/) { - $url =~ s/^scp:\/\///; - - my @cmd; - push(@cmd, "scp"); - push(@cmd, "-i", "$config{scp_key}") if (exists($config{scp_key})); - push(@cmd, "-q") if ($config{quiet}); - push(@cmd, "-v") if ($config{verbose}); - push(@cmd, "$url", "$localfile"); - - print STDERR "Copying file from $url using scp:\n" - unless ($config{quiet}); - - clean_exit("scp returned error when trying to copy $url") - if (system(@cmd)); - - # Unknown download method. - } else { - clean_exit("unknown or unsupported download method\n"); - } - - # Make sure the downloaded file actually exists. - clean_exit("failed to download $url: ". - "local target file $localfile doesn't exist after download.") - unless (-e "$localfile"); - - # Also make sure it's at least non-empty. - clean_exit("failed to download $url: local target file $localfile is empty ". - "after download (perhaps you're out of diskspace or file in url is empty?)") - unless (-s "$localfile"); -} - - - -# Copy all rules files from the tmp dirs (one for each url) -# into a single directory inside the tmp dir, except for files -# matching a 'skipfile' directive'. -# Will exit in case of colliding filenames. -sub join_tmp_rules_dirs($ $ @) -{ - my $rules_dir = shift; - my $new_files_ref = shift; - my @url_tmpdirs = @_; - - my %rules_files; - - clean_exit("failed to create directory \"$rules_dir\": $!") - unless (mkdir($rules_dir)); - - foreach my $url_tmpdir (@url_tmpdirs) { - opendir(URL_TMPDIR, "$url_tmpdir") - or clean_exit("could not open directory \"$url_tmpdir\": $!"); - - while ($_ = readdir(URL_TMPDIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) || !/$config{update_files}/); - - if (exists($rules_files{$_})) { - closedir(URL_TMPDIR); - clean_exit("a file called \"$_\" exists in multiple rules archives") - } - - # Make sure it's a regular file. - unless (-f "$url_tmpdir/$_" && !-l "$url_tmpdir/$_") { - closedir(URL_TMPDIR); - clean_exit("downloaded \"$_\" is not a regular file.") - } - - $rules_files{$_} = 1; - $$new_files_ref{"$rules_dir/$_"} = 1; - - my $src_file = untaint_path("$url_tmpdir/$_"); - unless (copy("$src_file", "$rules_dir")) { - closedir(URL_TMPDIR); - clean_exit("could not copy \"$src_file\" to \"$rules_dir\": $!"); - } - } - - closedir(URL_TMPDIR); - } - - return (keys(%$new_files_ref)); -} - - - -# Make a few basic sanity checks on the rules archive and then -# uncompress/untar it if everything looked ok. -sub unpack_rules_archive($ $ $) -{ - my $url = shift; # only used when printing warnings/errors - my $archive = shift; - my $rules_dir = shift; - - my ($tar, @tar_content); - - my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir())); - - my $dir = dirname($archive); - chdir("$dir") or clean_exit("$url: could not change directory to \"$dir\": $!"); - - if ($config{use_external_bins}) { - - # Run integrity check on the gzip file. - clean_exit("$url: integrity check on gzip file failed (file transfer failed or ". - "file in URL not in gzip format?).") - if (system("gzip", "-t", "$archive")); - - # Decompress it. - system("gzip", "-d", "$archive") - and clean_exit("$url: unable to uncompress $archive."); - - # Suffix has now changed from .tar.gz|.tgz to .tar. - $archive =~ s/\.gz$//; - - # Make sure the .tar file now exists. - # (Gzip may not return an error if it was not a gzipped file...) - clean_exit("$url: failed to unpack gzip file (file transfer failed or ". - "file in URL not in tar'ed gzip format?).") - unless (-e "$archive"); - - my $stdout_file = "$tmpdir/tar_content.out"; - - open(OLDOUT, ">&STDOUT") or clean_exit("could not dup STDOUT: $!"); - open(STDOUT, ">$stdout_file") or clean_exit("could not redirect STDOUT: $!"); - - my $ret = system("tar", "tf", "$archive"); - - close(STDOUT); - open(STDOUT, ">&OLDOUT") or clean_exit("could not dup STDOUT: $!"); - close(OLDOUT); - - clean_exit("$url: could not list files in tar archive (is it broken?)") - if ($ret); - - open(TAR, "$stdout_file") or clean_exit("failed to open $stdout_file: $!"); - @tar_content = <TAR>; - close(TAR); - - # use_external_bins=0 - } else { - $tar = Archive::Tar->new($archive, 1); - clean_exit("$url: failed to read $archive (file transfer failed or ". - "file in URL not in tar'ed gzip format?).") - unless (defined($tar)); - @tar_content = $tar->list_files(); - } - - # Make sure we could grab some content from the tarball. - clean_exit("$url: could not list files in tar archive (is it broken?)") - if ($#tar_content < 0); - - # For each filename in the archive, do some basic sanity checks. - foreach my $filename (@tar_content) { - chomp($filename); - - # We don't want absolute filename. - clean_exit("$url: rules archive contains absolute filename. ". - "Offending file/line:\n$filename") - if ($filename =~ /^\//); - - # We don't want to have any weird characters anywhere in the filename. - clean_exit("$url: illegal character in filename in tar archive. Allowed are ". - "$OK_PATH_CHARS\nOffending file/line:\n$filename") - if ($config{use_path_checks} && $filename =~ /[^$OK_PATH_CHARS]/); - - # We don't want to unpack any "../../" junk (check is useless now though). - clean_exit("$url: filename in tar archive contains \"..\".\n". - "Offending file/line:\n$filename") - if ($filename =~ /\.\./); - } - - # Looks good. Now we can untar it. - print STDERR "Archive successfully downloaded, unpacking... " - unless ($config{quiet}); - - if ($config{use_external_bins}) { - clean_exit("failed to untar $archive.") - if system("tar", "xf", "$archive"); - } else { - mkdir("$rules_dir") or clean_exit("could not create \"$rules_dir\" directory: $!\n"); - foreach my $file ($tar->list_files) { - next unless ($file =~ /^$rules_dir\/[^\/]+$/); # only ^rules/<file>$ - - my $content = $tar->get_content($file); - - # Symlinks in the archive will make get_content return undef. - clean_exit("could not get content from file \"$file\" in downloaded archive, ". - "make sure it is a regular file\n") - unless (defined($content)); - - open(RULEFILE, ">", "$file") - or clean_exit("could not open \"$file\" for writing: $!\n"); - print RULEFILE $content; - close(RULEFILE); - } - } - - # Make sure that non-empty rules directory existed in archive. - # We permit empty rules directory if min_files is set to 0 though. - clean_exit("$url: no \"$rules_dir\" directory found in tar file.") - unless (-d "$dir/$rules_dir"); - - my $num_files = 0; - opendir(RULESDIR, "$dir/$rules_dir") - or clean_exit("could not open directory \"$dir/$rules_dir\": $!"); - - while ($_ = readdir(RULESDIR)) { - next if (/^\.\.?$/); - $num_files++; - } - - closedir(RULESDIR); - - clean_exit("$url: directory \"$rules_dir\" in unpacked archive is empty") - if ($num_files == 0 && $config{min_files} != 0); - - chdir($old_dir) - or clean_exit("could not change directory back to $old_dir: $!"); - - print STDERR "done.\n" - unless ($config{quiet}); -} - - - -# Open all rules files in the temporary directory and disable/modify all -# rules/lines as requested in oinkmaster.conf, and then write back to the -# same files. Also clean unwanted whitespaces and duplicate sids from them. -sub process_rules($ $ $ $ $ $) -{ - my $modify_sid_ref = shift; - my $disable_sid_ref = shift; - my $enable_sid_ref = shift; - my $local_sid_ref = shift; - my $rh_tmp_ref = shift; - my $newfiles_ref = shift; - my %sids; - - my %stats = ( - disabled => 0, - enabled => 0, - modified => 0, - total => 0, - ); - - warn("WARNING: all rules that are disabled by default will be enabled\n") - if ($config{enable_all} && !$config{quiet}); - - print STDERR "Processing downloaded rules... " - unless ($config{quiet}); - - print STDERR "\n" - if ($config{verbose}); - - # Phase #1 - process all active rules and store in temporary hash. - # In case of dups, we use the one with the highest rev. - foreach my $file (sort(keys(%$newfiles_ref))) { - - open(INFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @infile = <INFILE>; - close(INFILE); - - my ($single, $multi, $nonrule, $msg, $sid); - - RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - - # We don't care about non-rules in this phase. - next RULELOOP if (defined($nonrule)); - - # Even if it was a single-line rule, we want a copy in $multi. - $multi = $single unless (defined($multi)); - - my %rule = ( - single => $single, - multi => $multi, - ); - - # modify/disable/enable this rule as requested unless there is a matching - # localsid statement. Possible verbose messages and warnings will be printed. - unless (exists($$local_sid_ref{$sid})) { - process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref, - \%rule, $sid, \%stats, 1, basename($file)); - } - - $stats{total}++; - - $single = $rule{single}; - $multi = $rule{multi}; - - # Only care about active rules in this phase (the rule may have been - # disabled by a disablesid or a modifysid statement above, so we can't - # do this check earlier). - next RULELOOP if ($multi =~ /^#/); - - # Is it a dup? If so, see if this seems to be more recent (higher rev). - if (exists($sids{$sid})) { - warn("\nWARNING: duplicate SID in downloaded archive, SID=$sid, ". - "only keeping rule with highest 'rev'\n") - unless($config{super_quiet}); - - my ($old_rev) = ($sids{$sid}{single} =~ /\brev\s*:\s*(\d+)\s*;/); - my ($new_rev) = ($single =~ /\brev\s*:\s*(\d+)\s*;/); - - # This is so rules with a rev gets higher prio than - # rules without any rev. - $old_rev = -1 unless (defined($old_rev)); - $new_rev = -1 unless (defined($new_rev)); - - # If this rev is higher than the one in the last stored rule with - # this sid, replace rule with this one. This is also done if the - # revs are equal because we assume the rule appearing last in the - # rules file is the more recent rule. - if ($new_rev >= $old_rev) { - $sids{$sid}{single} = $single; - $sids{$sid}{multi} = $multi; - } - - # No dup. - } else { - $sids{$sid}{single} = $single; - $sids{$sid}{multi} = $multi; - } - } - } - - # Phase #2 - read all rules files again, but when writing active rules - # back to the files, use the one stored in the sid hash (which is free of dups). - foreach my $file (sort(keys(%$newfiles_ref))) { - - open(INFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @infile = <INFILE>; - close(INFILE); - - # Write back to the same file. - open(OUTFILE, ">", "$file") - or clean_exit("could not open $file for writing: $!"); - - my ($single, $multi, $nonrule, $msg, $sid); - - RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($nonrule)) { - print OUTFILE "$nonrule"; - next RULELOOP; - } - - # Even if it was a single-line rule, we want a copy in $multi. - $multi = $single unless (defined($multi)); - - # If this rule is marked as localized and has not yet been written, - # write the old version to the new rules file. - if (exists($$local_sid_ref{$sid}) && !exists($sids{$sid}{printed})) { - - # Just ignore the rule in the downloaded file if it doesn't - # exist in the same local file. - unless(exists($$rh_tmp_ref{old}{rules}{basename($file)}{$sid})) { - warn("WARNING: SID $sid is marked as local and exists in ". - "downloaded " . basename($file) . " but the SID does not ". - "exist in the local file, ignoring rule\n") - if ($config{verbose}); - - next RULELOOP; - } - - print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}; - $sids{$sid}{printed} = 1; - - warn("SID $sid is marked as local, keeping your version from ". - basename($file) . ".\n". - "Your version: $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}". - "Downloaded version: $multi\n") - if ($config{verbose}); - - next RULELOOP; - } - - my %rule = ( - single => $single, - multi => $multi, - ); - - # modify/disable/enable this rule. Possible verbose messages and warnings - # will not be printed (again) as this was done in the first phase. - # We send the stats to a dummy var as this was collected on the - # first phase as well. - process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref, - \%rule, $sid, \my %unused_stats, 0, basename($file)); - - $single = $rule{single}; - $multi = $rule{multi}; - - # Disabled rules are printed right back to the file, unless - # there also is an active rule with the same sid. Als o make - # sure we only print the sid once, even though it's disabled. - if ($multi =~ /^#/ && !exists($sids{$sid}) && !exists($sids{$sid}{printed})) { - print OUTFILE $multi; - $sids{$sid}{printed} = 1; - next RULELOOP; - } - - # If this sid has not yet been printed and this is the place where - # the sid with the highest rev was, print the rule to the file. - # (There can be multiple totally different rules with the same sid - # and we don't want to put the wrong rule in the wrong place. - if (!exists($sids{$sid}{printed}) && $single eq $sids{$sid}{single}) { - print OUTFILE $multi; - $sids{$sid}{printed} = 1; - } - } - - close(OUTFILE); - } - - print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ". - "modified $stats{modified}, total=$stats{total}\n" - unless ($config{quiet}); - - # Print warnings on attempt at enablesid/disablesid/localsid on non-existent - # rule if we're in verbose mode. - if ($config{verbose}) { - foreach my $sid (keys(%$enable_sid_ref)) { - warn("WARNING: attempt to use \"enablesid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $sid (keys(%$disable_sid_ref)) { - warn("WARNING: attempt to use \"disablesid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $sid (keys(%$local_sid_ref)) { - warn("WARNING: attempt to use \"localsid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - } - - # Print warnings on attempt at modifysid'ing non-existent stuff, unless quiet mode. - unless ($config{quiet}) { - my %new_files; - foreach my $file (sort(keys(%$newfiles_ref))) { - $new_files{basename($file)} = 1; - } - - my %mod_tmp; - foreach my $mod_expr (@$modify_sid_ref) { - my ($type, $arg) = ($mod_expr->[2], $mod_expr->[3]); - $mod_tmp{$type}{$arg} = 1; - } - - foreach my $sid (keys(%{$mod_tmp{sid}})) { - warn("WARNING: attempt to use \"modifysid\" on non-existent SID $sid\n") - unless (exists($sids{$sid})); - } - - foreach my $file (keys(%{$mod_tmp{file}})) { - warn("WARNING: attempt to use \"modifysid\" on non-existent file $file\n") - unless(exists($new_files{$file})); - } - } - - # Return total number of valid rules. - return ($stats{total}); -} - - - -# Process (modify/enable/disable) a rule as requested. -sub process_rule($ $ $ $ $ $ $ $) -{ - my $modify_sid_ref = shift; - my $disable_sid_ref = shift; - my $enable_sid_ref = shift; - my $rule_ref = shift; - my $sid = shift; - my $stats_ref = shift; - my $print_messages = shift; - my $filename = shift; - - # Just for easier access. - my $single = $$rule_ref{single}; - my $multi = $$rule_ref{multi}; - - # Some rules may be commented out by default. - # Enable them if -e is specified (both single-line and multi-line, - # version, because we don't know which version one we're going to - # use below. - # Enable them if -e is specified. - if ($multi =~ /^#/ && $config{enable_all}) { - $multi =~ s/^#*//; - $multi =~ s/\n#*/\n/g; - $single =~ s/^#*//; - $$stats_ref{enabled}++; - } - - # Modify rule if requested. For disablesid/enablesid we work - # on the multi-line version of the rule (if exists). For - # modifysid that's no good since we don't know where in the - # rule the trailing backslashes and newlines are going to be - # and we don't want them to affect the regexp. - MOD_EXP:foreach my $mod_expr (@$modify_sid_ref) { - my ($subst, $repl, $type, $arg) = - ($mod_expr->[0], $mod_expr->[1], $mod_expr->[2], $mod_expr->[3]); - - my $print_modify_warnings = 0; - $print_modify_warnings = 1 if (!$config{super_quiet} && $print_messages && $type eq "sid"); - - if ($type eq "wildcard" || ($type eq "sid" && $sid eq $arg) || - ($type eq "file" && $filename eq $arg)) { - - if ($single =~ /$subst/si) { - print STDERR "Modifying rule, SID=$sid, filename=$filename, ". - "match type=$type, subst=$subst, ". - "repl=$repl\nBefore: $single" - if ($print_messages && $config{verbose}); - - - # If user specified a backreference but the regexp did not set $1 - don't modify rule. - if (!defined($1) && ($repl =~ /[^\\]\$\d+/ || $repl =~ /[^\\]\$\{\d+\}/ - || $repl =~ /^qq\/\$\d+/ || $repl =~ /^qq\/\$\{\d+\}/)) { - warn("WARNING: SID $sid matches modifysid expression \"$subst\" but ". - "backreference variable \$1 is undefined after match, ". - "keeping original rule\n") - if ($print_modify_warnings); - next MOD_EXP; - } - - # Do the substitution on the single-line version and put it - # back in $multi. - $single =~ s/$subst/$repl/eei; - $multi = $single; - - print STDERR "After: $single\n" - if ($print_messages && $config{verbose}); - - $$stats_ref{modified}++; - } else { - if ($print_modify_warnings) { - warn("WARNING: SID $sid does not match modifysid ". - "expression \"$subst\", keeping original rule\n"); - } - } - } - } - - # Disable rule if requested and it's not already disabled. - if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) { - $multi = "#$multi"; - $multi =~ s/\n([^#].+)/\n#$1/g; - $$stats_ref{disabled}++; - } - - # Enable rule if requested and it's not already enabled. - if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) { - $multi =~ s/^#+//; - $multi =~ s/\n#+(.+)/\n$1/g; - $$stats_ref{enabled}++; - } - - $$rule_ref{single} = $single; - $$rule_ref{multi} = $multi; -} - - - -# Setup rules hash. -# Format for rules will be: rh{old|new}{rules{filename}{sid} = single-line rule -# Format for non-rules will be: rh{old|new}{other}{filename} = array of lines -# List of added files will be stored as rh{added_files}{filename} -sub setup_rules_hash($ $) -{ - my $new_files_ref = shift; - my $output_dir = shift; - - my (%rh, %old_sids); - - print STDERR "Setting up rules structures... " - unless ($config{quiet}); - - foreach my $file (sort(keys(%$new_files_ref))) { - warn("\nWARNING: downloaded rules file $file is empty\n") - if (!-s "$file" && $config{verbose}); - - open(NEWFILE, "<", "$file") - or clean_exit("could not open $file for reading: $!"); - my @newfile = <NEWFILE>; - close(NEWFILE); - - # From now on we don't care about the path, so remove it. - $file = basename($file); - - my ($single, $multi, $nonrule, $msg, $sid); - - while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg, \$sid)) { - if (defined($single)) { - $rh{new}{rules}{"$file"}{"$sid"} = $single; - } else { - push(@{$rh{new}{other}{"$file"}}, $nonrule); - } - } - - # Also read in old (aka local) file if it exists. - # We do a sid dup check in these files. - if (-f "$output_dir/$file") { - open(OLDFILE, "<", "$output_dir/$file") - or clean_exit("could not open $output_dir/$file for reading: $!"); - my @oldfile = <OLDFILE>; - close(OLDFILE); - - while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule, undef, \$sid)) { - if (defined($single)) { - warn("\nWARNING: duplicate SID in your local rules, SID ". - "$sid exists multiple times, you may need to fix this manually!\n") - if (exists($old_sids{$sid})); - - $rh{old}{rules}{"$file"}{"$sid"} = $single; - $old_sids{$sid}++; - } else { - push(@{$rh{old}{other}{"$file"}}, $nonrule); - } - } - } else { - $rh{added_files}{"$file"}++; - } - } - - print STDERR "done.\n" - unless ($config{quiet}); - - return (%rh); -} - - - -# Return lines that exist only in first array but not in second one. -sub get_first_only($ $ $) -{ - my $first_only_ref = shift; - my $first_arr_ref = shift; - my $second_arr_ref = shift; - my %arr_hash; - - @arr_hash{@$second_arr_ref} = (); - - foreach my $line (@$first_arr_ref) { - - # Skip blank lines and CVS Id tags. - next unless ($line =~ /\S/); - next if ($line =~ /^\s*#+\s*\$I\S:.+Exp\s*\$/); - - push(@$first_only_ref, $line) - unless(exists($arr_hash{$line})); - } -} - - - -# Backup files in output dir matching $config{update_files} into the backup dir. -sub make_backup($ $) -{ - my $src_dir = shift; # dir with the rules to be backed up - my $dest_dir = shift; # where to put the backup tarball - - my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5]; - - my $date = sprintf("%4d%02d%02d-%02d%02d%02d", - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - - my $backup_tarball = "rules-backup-$date.tar"; - my $backup_tmp_dir = File::Spec->catdir("$tmpdir", "rules-backup-$date"); - my $dest_file = File::Spec->catfile("$dest_dir", "$backup_tarball.gz"); - - print STDERR "Creating backup of old rules..." - unless ($config{quiet}); - - mkdir("$backup_tmp_dir", 0700) - or clean_exit("could not create temporary backup directory $backup_tmp_dir: $!"); - - # Copy all rules files from the rules dir to the temporary backup dir. - opendir(OLDRULES, "$src_dir") - or clean_exit("could not open directory $src_dir: $!"); - - while ($_ = readdir(OLDRULES)) { - next if (/^\.\.?$/); - if (/$config{update_files}/) { - my $src_file = untaint_path("$src_dir/$_"); - copy("$src_file", "$backup_tmp_dir/") - or warn("WARNING: could not copy $src_file to $backup_tmp_dir/: $!"); - } - } - - closedir(OLDRULES); - - # Also backup the -U <file> (as "variable-file.conf") if specified. - if ($config{update_vars}) { - copy("$config{varfile}", "$backup_tmp_dir/variable-file.conf") - or warn("WARNING: could not copy $config{varfile} to $backup_tmp_dir: $!") - } - - my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir())); - - # Change directory to $tmpdir (so we'll be right below the directory where - # we have our rules to be backed up). - chdir("$tmpdir") or clean_exit("could not change directory to $tmpdir: $!"); - - if ($config{use_external_bins}) { - clean_exit("tar command returned error when archiving backup files.\n") - if (system("tar","cf","$backup_tarball","rules-backup-$date")); - - clean_exit("gzip command returned error when compressing backup file.\n") - if (system("gzip","$backup_tarball")); - - $backup_tarball .= ".gz"; - - } else { - my $tar = Archive::Tar->new; - opendir(RULES, "rules-backup-$date") - or clean_exit("unable to open directory \"rules-backup-$date\": $!"); - - while ($_ = readdir(RULES)) { - next if (/^\.\.?$/); - $tar->add_files("rules-backup-$date/$_"); - } - - closedir(RULES); - - $backup_tarball .= ".gz"; - - # Write tarball. Print stupid error message if it fails as - # we can't use $tar->error or Tar::error on all platforms. - $tar->write("$backup_tarball", 1); - - clean_exit("could not create backup archive: tarball empty after creation\n") - unless (-s "$backup_tarball"); - } - - # Change back to old directory (so it will work with -b <directory> as either - # an absolute or a relative path. - chdir("$old_dir") - or clean_exit("could not change directory back to $old_dir: $!"); - - copy("$tmpdir/$backup_tarball", "$dest_file") - or clean_exit("unable to copy $tmpdir/$backup_tarball to $dest_file/: $!\n"); - - print STDERR " saved as $dest_file.\n" - unless ($config{quiet}); -} - - - -# Print the results. -sub print_changes($ $) -{ - my $ch_ref = shift; - my $rh_ref = shift; - - my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5]; - - my $date = sprintf("%4d%02d%02d %02d:%02d:%02d", - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - - print "\n[***] Results from Oinkmaster started $date [***]\n"; - - # Print new variables. - if ($config{update_vars}) { - if ($#{$$ch_ref{new_vars}} > -1) { - print "\n[*] New variables: [*]\n"; - foreach my $var (@{$$ch_ref{new_vars}}) { - print " $var"; - } - } else { - print "\n[*] New variables: [*]\n None.\n" - unless ($config{super_quiet}); - } - } - - - # Print rules modifications. - print "\n[*] Rules modifications: [*]\n None.\n" - if (!keys(%{$$ch_ref{rules}}) && !$config{super_quiet}); - - # Print added rules. - if (exists($$ch_ref{rules}{added})) { - print "\n[+++] Added rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{added}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Added to", - \%{$$ch_ref{rules}{added}}, $rh_ref); - } - } - - # Print enabled rules. - if (exists($$ch_ref{rules}{ena})) { - print "\n[+++] Enabled rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{ena}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Enabled in", - \%{$$ch_ref{rules}{ena}}, $rh_ref); - } - } - - # Print enabled + modified rules. - if (exists($$ch_ref{rules}{ena_mod})) { - print "\n[+++] Enabled and modified rules: [+++]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{ena_mod}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Enabled and modified in", - \%{$$ch_ref{rules}{ena_mod}}, $rh_ref); - } - } - - # Print modified active rules. - if (exists($$ch_ref{rules}{mod_act})) { - print "\n[///] Modified active rules: [///]\n"; - - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{mod_act}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Modified active in", - \%{$$ch_ref{rules}{mod_act}}, $rh_ref); - } - } - - # Print modified inactive rules. - if (exists($$ch_ref{rules}{mod_ina})) { - print "\n[///] Modified inactive rules: [///]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{mod_ina}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Modified inactive in", - \%{$$ch_ref{rules}{mod_ina}}, $rh_ref); - } - } - - # Print disabled + modified rules. - if (exists($$ch_ref{rules}{dis_mod})) { - print "\n[---] Disabled and modified rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{dis_mod}}, $rh_ref); - } else { - print_changetype($PRINT_BOTH, "Disabled and modified in", - \%{$$ch_ref{rules}{dis_mod}}, $rh_ref); - } - } - - # Print disabled rules. - if (exists($$ch_ref{rules}{dis})) { - print "\n[---] Disabled rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{dis}}, $rh_ref); - } else { - print_changetype($PRINT_NEW, "Disabled in", - \%{$$ch_ref{rules}{dis}}, $rh_ref); - } - } - - # Print removed rules. - if (exists($$ch_ref{rules}{removed})) { - print "\n[---] Removed rules: [---]\n"; - if ($config{summary_output}) { - print_summary_change(\%{$$ch_ref{rules}{removed}}, $rh_ref); - } else { - print_changetype($PRINT_OLD, "Removed from", - \%{$$ch_ref{rules}{removed}}, $rh_ref); - } - } - - - # Print non-rule modifications. - print "\n[*] Non-rule line modifications: [*]\n None.\n" - if (!keys(%{$$ch_ref{other}}) && !$config{super_quiet}); - - # Print added non-rule lines. - if (exists($$ch_ref{other}{added})) { - print "\n[+++] Added non-rule lines: [+++]\n"; - foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{added}}))) { - my $num = $#{$$ch_ref{other}{added}{$file}} + 1; - print "\n -> Added to $file ($num):\n"; - foreach my $line (@{$$ch_ref{other}{added}{$file}}) { - print " $line"; - } - } - } - - # Print removed non-rule lines. - if (keys(%{$$ch_ref{other}{removed}}) > 0) { - print "\n[---] Removed non-rule lines: [---]\n"; - foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{removed}}))) { - my $num = $#{$$ch_ref{other}{removed}{$file}} + 1; - print "\n -> Removed from $file ($num):\n"; - foreach my $other (@{$$ch_ref{other}{removed}{$file}}) { - print " $other"; - } - } - } - - - # Print list of added files. - if (keys(%{$$ch_ref{added_files}})) { - print "\n[+] Added files (consider updating your snort.conf to include them if needed): [+]\n\n"; - foreach my $added_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{added_files}}))) { - print " -> $added_file\n"; - } - } else { - print "\n[*] Added files: [*]\n None.\n" - unless ($config{super_quiet} || $config{summary_output}); - } - - # Print list of possibly removed files if requested. - if ($config{check_removed}) { - if (keys(%{$$ch_ref{removed_files}})) { - print "\n[-] Files possibly removed from the archive ". - "(consider removing them from your snort.conf if needed): [-]\n\n"; - foreach my $removed_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{removed_files}}))) { - print " -> $removed_file\n"; - } - } else { - print "\n[*] Files possibly removed from the archive: [*]\n None.\n" - unless ($config{super_quiet} || $config{summary_output}); - } - } - - print "\n"; -} - - - -# Helper for print_changes(). -sub print_changetype($ $ $ $) -{ - my $type = shift; # $PRINT_OLD|$PRINT_NEW|$PRINT_BOTH - my $string = shift; # string to print before filename - my $ch_ref = shift; # reference to an entry in the rules changes hash - my $rh_ref = shift; # reference to rules hash - - foreach my $file (sort({uc($a) cmp uc($b)} keys(%$ch_ref))) { - my $num = keys(%{$$ch_ref{$file}}); - print "\n -> $string $file ($num):\n"; - foreach my $sid (keys(%{$$ch_ref{$file}})) { - if ($type == $PRINT_OLD) { - print " $$rh_ref{old}{rules}{$file}{$sid}" - } elsif ($type == $PRINT_NEW) { - print " $$rh_ref{new}{rules}{$file}{$sid}" - } elsif ($type == $PRINT_BOTH) { - - my $old = $$rh_ref{old}{rules}{$file}{$sid}; - my $new = $$rh_ref{new}{rules}{$file}{$sid}; - - if ($config{minimize_diff}) { - my ($old, $new) = minimize_diff($old, $new); - print "\n old SID $sid: $old"; - print " new SID $sid: $new"; - } else { - print "\n old: $old"; - print " new: $new"; - } - } - } - } -} - - - -# Print changes in bmc style, i.e. only sid and msg, no full details. -sub print_summary_change($ $) -{ - my $ch_ref = shift; # reference to an entry in the rules changes hash - my $rh_ref = shift; # reference to rules hash - - my (@sids, %sidmap); - - print "\n"; - - # First get all the sids (may be spread across multiple files. - foreach my $file (keys(%$ch_ref)) { - foreach my $sid (keys(%{$$ch_ref{$file}})) { - push(@sids, $sid); - if (exists($$rh_ref{new}{rules}{$file}{$sid})) { - $sidmap{$sid}{rule} = $$rh_ref{new}{rules}{$file}{$sid}; - } else { - $sidmap{$sid}{rule} = $$rh_ref{old}{rules}{$file}{$sid}; - } - $sidmap{$sid}{file} = $file; - } - } - - # Print rules, sorted by sid. - foreach my $sid (sort {$a <=> $b} (@sids)) { - my @rule = $sidmap{$sid}{rule}; - my $file = $sidmap{$sid}{file}; - get_next_entry(\@rule, undef, undef, undef, \(my $msg), undef); - printf("%8d - %s (%s)\n", $sid, $msg, $file); - } - - print "\n"; -} - - - -# Compare the new rules to the old ones. -sub get_changes($ $ $) -{ - my $rh_ref = shift; - my $new_files_ref = shift; - my $rules_dir = shift; - my %changes; - - print STDERR "Comparing new files to the old ones... " - unless ($config{quiet}); - - # We have the list of added files (without full path) in $rh_ref{added_files} - # but we'd rather want to have it in $changes{added_files} now. - $changes{added_files} = $$rh_ref{added_files}; - - # New files are also regarded as modified since we want to update - # (i.e. add) those as well. Here we want them with full path. - foreach my $file (keys(%{$changes{added_files}})) { - $changes{modified_files}{"$tmpdir/$rules_dir/$file"}++; - } - - # Add list of possibly removed files if requested. - if ($config{check_removed}) { - opendir(OLDRULES, "$config{output_dir}") - or clean_exit("could not open directory $config{output_dir}: $!"); - - while ($_ = readdir(OLDRULES)) { - next if (/^\.\.?$/); - $changes{removed_files}{"$_"} = 1 - if (/$config{update_files}/ && - !exists($config{file_ignore_list}{$_}) && - !-e "$tmpdir/$rules_dir/$_"); - } - - closedir(OLDRULES); - } - - # For each new rules file... - FILELOOP:foreach my $file_w_path (sort(keys(%$new_files_ref))) { - my $file = basename($file_w_path); - - # Skip comparison if it's an added file. - next FILELOOP if (exists($$rh_ref{added_files}{$file})); - - # For each sid in the new file... - foreach my $sid (keys(%{$$rh_ref{new}{rules}{$file}})) { - my $new_rule = $$rh_ref{new}{rules}{$file}{$sid}; - - # Sid also exists in the old file? - if (exists($$rh_ref{old}{rules}{$file}{$sid})) { - my $old_rule = $$rh_ref{old}{rules}{$file}{$sid}; - - # Are they identical? - unless ($new_rule eq $old_rule) { - $changes{modified_files}{$file_w_path}++; - - # Find out in which way the rules are different. - if ("#$old_rule" eq $new_rule) { - $changes{rules}{dis}{$file}{$sid}++; - } elsif ($old_rule eq "#$new_rule") { - $changes{rules}{ena}{$file}{$sid}++; - } elsif ($old_rule =~ /^\s*#/ && $new_rule !~ /^\s*#/) { - $changes{rules}{ena_mod}{$file}{$sid}++; - } elsif ($old_rule !~ /^\s*#/ && $new_rule =~ /^\s*#/) { - $changes{rules}{dis_mod}{$file}{$sid}++; - } elsif ($old_rule =~ /^\s*#/ && $new_rule =~ /^\s*#/) { - $changes{rules}{mod_ina}{$file}{$sid}++; - } else { - $changes{rules}{mod_act}{$file}{$sid}++; - } - - } - } else { # sid not found in old file, i.e. it's added - $changes{modified_files}{$file_w_path}++; - $changes{rules}{added}{$file}{$sid}++; - } - } # foreach sid - - # Check for removed rules, i.e. sids that exist in the old file but - # not in the new one. - foreach my $sid (keys(%{$$rh_ref{old}{rules}{$file}})) { - unless (exists($$rh_ref{new}{rules}{$file}{$sid})) { - $changes{modified_files}{$file_w_path}++; - $changes{rules}{removed}{$file}{$sid}++; - } - } - - # Check for added non-rule lines. - get_first_only(\my @added, - \@{$$rh_ref{new}{other}{$file}}, - \@{$$rh_ref{old}{other}{$file}}); - - if (scalar(@added)) { - @{$changes{other}{added}{$file}} = @added; - $changes{modified_files}{$file_w_path}++; - } - - # Check for removed non-rule lines. - get_first_only(\my @removed, - \@{$$rh_ref{old}{other}{$file}}, - \@{$$rh_ref{new}{other}{$file}}); - - if (scalar(@removed)) { - @{$changes{other}{removed}{$file}} = @removed; - $changes{modified_files}{$file_w_path}++; - } - - } # foreach new file - - print STDERR "done.\n" unless ($config{quiet}); - - return (%changes); -} - - - -# Simply copy the modified rules files to the output directory. -sub update_rules($ @) -{ - my $dst_dir = shift; - my @modified_files = @_; - - print STDERR "Updating local rules files... " - if (!$config{quiet} || $config{interactive}); - - foreach my $file_w_path (@modified_files) { - copy("$file_w_path", "$dst_dir") - or clean_exit("could not copy $file_w_path to $dst_dir: $!"); - } - - print STDERR "done.\n" - if (!$config{quiet} || $config{interactive}); -} - - -# Simply copy rules files from one dir to another. -# Links are not allowed. -sub copy_rules($ $) -{ - my $src_dir = shift; - my $dst_dir = shift; - - print STDERR "Copying rules from $src_dir... " - if (!$config{quiet} || $config{interactive}); - - opendir(SRC_DIR, $src_dir) - or clean_exit("could not open directory $src_dir: $!"); - - my $num_files = 0; - while ($_ = readdir(SRC_DIR)) { - next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) - || !/$config{update_files}/); - - my $src_file = untaint_path("$src_dir/$_"); - - # Make sure it's a regular file. - unless (-f "$src_file" && !-l "$src_file") { - closedir(SRC_DIR); - clean_exit("\"$src_file\" is not a regular file.") - } - - unless (copy($src_file, $dst_dir)) { - closedir(SRC_DIR); - clean_exit("could not copy \"$src_file\" to \"$dst_dir\"/: $!"); - } - $num_files++; - } - - closedir(SRC_DIR); - - print STDERR "$num_files files copied.\n" - if (!$config{quiet} || $config{interactive}); -} - - - -# Return true if file is in PATH and is executable. -sub is_in_path($) -{ - my $file = shift; - - foreach my $dir (File::Spec->path()) { - if ((-f "$dir/$file" && -x "$dir/$file") - || (-f "$dir/$file.exe" && -x "$dir/$file.exe")) { - print STDERR "Found $file binary in $dir\n" - if ($config{verbose}); - return (1); - } - } - - return (0); -} - - - -# get_next_entry() will parse the array referenced in the first arg -# and return the next entry. The array should contain a rules file, -# and the returned entry will be removed from the array. -# An entry is one of: -# - single-line rule (put in 2nd ref) -# - multi-line rule (put in 3rd ref) -# - non-rule line (put in 4th ref) -# If the entry is a multi-line rule, its single-line version is also -# returned (put in the 2nd ref). -# If it's a rule, the msg string will be put in 4th ref and sid in 5th. -sub get_next_entry($ $ $ $ $ $) -{ - my $arr_ref = shift; - my $single_ref = shift; - my $multi_ref = shift; - my $nonrule_ref = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$single_ref); - undef($$multi_ref); - undef($$nonrule_ref); - undef($$msg_ref); - undef($$sid_ref); - - my $line = shift(@$arr_ref) || return(0); - my $disabled = 0; - my $broken = 0; - - chomp($line); - $line .= "\n"; - - # Possible beginning of multi-line rule? - if ($line =~ /$MULTILINE_RULE_REGEXP/oi) { - $$single_ref = $line; - $$multi_ref = $line; - - $disabled = 1 if ($line =~ /^\s*#/); - - # Keep on reading as long as line ends with "\". - while (!$broken && $line =~ /\\\s*\n$/) { - - # Remove trailing "\" and newline for single-line version. - $$single_ref =~ s/\\\s*\n//; - - # If there are no more lines, this can not be a valid multi-line rule. - if (!($line = shift(@$arr_ref))) { - - warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n") - if ($config{verbose}); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Multi-line continuation. - $$multi_ref .= $line; - - # If there are non-comment lines in the middle of a disabled rule, - # mark the rule as broken to return as non-rule lines. - if ($line !~ /^\s*#/ && $disabled) { - $broken = 1; - } elsif ($line =~ /^\s*#/ && !$disabled) { - # comment line (with trailing slash) in the middle of an active rule - ignore it - } else { - $line =~ s/^\s*#*\s*//; # remove leading # in single-line version - $$single_ref .= $line; - } - - } # while line ends with "\" - - # Single-line version should now be a valid rule. - # If not, it wasn't a valid multi-line rule after all. - if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) { - - $$single_ref =~ s/^\s*//; # remove leading whitespaces - $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading # - $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - $$multi_ref =~ s/^\s*//; - $$multi_ref =~ s/\s*\n$/\n/; - $$multi_ref =~ s/^#+\s*/#/; - - return (1); # return multi - - # Invalid multi-line rule. - } else { - warn("\nWARNING: invalid multi-line rule: $$single_ref\n") - if ($config{verbose} && $$multi_ref !~ /^\s*#/); - - @_ = split(/\n/, $$multi_ref); - - undef($$multi_ref); - undef($$single_ref); - - # First line of broken multi-line rule will be returned as a non-rule line. - $$nonrule_ref = shift(@_) . "\n"; - $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces - - # The rest is put back to the array again. - foreach $_ (reverse((@_))) { - unshift(@$arr_ref, "$_\n"); - } - - return (1); # return non-rule - } - - # Check if it's a regular single-line rule. - } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) { - $$single_ref = $line; - $$single_ref =~ s/^\s*//; - $$single_ref =~ s/^#+\s*/#/; - $$single_ref =~ s/\s*\n$/\n/; - - return (1); # return single - - # Non-rule line. - } else { - - # Do extra check and warn if it *might* be a rule anyway, - # but that we just couldn't parse for some reason. - warn("\nWARNING: line may be a rule but it could not be parsed ". - "(missing sid?): $line\n") - if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/); - - $$nonrule_ref = $line; - $$nonrule_ref =~ s/\s*\n$/\n/; - - return (1); # return non-rule - } -} - - - -# Look for variables that exist in dist var files but not in local var file. -sub get_new_vars($ $ $ $) -{ - my $ch_ref = shift; - my $dist_var_files_ref = shift; - my $local_var_file = shift; - my $url_tmpdirs_ref = shift; - - my %new_vars; - my (%old_vars, %dist_var_files, %found_dist_var_files); - my $confs_found = 0; - - - # Warn in case we can't find a specified dist file. - foreach my $dir (@$url_tmpdirs_ref) { - foreach my $dist_var_file (@$dist_var_files_ref) { - if (-e "$dir/$dist_var_file") { - $found_dist_var_files{$dist_var_file} = 1; - $confs_found++; - } - } - } - - foreach my $dist_var_file (@$dist_var_files_ref) { - unless (exists($found_dist_var_files{$dist_var_file})) { - warn("WARNING: did not find variable file \"$dist_var_file\" in ". - "downloaded archive(s)\n") - unless($config{quiet}); - } - } - - unless ($confs_found) { - unless ($config{quiet}) { - warn("WARNING: no variable files found in downloaded archive(s), ". - "aborting check for new variables\n"); - return; - } - } - - # Read in variable names from old (target) var file. - open(LOCAL_VAR_FILE, "<", "$local_var_file") - or clean_exit("could not open $local_var_file for reading: $!"); - - my @local_var_conf = <LOCAL_VAR_FILE>; - - foreach $_ (join_multilines(\@local_var_conf)) { - $old_vars{lc($1)}++ if (/$VAR_REGEXP/i); - } - - close(LOCAL_VAR_FILE); - - # Read in variables from new file(s). - foreach my $dir (@$url_tmpdirs_ref) { - foreach my $dist_var_file (@$dist_var_files_ref) { - my $conf = "$dir/$dist_var_file"; - if (-e "$conf") { - my $num_new = 0; - print STDERR "Checking downloaded $dist_var_file for new variables... " - unless ($config{quiet}); - - open(DIST_CONF, "<", "$conf") - or clean_exit("could not open $conf for reading: $!"); - my @dist_var_conf = <DIST_CONF>; - close(DIST_CONF); - - foreach $_ (join_multilines(\@dist_var_conf)) { - if (/$VAR_REGEXP/i && !exists($old_vars{lc($1)})) { - my ($varname, $varval) = (lc($1), $2); - if (exists($new_vars{$varname})) { - warn("\nWARNING: new variable \"$varname\" is defined multiple ". - "times in downloaded files\n"); - } - s/^\s*//; - push(@{$$ch_ref{new_vars}}, "$_\n"); - $new_vars{$varname} = $varval; - $num_new++; - } - } - - close(DIST_CONF); - print STDERR "$num_new new found.\n" - unless ($config{quiet}); - } - } - } -} - - - -# Add new variables to local snort.conf. -sub add_new_vars($ $) -{ - my $ch_ref = shift; - my $varfile = shift; - my $tmp_varfile = "$tmpdir/tmp_varfile.conf"; - my $new_content; - - return unless ($#{$changes{new_vars}} > -1); - - print STDERR "Adding new variables to $varfile... " - unless ($config{quiet}); - - open(OLD_LOCAL_CONF, "<", "$varfile") - or clean_exit("could not open $varfile for reading: $!"); - my @old_content = <OLD_LOCAL_CONF>; - close(OLD_LOCAL_CONF); - - open(NEW_LOCAL_CONF, ">", "$tmp_varfile") - or clean_exit("could not open $tmp_varfile for writing: $!"); - - my @old_vars = grep(/$VAR_REGEXP/i, @old_content); - - - # If any vars exist in old file, put new vars right after them. - if ($#old_vars > -1) { - while ($_ = shift(@old_content)) { - print NEW_LOCAL_CONF $_; - last if ($_ eq $old_vars[$#old_vars]); - } - } - - print NEW_LOCAL_CONF @{$changes{new_vars}}; - print NEW_LOCAL_CONF @old_content; - - close(NEW_LOCAL_CONF); - - clean_exit("could not copy $tmp_varfile to $varfile: $!") - unless (copy("$tmp_varfile", "$varfile")); - - print STDERR "done.\n" - unless ($config{quiet}); -} - - - -# Convert msdos style path to cygwin style, e.g. -# c:\foo => /cygdrive/c/foo -sub msdos_to_cygwin_path($) -{ - my $path_ref = shift; - - if ($$path_ref =~ /^([a-zA-Z]):[\/\\](.*)/) { - my ($drive, $dir) = ($1, $2); - $dir =~ s/\\/\//g; - $$path_ref = "/cygdrive/$drive/$dir"; - return (1); - } - - return (0); -} - - - -# Parse and process a modifysid expression. -# Return 1 if valid, or otherwise 0. -sub parse_mod_expr($ $ $ $) -{ - my $mod_list_ref = shift; # where to store valid entries - my $sid_arg_list = shift; # comma-separated list of SIDs/files or wildcard - my $subst = shift; # regexp to look for - my $repl = shift; # regexp to replace it with - - my @tmp_mod_list; - - $sid_arg_list =~ s/\s+$//; - - foreach my $sid_arg (split(/\s*,\s*/, $sid_arg_list)) { - my $type = ""; - - $type = "sid" if ($sid_arg =~ /^\d+$/); - $type = "file" if ($sid_arg =~ /^\S+.*\.\S+$/); - $type = "wildcard" if ($sid_arg eq "*"); - - return (0) unless ($type); - - # Sanity check to make sure user escaped at least all the "$" in $subst. - if ($subst =~ /[^\\]\$./ || $subst =~ /^\$/) { - warn("WARNING: unescaped \$ in expression \"$subst\", all special ". - "characters must be escaped\n"); - return (0); - } - - # Only allow backreference variables. The check should at least catch some user typos. - if (($repl =~ /[^\\]\$(\D.)/ && $1 !~ /{\d/) || $repl =~ /[^\\]\$$/ - || ($repl =~ /^\$(\D.)/ && $1 !~ /{\d/)) { - warn("WARNING: illegal replacement expression \"$repl\": unescaped \$ ". - "that isn't a backreference\n"); - return (0); - } - - # Don't permit unescaped @. - if ($repl =~ /[^\\]\@/ || $repl =~ /^\@/) { - warn("WARNING: illegal replacement expression \"$repl\": unescaped \@\n"); - return (0); - } - - # Make sure the regexp is valid. - my $repl_qq = "qq/$repl/"; - my $dummy = "foo"; - - eval { - $dummy =~ s/$subst/$repl_qq/ee; - }; - - # We should probably check for warnings as well as errors... - if ($@) { - warn("Invalid regexp: $@"); - return (0); - } - - push(@tmp_mod_list, [$subst, $repl_qq, $type, $sid_arg]); - } - - # If we come this far, all sids and the regexp were parsed successfully, so - # append them to real mod list array. - foreach my $mod_entry (@tmp_mod_list) { - push(@$mod_list_ref, $mod_entry); - } - - return (1); -} - - - -# Untaint a path. Die if it contains illegal chars. -sub untaint_path($) -{ - my $path = shift; - my $orig_path = $path; - - return $path unless ($config{use_path_checks}); - - (($path) = $path =~ /^([$OK_PATH_CHARS]+)$/) - or clean_exit("illegal character in path/filename ". - "\"$orig_path\", allowed are $OK_PATH_CHARS\n". - "Fix this or set use_path_checks=0 in oinkmaster.conf ". - "to disable this check completely if it is too strict.\n"); - - return ($path); -} - - - -# Ask user to approve changes. Return 1 for yes, 0 for no. -sub approve_changes() -{ - my $answer = ""; - - while ($answer !~ /^[yn]/i) { - print "Do you approve these changes? [Yn] "; - $answer = <STDIN>; - $answer = "y" unless ($answer =~ /\S/); - } - - return ($answer =~ /^y/i); -} - - - -# Remove common leading and trailing stuff from two rules. -sub minimize_diff($ $) -{ - my $old_rule = shift; - my $new_rule = shift; - - my $original_old = $old_rule; - my $original_new = $new_rule; - - # Additional chars to print next to the diffing part. - my $additional_chars = 20; - - # Remove the rev keyword from the rules, as it often - # makes the whole diff minimizing useless. - $old_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//; - my $old_rev = $1; - - $new_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//; - my $new_rev = $1; - - # If rev was the only thing that changed, we want to restore the rev - # before continuing so we don't remove common stuff from rules that - # are identical. - if ($old_rule eq $new_rule) { - $old_rule = $original_old; - $new_rule = $original_new; - } - - # Temporarily remove possible leading # so it works nicely - # with modified rules that are also being either enabled or disabled. - my $old_is_disabled = 0; - my $new_is_disabled = 0; - - $old_is_disabled = 1 if ($old_rule =~ s/^#//); - $new_is_disabled = 1 if ($new_rule =~ s/^#//); - - # Go forward char by char until they aren't equeal. - # $i will bet set to the index where they diff. - my @old = split(//, $old_rule); - my @new = split(//, $new_rule); - - my $i = 0; - while ($i <= $#old && $i <= $#new && $old[$i] eq $new[$i]) { - $i++; - } - - # Now same thing but backwards. - # $j will bet set to the index where they diff. - @old = reverse(split(//, $old_rule)); - @new = reverse(split(//, $new_rule)); - - my $j = 0; - while ($j <= $#old && $j <= $#new && $old[$j] eq $new[$j]) { - $j++; - } - - # Print some additional chars on either side, if there is room for it. - $i -= $additional_chars; - $i = 0 if ($i < 0); - - $j = -$j + $additional_chars; - $j = 0 if ($j > -1); - - my ($old, $new); - - # Print entire rules (i.e. they can not be shortened). - if (!$i && !$j) { - $old = $old_rule; - $new = $new_rule; - - # Leading and trailing stuff can be removed. - } elsif ($i && $j) { - $old = "..." . substr($old_rule, $i, $j) . "..."; - $new = "..." . substr($new_rule, $i, $j) . "..."; - - # Trailing stuff can be removed. - } elsif (!$i && $j) { - $old = substr($old_rule, $i, $j) . "..."; - $new = substr($new_rule, $i, $j) . "..."; - - # Leading stuff can be removed. - } elsif ($i && !$j) { - $old = "..." . substr($old_rule, $i); - $new = "..." . substr($new_rule, $i); - } - - chomp($old, $new); - $old .= "\n"; - $new .= "\n"; - - # Restore possible leading # now. - $old = "#$old" if ($old_is_disabled); - $new = "#$new" if ($new_is_disabled); - - return ($old, $new); -} - - - -# Check a string and return 1 if it's a valid single-line snort rule. -# Msg string is put in second arg, sid in third (those are the only -# required keywords, besides the leading rule actions). -sub parse_singleline_rule($ $ $) -{ - my $line = shift; - my $msg_ref = shift; - my $sid_ref = shift; - - undef($$msg_ref); - undef($$sid_ref); - - if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) { - - if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) { - $$msg_ref = $1; - } else { - return (0); - } - - if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) { - $$sid_ref = $1; - } else { - return (0); - } - - return (1); - } - - return (0); -} - - - -# Merge multiline directives in an array by simply removing traling backslashes. -sub join_multilines($) -{ - my $multiline_conf_ref = shift; - my $joined_conf = ""; - - foreach $_ (@$multiline_conf_ref) { - s/\\\s*\n$//; - $joined_conf .= $_; - } - - return (split/\n/, $joined_conf); -} - - - -# Catch SIGINT. -sub catch_sigint() -{ - $SIG{INT} = 'IGNORE'; - print STDERR "\nInterrupted, cleaning up.\n"; - sleep(1); - clean_exit("interrupted by signal"); -} - - - -# Remove temporary directory and exit. -# If a non-empty string is given as argument, it will be regarded -# as an error message and we will use die() with the message instead -# of just exit(0). -sub clean_exit($) -{ - my $err_msg = shift; - - $SIG{INT} = 'DEFAULT'; - - if (defined($tmpdir) && -d "$tmpdir") { - chdir(File::Spec->rootdir()); - rmtree("$tmpdir", 0, 1); - undef($tmpdir); - } - - if (!defined($err_msg) || $err_msg eq "") { - exit(0); - } else { - chomp($err_msg); - die("\n$0: Error: $err_msg\n\nOink, oink. Exiting...\n"); - } -} - - - -#### EOF #### diff --git a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl b/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl deleted file mode 100644 index e5f0d39e..00000000 --- a/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/perl -w - -#usage: rename perl_expression [files] -my $usage = qq{rename [-v] s/pat/repl/ [filenames...]\t (c)2001 hellweg\@snark.de -rename files read from the commandline or stdin - -License to use, modify and redistribute granted to each and every lifeform on -this planet (as long as credit to hellweg\@snark.de remains). No guarantee that -'rename' does or does not perform the way you want... - -} ; -$verbose = 0 ; -$quiet = 0 ; - -$op=shift || 0 ; -if($op eq "-v") { - $verbose++ ; $quiet = 0 ; - $op=shift || 0 ; -} -if($op eq "-q") { - $quiet++ ; $verbose = 0 ; - $op=shift || 0 ; -} -if($op =~ /^-h/) { - print $usage; exit(0) ; -} - -if(! $op) { - print $usage; exit(-1) ; -} - -if (!@ARGV) { - @ARGV = <STDIN>; -} - -$count=0 ; -my($m, $d, $y, $T) ; -for (@ARGV) { - chomp ; - if(-e $_) { - $was = $_; - if($op =~ /\$[Tdym]/) { - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime((stat($_))[9]); - $m = sprintf("%0.2i", $mon+1); - $d = sprintf("%0.2i", $mday); - $y = $year + 1900 ; - $T = "$y$m$d" ; - } - eval $op; - die $@ if $@; - if(-f $_) { print("! exists already: $was -> $_ \n") unless $quiet ; } - else { - if(rename($was, $_)) { - print("$was -> $_\n") if $verbose ; - $count++; - } else { - if(/\//) { - # maybe we need to create dirs? - my $createRes = createDirs($_) ; - if($createRes) { - print("! fauled to create $createRes for $_\n") - unless $quiet ; - } - else { # try again - if(rename($was, $_)) { - print("$was -> $_\n") if $verbose ; - $count++; - } else { - print("! failed to rename $was -> $_ \n") - unless $quiet ; - } - } - } - else { - print("! failed to rename $was -> $_ \n") unless $quiet ; - } - } - } - } - else { print("! not found: $_ \n") ; } -} -print("renamed $count files\n") if $verbose ; - - -sub createDirs { # return the dir we failed to create or 0 - my $file = shift ; - my @dirs = split /\//, $file ; - pop @dirs ; # don't try to mkdir the file itself - my $current = "" ; - $current = "/" if ($file =~ /^\//) ; - foreach (@dirs) { - $current .= $_ ; - if(! -d $current) { - mkdir $current, 0700 || return $current ; - print "mkdir $current\n" if ($verbose) ; - } - $current .= "/" ; - } - return 0 ; # success -} diff --git a/config/snort-dev/bin/snort2c b/config/snort-dev/bin/snort2c Binary files differdeleted file mode 100644 index fdc91ac8..00000000 --- a/config/snort-dev/bin/snort2c +++ /dev/null diff --git a/config/snort-dev/css/style.css b/config/snort-dev/css/style.css deleted file mode 100644 index 44568873..00000000 --- a/config/snort-dev/css/style.css +++ /dev/null @@ -1,153 +0,0 @@ -/* Start of main css Pfsense */ -/* Start of main css Pfsense */ - -@charset "utf-8"; -.textstyle { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - background-color: #666; - color: #CCC; -} -.textstyle p2 a { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - color: #CCC; -} - -.textstyle p { - font-family: Arial, Helvetica, sans-serif; - font-size: 24px; - font-weight: bold; - color: #FFF; - text-decoration: underline; -} -.textstyle p2 { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - color: #CCC; -} - -/* Start of main css for table sort */ -/* Start of main css for table sort */ - -table { - margin: 0; - padding: 0; - border: 0; - font-weight: inherit; - font-style: inherit; - font-size: 9; - font-family: Arial, Helvetica, sans-serif; - vertical-align: baseline; -} - -/* Tables still need 'cellspacing="0"' in the markup. */ -table { border-collapse: separate; border-spacing: 0; } -caption, th, td { text-align: left; font-weight:400; } - -/* Remove possible quote marks (") from <q>, <blockquote>. */ -blockquote:before, blockquote:after, q:before, q:after { content: ""; } -blockquote, q { quotes: "" ""; } - -#container { - width: auto; - margin: 0px; - padding-top: 10px; - padding-bottom: 10px; -} - - - -/************************************************************** - - Sortable Table - v 1.4 - -**************************************************************/ - - - -th { - background-color: #eee; - background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; - padding: 4px 4px 4px 14px; -} - -.allRow { - background-color: #eee; - padding: 4px; -} - -tr.altRow { - background-color: #fff; -} - -.leftAlign { - text-align: left; -} - -.centerAlign { - text-align: center; -} - -.rightAlign { - text-align: right; -} - -.sortedASC { - background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; -} - -.sortedDESC { - background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; -} - -.tableHeaderOver { - cursor: pointer; - color: #354158; -} - - -tr.selected { - background-color: 9999ff; - color: #000000; -} - -tr.over { - background-color: #993333; - color: #fff; - cursor: pointer; -} - -tr.hide { - display: none; -} -/***************************/ - -.mainTableFilter { - position: absolute; - top: 0; - left: -10px; - width: auto; -} - -.tableFilter { - border: 1px solid #ccc; - padding: 2px; - margin: 5px 0 10px 0; -} - -.tableFilter input { - border: 1px solid #ccc; -} - -.tableFilter select { - border: 1px solid #ccc; -} - - -/*************************************************************/ - - diff --git a/config/snort-dev/css/style2.css b/config/snort-dev/css/style2.css deleted file mode 100644 index d7a1616c..00000000 --- a/config/snort-dev/css/style2.css +++ /dev/null @@ -1,111 +0,0 @@ -/* ----------------------------------- -general ------------------------------------ */ - -body -{ - margin: 0px; - padding: 0px; - font: 100%/1.4 helvetica, arial, sans-serif; - color: #444; - background: #fff; -} - -h1, h2, h3, h4, h5, h6 -{ - margin: 0 0 1em; - line-height: 1.1; -} - -h2, h3 { color: #003d5d; } -h2 { font-size: 218.75%; } - - -p -{ -margin-top: 35pt; -margin-right: 0pt; -margin-bottom: -25px; -margin-left: 0pt; -text-indent: 25px; -} - -img { border: none; } -a:link { color: #035389; } -a:visited { color: #09619C; } - -/* ----------------------------------- -Play Hide the tab ------------------------------------ */ - -div.items p:not(:target) {display: none} -div.items p:target {display: block} - - -/* ----------------------------------- -layout ------------------------------------ */ - -#container -{ - margin: 0 0px; - background: #fff; -} - -#header -{ - background: #fff; -} - -#header h1 { margin: 0; } - -#navigation -{ - float: left; - width: 100%; - background: #333; -} - -#navigation ul -{ - margin: 0; - padding: 0; -} - -#navigation ul li -{ - list-style-type: none; - display: inline; -} - -#navigation li a -{ - display: block; - float: left; - padding: 5px 10px; - color: #fff; - text-decoration: none; - border-right: 1px solid #fff; -} - -#navigation li a:hover -{ - background-color: #3366cc; - background-image: none; - background-repeat: repeat; - background-attachment: scroll; - background-position: 0% 0%; -} - -#content -{ - clear: left; - padding: 20px; -} - -#content h2 -{ - color: #000; - font-size: 160%; - margin: 0 0 .5em; -}
\ No newline at end of file diff --git a/config/snort-dev/help_and_info.php b/config/snort-dev/help_and_info.php deleted file mode 100644 index 0f4a0c9f..00000000 --- a/config/snort-dev/help_and_info.php +++ /dev/null @@ -1,196 +0,0 @@ -<?php - - require_once("guiconfig.inc"); - -echo ' -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> -<title>Help & Info</title> -<base target="main"> -<script src="./javascript/tabs.js" type="text/javascript"></script> -<link href="./css/style2.css" rel="stylesheet" type="text/css" /> -</head> - -<body> - -<style type="text/css"> -</style> - -<div id="container"> - <div id="header"> - <IMG SRC="./images/logo.jpg" width="780px" height="76" ALT="Snort Package"> - </div> - <div class="navigation" id="navigation"> - <ul> - <li><a href="#item1" target="_self">Home</a></li> - <li><a href="#item2" target="_self">About Me</a></li> - <li><a href="#item3" target="_self">Services</a></li> - <li><a href="#item4" target="_self">Change Log</a></li> - <li><a href="#item7" target="_self">Faq</a></li> - <li><a href="#item6" target="_self">Heros</a></li> - <li><a href="#item5" target="_self">Developers</a></li> - </ul> - </div> - <br> -<div class="content" id="item1"> - <p> - <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be - the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for - network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create - software. - </p> - <p> - <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and - can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port - scans, CGI attacks, SMB probes, and much more. - </p> - <p> - <font size="5"><strong>Requirements :</strong></font><br> - Minimum requirement 256 mb ram, 500 MHz CPU.<br> - Recommended 500 mb ram, 1 Ghz CPU.<br> - The more rules you run the more memory you need.<br> - The more interfaces you select the more memory you need.<br><br> - Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). - </p> -</div> -<div class="content" id="item2"> - <p> -About Me<br><br> -Coming soon............ - -</p> -</div> -<div class="content" id="item3"> - <p> -Services<br><br> -Coming soon............ -</p> -</div> -<div class="content" id="item4"> -<p> -Change Log<br><br> -Coming soon............ -</p> -</div> -<div class="content" id="item5"> -<p> -<font size="5"><strong>PfSense</strong></font> is brought to you by a dedicated group of developers who are security and network professionals by trade. The following people are active developers of the pfSense project. -Username is listed in parenthesis (generally also the person\'s forum username, IRC nickname, etc.).<br><br> - -<font size="5"><strong>Main Snort-dev Package Developer</strong></font><br> -Robert Zelaya<br><br> - -<font size="5"><strong>Founders</strong></font><br> -In alphabetical order<br><br> - -Chris Buechler (cmb)<br> -Scott Ullrich (sullrich)<br><br> - -<font size="5"><strong>Active Developers</strong></font><br> -Listed in order of seniority along with date of first contribution.<br><br> - -Bill Marquette (billm) - February 2005<br> -Holger Bauer (hoba) - May 2005<br> -Erik Kristensen (ekristen) - August 2005<br> -Seth Mos (smos) - November 2005<br> -Scott Dale (sdale) - December 2006<br> -Martin Fuchs (mfuchs) - June 2007<br> -Ermal Luçi (ermal) - January 2008<br> -Matthew Grooms (mgrooms) - July 2008<br> -Mark Crane (mcrane) - October 2008<br> -Jim Pingle (jim-p) - February 2009<br> -Rob Zelaya (robiscool) - March 2009<br> -Renato Botelho (rbgarga) - May 2009<br><br> - -<font size="5"><strong>FreeBSD Developer Assistance</strong></font><br> -We would like to thank the following FreeBSD developers for their assistance.<br><br> - -Max Laier (mlaier)<br> -Christian S.J. Peron (csjp)<br> -Andrew Thompson (thompsa)<br> -Bjoern A. Zeeb (bz)<br><br> - -among many others who help us directly, and everyone who contributes to FreeBSD.<br><br> - -<font size="5"><strong>Inactive Developers</strong></font><br> -The following individuals are no longer active contributors, having moved on because of other commitments, or employers forbidding contributions. We thank them for their past contributions.<br><br> - -Daniel Berlin (dberlin)<br> -Daniel Haischt (dsh)<br> -Espen Johansen (lsf)<br> -Scott Kamp (dingo)<br> -Bachman Kharazmi (bkw)<br> -Fernando Tarlá Cardoso Lemos (fernando)<br> -Kyle Mott (kyle)<br> -Colin Smith (colin)<br> -</p> -</div> -<div class="content" id="item6"> -<p> -Heros<br><br> -Coming soon............ -</p> -</div> -<div class="content" id="item7"> -<p> -=========================<br> - -Q: Do you have a quick install tutorial and tabs explanation.<br> - -A: Yes.<br> - - http://doc.pfsense.org/index.php/Setup_Snort_Package<br> - -=========================<br> - -Q: What interfaces can snort listen on ?<br> - -A: Right now all WAN interfaces and LAN interfaces. But if you select a LAN interface you may need to adjust the snort rules to use the LAN interface.<br> - -==========================<br> - -Q: What logs does the snort package keep. ?<br> - -A: Most of the snort logs are keept in the /var/log/snort.<br> - Snorts syslogs\' are saved to the /var/log/snort/snort_sys_0ng0.<br> - -==========================<br> - -Q: What is the best Performance setting ? or Snort is using 90% cpu and all my memory.<br> - -A: Depends how much memory you have and how many rules you want to run.; lowmem for systems with less than 256 mb memory, ac-bnfa for systems<br> - with over 256 mb of memory. The other options are; ac high memory, best performance, ac-std moderate memory, high performance,acs small<br> - memory, moderate performance,ac-banded small memory,moderate performance,ac-sparsebands small memory, high performance.<br> - - Short version: For most people ac-bnfa is the best setting.<br> - -=========================<br> - -Q: What is the Oinkmaster code ? How do I get the code ?<br> - -A: The Oinkmaster code is your personal password in order to download snort rules.<br> - You get a Oinkmaster code when you register with snort.org. It is free to register.<br> - Goto https://www.snort.org/signup to get your personal code.<br> - -=========================<br> - -Q: What is the Snort.org subscriber option? How do I become a Snort.org subscriber?<br> - -A: Snort.org subscribers get the the latest rule updates 30 days faster than registered users.<br> - Goto http://www.snort.org/vrt/buy-a-subscription/. - It is highly suggested that you get a paid subscription so that you can always have the latest rules.<br> - -=========================<br> - -Q: When did you start working on the snort package.<br> - -A: I started working on the snort package in May 2009.<br> -</p> -</div> -</div> -</body> -</html> -'; -?>
\ No newline at end of file diff --git a/config/snort-dev/images/alert.jpg b/config/snort-dev/images/alert.jpg Binary files differdeleted file mode 100644 index 96c24e35..00000000 --- a/config/snort-dev/images/alert.jpg +++ /dev/null diff --git a/config/snort-dev/images/down.gif b/config/snort-dev/images/down.gif Binary files differdeleted file mode 100644 index 2b3c99fc..00000000 --- a/config/snort-dev/images/down.gif +++ /dev/null diff --git a/config/snort-dev/images/down2.gif b/config/snort-dev/images/down2.gif Binary files differdeleted file mode 100644 index 71bf92eb..00000000 --- a/config/snort-dev/images/down2.gif +++ /dev/null diff --git a/config/snort-dev/images/footer.jpg b/config/snort-dev/images/footer.jpg Binary files differdeleted file mode 100644 index 4af05707..00000000 --- a/config/snort-dev/images/footer.jpg +++ /dev/null diff --git a/config/snort-dev/images/footer2.jpg b/config/snort-dev/images/footer2.jpg Binary files differdeleted file mode 100644 index 3332e085..00000000 --- a/config/snort-dev/images/footer2.jpg +++ /dev/null diff --git a/config/snort-dev/images/icon-table-sort-asc.png b/config/snort-dev/images/icon-table-sort-asc.png Binary files differdeleted file mode 100644 index 0c127919..00000000 --- a/config/snort-dev/images/icon-table-sort-asc.png +++ /dev/null diff --git a/config/snort-dev/images/icon-table-sort-desc.png b/config/snort-dev/images/icon-table-sort-desc.png Binary files differdeleted file mode 100644 index 5c52f2d0..00000000 --- a/config/snort-dev/images/icon-table-sort-desc.png +++ /dev/null diff --git a/config/snort-dev/images/icon-table-sort.png b/config/snort-dev/images/icon-table-sort.png Binary files differdeleted file mode 100644 index 3cae604b..00000000 --- a/config/snort-dev/images/icon-table-sort.png +++ /dev/null diff --git a/config/snort-dev/images/icon_excli.png b/config/snort-dev/images/icon_excli.png Binary files differdeleted file mode 100644 index 4b54fa31..00000000 --- a/config/snort-dev/images/icon_excli.png +++ /dev/null diff --git a/config/snort-dev/images/logo.jpg b/config/snort-dev/images/logo.jpg Binary files differdeleted file mode 100644 index fa01d818..00000000 --- a/config/snort-dev/images/logo.jpg +++ /dev/null diff --git a/config/snort-dev/images/up.gif b/config/snort-dev/images/up.gif Binary files differdeleted file mode 100644 index 89596771..00000000 --- a/config/snort-dev/images/up.gif +++ /dev/null diff --git a/config/snort-dev/images/up2.gif b/config/snort-dev/images/up2.gif Binary files differdeleted file mode 100644 index 21c5a254..00000000 --- a/config/snort-dev/images/up2.gif +++ /dev/null diff --git a/config/snort-dev/javascript/jquery-1.3.2.js b/config/snort-dev/javascript/jquery-1.3.2.js deleted file mode 100644 index 59b71d25..00000000 --- a/config/snort-dev/javascript/jquery-1.3.2.js +++ /dev/null @@ -1,4376 +0,0 @@ -/*! - * jQuery JavaScript Library v1.3.2 - * http://jquery.com/ - * - * Copyright (c) 2009 John Resig - * Dual licensed under the MIT and GPL licenses. - * http://docs.jquery.com/License - * - * Date: 2009-02-19 17:34:21 -0500 (Thu, 19 Feb 2009) - * Revision: 6246 - */ -(function(){ - -var - // Will speed up references to window, and allows munging its name. - window = this, - // Will speed up references to undefined, and allows munging its name. - undefined, - // Map over jQuery in case of overwrite - _jQuery = window.jQuery, - // Map over the $ in case of overwrite - _$ = window.$, - - jQuery = window.jQuery = window.$ = function( selector, context ) { - // The jQuery object is actually just the init constructor 'enhanced' - return new jQuery.fn.init( selector, context ); - }, - - // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, - // Is it a simple selector - isSimple = /^.[^:#\[\.,]*$/; - -jQuery.fn = jQuery.prototype = { - init: function( selector, context ) { - // Make sure that a selection was provided - selector = selector || document; - - // Handle $(DOMElement) - if ( selector.nodeType ) { - this[0] = selector; - this.length = 1; - this.context = selector; - return this; - } - // Handle HTML strings - if ( typeof selector === "string" ) { - // Are we dealing with HTML string or an ID? - var match = quickExpr.exec( selector ); - - // Verify a match, and that no context was specified for #id - if ( match && (match[1] || !context) ) { - - // HANDLE: $(html) -> $(array) - if ( match[1] ) - selector = jQuery.clean( [ match[1] ], context ); - - // HANDLE: $("#id") - else { - var elem = document.getElementById( match[3] ); - - // Handle the case where IE and Opera return items - // by name instead of ID - if ( elem && elem.id != match[3] ) - return jQuery().find( selector ); - - // Otherwise, we inject the element directly into the jQuery object - var ret = jQuery( elem || [] ); - ret.context = document; - ret.selector = selector; - return ret; - } - - // HANDLE: $(expr, [context]) - // (which is just equivalent to: $(content).find(expr) - } else - return jQuery( context ).find( selector ); - - // HANDLE: $(function) - // Shortcut for document ready - } else if ( jQuery.isFunction( selector ) ) - return jQuery( document ).ready( selector ); - - // Make sure that old selector state is passed along - if ( selector.selector && selector.context ) { - this.selector = selector.selector; - this.context = selector.context; - } - - return this.setArray(jQuery.isArray( selector ) ? - selector : - jQuery.makeArray(selector)); - }, - - // Start with an empty selector - selector: "", - - // The current version of jQuery being used - jquery: "1.3.2", - - // The number of elements contained in the matched element set - size: function() { - return this.length; - }, - - // Get the Nth element in the matched element set OR - // Get the whole matched element set as a clean array - get: function( num ) { - return num === undefined ? - - // Return a 'clean' array - Array.prototype.slice.call( this ) : - - // Return just the object - this[ num ]; - }, - - // Take an array of elements and push it onto the stack - // (returning the new matched element set) - pushStack: function( elems, name, selector ) { - // Build a new jQuery matched element set - var ret = jQuery( elems ); - - // Add the old object onto the stack (as a reference) - ret.prevObject = this; - - ret.context = this.context; - - if ( name === "find" ) - ret.selector = this.selector + (this.selector ? " " : "") + selector; - else if ( name ) - ret.selector = this.selector + "." + name + "(" + selector + ")"; - - // Return the newly-formed element set - return ret; - }, - - // Force the current matched set of elements to become - // the specified array of elements (destroying the stack in the process) - // You should use pushStack() in order to do this, but maintain the stack - setArray: function( elems ) { - // Resetting the length to 0, then using the native Array push - // is a super-fast way to populate an object with array-like properties - this.length = 0; - Array.prototype.push.apply( this, elems ); - - return this; - }, - - // Execute a callback for every element in the matched set. - // (You can seed the arguments with an array of args, but this is - // only used internally.) - each: function( callback, args ) { - return jQuery.each( this, callback, args ); - }, - - // Determine the position of an element within - // the matched set of elements - index: function( elem ) { - // Locate the position of the desired element - return jQuery.inArray( - // If it receives a jQuery object, the first element is used - elem && elem.jquery ? elem[0] : elem - , this ); - }, - - attr: function( name, value, type ) { - var options = name; - - // Look for the case where we're accessing a style value - if ( typeof name === "string" ) - if ( value === undefined ) - return this[0] && jQuery[ type || "attr" ]( this[0], name ); - - else { - options = {}; - options[ name ] = value; - } - - // Check to see if we're setting style values - return this.each(function(i){ - // Set all the styles - for ( name in options ) - jQuery.attr( - type ? - this.style : - this, - name, jQuery.prop( this, options[ name ], type, i, name ) - ); - }); - }, - - css: function( key, value ) { - // ignore negative width and height values - if ( (key == 'width' || key == 'height') && parseFloat(value) < 0 ) - value = undefined; - return this.attr( key, value, "curCSS" ); - }, - - text: function( text ) { - if ( typeof text !== "object" && text != null ) - return this.empty().append( (this[0] && this[0].ownerDocument || document).createTextNode( text ) ); - - var ret = ""; - - jQuery.each( text || this, function(){ - jQuery.each( this.childNodes, function(){ - if ( this.nodeType != 8 ) - ret += this.nodeType != 1 ? - this.nodeValue : - jQuery.fn.text( [ this ] ); - }); - }); - - return ret; - }, - - wrapAll: function( html ) { - if ( this[0] ) { - // The elements to wrap the target around - var wrap = jQuery( html, this[0].ownerDocument ).clone(); - - if ( this[0].parentNode ) - wrap.insertBefore( this[0] ); - - wrap.map(function(){ - var elem = this; - - while ( elem.firstChild ) - elem = elem.firstChild; - - return elem; - }).append(this); - } - - return this; - }, - - wrapInner: function( html ) { - return this.each(function(){ - jQuery( this ).contents().wrapAll( html ); - }); - }, - - wrap: function( html ) { - return this.each(function(){ - jQuery( this ).wrapAll( html ); - }); - }, - - append: function() { - return this.domManip(arguments, true, function(elem){ - if (this.nodeType == 1) - this.appendChild( elem ); - }); - }, - - prepend: function() { - return this.domManip(arguments, true, function(elem){ - if (this.nodeType == 1) - this.insertBefore( elem, this.firstChild ); - }); - }, - - before: function() { - return this.domManip(arguments, false, function(elem){ - this.parentNode.insertBefore( elem, this ); - }); - }, - - after: function() { - return this.domManip(arguments, false, function(elem){ - this.parentNode.insertBefore( elem, this.nextSibling ); - }); - }, - - end: function() { - return this.prevObject || jQuery( [] ); - }, - - // For internal use only. - // Behaves like an Array's method, not like a jQuery method. - push: [].push, - sort: [].sort, - splice: [].splice, - - find: function( selector ) { - if ( this.length === 1 ) { - var ret = this.pushStack( [], "find", selector ); - ret.length = 0; - jQuery.find( selector, this[0], ret ); - return ret; - } else { - return this.pushStack( jQuery.unique(jQuery.map(this, function(elem){ - return jQuery.find( selector, elem ); - })), "find", selector ); - } - }, - - clone: function( events ) { - // Do the clone - var ret = this.map(function(){ - if ( !jQuery.support.noCloneEvent && !jQuery.isXMLDoc(this) ) { - // IE copies events bound via attachEvent when - // using cloneNode. Calling detachEvent on the - // clone will also remove the events from the orignal - // In order to get around this, we use innerHTML. - // Unfortunately, this means some modifications to - // attributes in IE that are actually only stored - // as properties will not be copied (such as the - // the name attribute on an input). - var html = this.outerHTML; - if ( !html ) { - var div = this.ownerDocument.createElement("div"); - div.appendChild( this.cloneNode(true) ); - html = div.innerHTML; - } - - return jQuery.clean([html.replace(/ jQuery\d+="(?:\d+|null)"/g, "").replace(/^\s*/, "")])[0]; - } else - return this.cloneNode(true); - }); - - // Copy the events from the original to the clone - if ( events === true ) { - var orig = this.find("*").andSelf(), i = 0; - - ret.find("*").andSelf().each(function(){ - if ( this.nodeName !== orig[i].nodeName ) - return; - - var events = jQuery.data( orig[i], "events" ); - - for ( var type in events ) { - for ( var handler in events[ type ] ) { - jQuery.event.add( this, type, events[ type ][ handler ], events[ type ][ handler ].data ); - } - } - - i++; - }); - } - - // Return the cloned set - return ret; - }, - - filter: function( selector ) { - return this.pushStack( - jQuery.isFunction( selector ) && - jQuery.grep(this, function(elem, i){ - return selector.call( elem, i ); - }) || - - jQuery.multiFilter( selector, jQuery.grep(this, function(elem){ - return elem.nodeType === 1; - }) ), "filter", selector ); - }, - - closest: function( selector ) { - var pos = jQuery.expr.match.POS.test( selector ) ? jQuery(selector) : null, - closer = 0; - - return this.map(function(){ - var cur = this; - while ( cur && cur.ownerDocument ) { - if ( pos ? pos.index(cur) > -1 : jQuery(cur).is(selector) ) { - jQuery.data(cur, "closest", closer); - return cur; - } - cur = cur.parentNode; - closer++; - } - }); - }, - - not: function( selector ) { - if ( typeof selector === "string" ) - // test special case where just one selector is passed in - if ( isSimple.test( selector ) ) - return this.pushStack( jQuery.multiFilter( selector, this, true ), "not", selector ); - else - selector = jQuery.multiFilter( selector, this ); - - var isArrayLike = selector.length && selector[selector.length - 1] !== undefined && !selector.nodeType; - return this.filter(function() { - return isArrayLike ? jQuery.inArray( this, selector ) < 0 : this != selector; - }); - }, - - add: function( selector ) { - return this.pushStack( jQuery.unique( jQuery.merge( - this.get(), - typeof selector === "string" ? - jQuery( selector ) : - jQuery.makeArray( selector ) - ))); - }, - - is: function( selector ) { - return !!selector && jQuery.multiFilter( selector, this ).length > 0; - }, - - hasClass: function( selector ) { - return !!selector && this.is( "." + selector ); - }, - - val: function( value ) { - if ( value === undefined ) { - var elem = this[0]; - - if ( elem ) { - if( jQuery.nodeName( elem, 'option' ) ) - return (elem.attributes.value || {}).specified ? elem.value : elem.text; - - // We need to handle select boxes special - if ( jQuery.nodeName( elem, "select" ) ) { - var index = elem.selectedIndex, - values = [], - options = elem.options, - one = elem.type == "select-one"; - - // Nothing was selected - if ( index < 0 ) - return null; - - // Loop through all the selected options - for ( var i = one ? index : 0, max = one ? index + 1 : options.length; i < max; i++ ) { - var option = options[ i ]; - - if ( option.selected ) { - // Get the specifc value for the option - value = jQuery(option).val(); - - // We don't need an array for one selects - if ( one ) - return value; - - // Multi-Selects return an array - values.push( value ); - } - } - - return values; - } - - // Everything else, we just grab the value - return (elem.value || "").replace(/\r/g, ""); - - } - - return undefined; - } - - if ( typeof value === "number" ) - value += ''; - - return this.each(function(){ - if ( this.nodeType != 1 ) - return; - - if ( jQuery.isArray(value) && /radio|checkbox/.test( this.type ) ) - this.checked = (jQuery.inArray(this.value, value) >= 0 || - jQuery.inArray(this.name, value) >= 0); - - else if ( jQuery.nodeName( this, "select" ) ) { - var values = jQuery.makeArray(value); - - jQuery( "option", this ).each(function(){ - this.selected = (jQuery.inArray( this.value, values ) >= 0 || - jQuery.inArray( this.text, values ) >= 0); - }); - - if ( !values.length ) - this.selectedIndex = -1; - - } else - this.value = value; - }); - }, - - html: function( value ) { - return value === undefined ? - (this[0] ? - this[0].innerHTML.replace(/ jQuery\d+="(?:\d+|null)"/g, "") : - null) : - this.empty().append( value ); - }, - - replaceWith: function( value ) { - return this.after( value ).remove(); - }, - - eq: function( i ) { - return this.slice( i, +i + 1 ); - }, - - slice: function() { - return this.pushStack( Array.prototype.slice.apply( this, arguments ), - "slice", Array.prototype.slice.call(arguments).join(",") ); - }, - - map: function( callback ) { - return this.pushStack( jQuery.map(this, function(elem, i){ - return callback.call( elem, i, elem ); - })); - }, - - andSelf: function() { - return this.add( this.prevObject ); - }, - - domManip: function( args, table, callback ) { - if ( this[0] ) { - var fragment = (this[0].ownerDocument || this[0]).createDocumentFragment(), - scripts = jQuery.clean( args, (this[0].ownerDocument || this[0]), fragment ), - first = fragment.firstChild; - - if ( first ) - for ( var i = 0, l = this.length; i < l; i++ ) - callback.call( root(this[i], first), this.length > 1 || i > 0 ? - fragment.cloneNode(true) : fragment ); - - if ( scripts ) - jQuery.each( scripts, evalScript ); - } - - return this; - - function root( elem, cur ) { - return table && jQuery.nodeName(elem, "table") && jQuery.nodeName(cur, "tr") ? - (elem.getElementsByTagName("tbody")[0] || - elem.appendChild(elem.ownerDocument.createElement("tbody"))) : - elem; - } - } -}; - -// Give the init function the jQuery prototype for later instantiation -jQuery.fn.init.prototype = jQuery.fn; - -function evalScript( i, elem ) { - if ( elem.src ) - jQuery.ajax({ - url: elem.src, - async: false, - dataType: "script" - }); - - else - jQuery.globalEval( elem.text || elem.textContent || elem.innerHTML || "" ); - - if ( elem.parentNode ) - elem.parentNode.removeChild( elem ); -} - -function now(){ - return +new Date; -} - -jQuery.extend = jQuery.fn.extend = function() { - // copy reference to target object - var target = arguments[0] || {}, i = 1, length = arguments.length, deep = false, options; - - // Handle a deep copy situation - if ( typeof target === "boolean" ) { - deep = target; - target = arguments[1] || {}; - // skip the boolean and the target - i = 2; - } - - // Handle case when target is a string or something (possible in deep copy) - if ( typeof target !== "object" && !jQuery.isFunction(target) ) - target = {}; - - // extend jQuery itself if only one argument is passed - if ( length == i ) { - target = this; - --i; - } - - for ( ; i < length; i++ ) - // Only deal with non-null/undefined values - if ( (options = arguments[ i ]) != null ) - // Extend the base object - for ( var name in options ) { - var src = target[ name ], copy = options[ name ]; - - // Prevent never-ending loop - if ( target === copy ) - continue; - - // Recurse if we're merging object values - if ( deep && copy && typeof copy === "object" && !copy.nodeType ) - target[ name ] = jQuery.extend( deep, - // Never move original objects, clone them - src || ( copy.length != null ? [ ] : { } ) - , copy ); - - // Don't bring in undefined values - else if ( copy !== undefined ) - target[ name ] = copy; - - } - - // Return the modified object - return target; -}; - -// exclude the following css properties to add px -var exclude = /z-?index|font-?weight|opacity|zoom|line-?height/i, - // cache defaultView - defaultView = document.defaultView || {}, - toString = Object.prototype.toString; - -jQuery.extend({ - noConflict: function( deep ) { - window.$ = _$; - - if ( deep ) - window.jQuery = _jQuery; - - return jQuery; - }, - - // See test/unit/core.js for details concerning isFunction. - // Since version 1.3, DOM methods and functions like alert - // aren't supported. They return false on IE (#2968). - isFunction: function( obj ) { - return toString.call(obj) === "[object Function]"; - }, - - isArray: function( obj ) { - return toString.call(obj) === "[object Array]"; - }, - - // check if an element is in a (or is an) XML document - isXMLDoc: function( elem ) { - return elem.nodeType === 9 && elem.documentElement.nodeName !== "HTML" || - !!elem.ownerDocument && jQuery.isXMLDoc( elem.ownerDocument ); - }, - - // Evalulates a script in a global context - globalEval: function( data ) { - if ( data && /\S/.test(data) ) { - // Inspired by code by Andrea Giammarchi - // http://webreflection.blogspot.com/2007/08/global-scope-evaluation-and-dom.html - var head = document.getElementsByTagName("head")[0] || document.documentElement, - script = document.createElement("script"); - - script.type = "text/javascript"; - if ( jQuery.support.scriptEval ) - script.appendChild( document.createTextNode( data ) ); - else - script.text = data; - - // Use insertBefore instead of appendChild to circumvent an IE6 bug. - // This arises when a base node is used (#2709). - head.insertBefore( script, head.firstChild ); - head.removeChild( script ); - } - }, - - nodeName: function( elem, name ) { - return elem.nodeName && elem.nodeName.toUpperCase() == name.toUpperCase(); - }, - - // args is for internal usage only - each: function( object, callback, args ) { - var name, i = 0, length = object.length; - - if ( args ) { - if ( length === undefined ) { - for ( name in object ) - if ( callback.apply( object[ name ], args ) === false ) - break; - } else - for ( ; i < length; ) - if ( callback.apply( object[ i++ ], args ) === false ) - break; - - // A special, fast, case for the most common use of each - } else { - if ( length === undefined ) { - for ( name in object ) - if ( callback.call( object[ name ], name, object[ name ] ) === false ) - break; - } else - for ( var value = object[0]; - i < length && callback.call( value, i, value ) !== false; value = object[++i] ){} - } - - return object; - }, - - prop: function( elem, value, type, i, name ) { - // Handle executable functions - if ( jQuery.isFunction( value ) ) - value = value.call( elem, i ); - - // Handle passing in a number to a CSS property - return typeof value === "number" && type == "curCSS" && !exclude.test( name ) ? - value + "px" : - value; - }, - - className: { - // internal only, use addClass("class") - add: function( elem, classNames ) { - jQuery.each((classNames || "").split(/\s+/), function(i, className){ - if ( elem.nodeType == 1 && !jQuery.className.has( elem.className, className ) ) - elem.className += (elem.className ? " " : "") + className; - }); - }, - - // internal only, use removeClass("class") - remove: function( elem, classNames ) { - if (elem.nodeType == 1) - elem.className = classNames !== undefined ? - jQuery.grep(elem.className.split(/\s+/), function(className){ - return !jQuery.className.has( classNames, className ); - }).join(" ") : - ""; - }, - - // internal only, use hasClass("class") - has: function( elem, className ) { - return elem && jQuery.inArray( className, (elem.className || elem).toString().split(/\s+/) ) > -1; - } - }, - - // A method for quickly swapping in/out CSS properties to get correct calculations - swap: function( elem, options, callback ) { - var old = {}; - // Remember the old values, and insert the new ones - for ( var name in options ) { - old[ name ] = elem.style[ name ]; - elem.style[ name ] = options[ name ]; - } - - callback.call( elem ); - - // Revert the old values - for ( var name in options ) - elem.style[ name ] = old[ name ]; - }, - - css: function( elem, name, force, extra ) { - if ( name == "width" || name == "height" ) { - var val, props = { position: "absolute", visibility: "hidden", display:"block" }, which = name == "width" ? [ "Left", "Right" ] : [ "Top", "Bottom" ]; - - function getWH() { - val = name == "width" ? elem.offsetWidth : elem.offsetHeight; - - if ( extra === "border" ) - return; - - jQuery.each( which, function() { - if ( !extra ) - val -= parseFloat(jQuery.curCSS( elem, "padding" + this, true)) || 0; - if ( extra === "margin" ) - val += parseFloat(jQuery.curCSS( elem, "margin" + this, true)) || 0; - else - val -= parseFloat(jQuery.curCSS( elem, "border" + this + "Width", true)) || 0; - }); - } - - if ( elem.offsetWidth !== 0 ) - getWH(); - else - jQuery.swap( elem, props, getWH ); - - return Math.max(0, Math.round(val)); - } - - return jQuery.curCSS( elem, name, force ); - }, - - curCSS: function( elem, name, force ) { - var ret, style = elem.style; - - // We need to handle opacity special in IE - if ( name == "opacity" && !jQuery.support.opacity ) { - ret = jQuery.attr( style, "opacity" ); - - return ret == "" ? - "1" : - ret; - } - - // Make sure we're using the right name for getting the float value - if ( name.match( /float/i ) ) - name = styleFloat; - - if ( !force && style && style[ name ] ) - ret = style[ name ]; - - else if ( defaultView.getComputedStyle ) { - - // Only "float" is needed here - if ( name.match( /float/i ) ) - name = "float"; - - name = name.replace( /([A-Z])/g, "-$1" ).toLowerCase(); - - var computedStyle = defaultView.getComputedStyle( elem, null ); - - if ( computedStyle ) - ret = computedStyle.getPropertyValue( name ); - - // We should always get a number back from opacity - if ( name == "opacity" && ret == "" ) - ret = "1"; - - } else if ( elem.currentStyle ) { - var camelCase = name.replace(/\-(\w)/g, function(all, letter){ - return letter.toUpperCase(); - }); - - ret = elem.currentStyle[ name ] || elem.currentStyle[ camelCase ]; - - // From the awesome hack by Dean Edwards - // http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 - - // If we're not dealing with a regular pixel number - // but a number that has a weird ending, we need to convert it to pixels - if ( !/^\d+(px)?$/i.test( ret ) && /^\d/.test( ret ) ) { - // Remember the original values - var left = style.left, rsLeft = elem.runtimeStyle.left; - - // Put in the new values to get a computed value out - elem.runtimeStyle.left = elem.currentStyle.left; - style.left = ret || 0; - ret = style.pixelLeft + "px"; - - // Revert the changed values - style.left = left; - elem.runtimeStyle.left = rsLeft; - } - } - - return ret; - }, - - clean: function( elems, context, fragment ) { - context = context || document; - - // !context.createElement fails in IE with an error but returns typeof 'object' - if ( typeof context.createElement === "undefined" ) - context = context.ownerDocument || context[0] && context[0].ownerDocument || document; - - // If a single string is passed in and it's a single tag - // just do a createElement and skip the rest - if ( !fragment && elems.length === 1 && typeof elems[0] === "string" ) { - var match = /^<(\w+)\s*\/?>$/.exec(elems[0]); - if ( match ) - return [ context.createElement( match[1] ) ]; - } - - var ret = [], scripts = [], div = context.createElement("div"); - - jQuery.each(elems, function(i, elem){ - if ( typeof elem === "number" ) - elem += ''; - - if ( !elem ) - return; - - // Convert html string into DOM nodes - if ( typeof elem === "string" ) { - // Fix "XHTML"-style tags in all browsers - elem = elem.replace(/(<(\w+)[^>]*?)\/>/g, function(all, front, tag){ - return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i) ? - all : - front + "></" + tag + ">"; - }); - - // Trim whitespace, otherwise indexOf won't work as expected - var tags = elem.replace(/^\s+/, "").substring(0, 10).toLowerCase(); - - var wrap = - // option or optgroup - !tags.indexOf("<opt") && - [ 1, "<select multiple='multiple'>", "</select>" ] || - - !tags.indexOf("<leg") && - [ 1, "<fieldset>", "</fieldset>" ] || - - tags.match(/^<(thead|tbody|tfoot|colg|cap)/) && - [ 1, "<table>", "</table>" ] || - - !tags.indexOf("<tr") && - [ 2, "<table><tbody>", "</tbody></table>" ] || - - // <thead> matched above - (!tags.indexOf("<td") || !tags.indexOf("<th")) && - [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ] || - - !tags.indexOf("<col") && - [ 2, "<table><tbody></tbody><colgroup>", "</colgroup></table>" ] || - - // IE can't serialize <link> and <script> tags normally - !jQuery.support.htmlSerialize && - [ 1, "div<div>", "</div>" ] || - - [ 0, "", "" ]; - - // Go to html and back, then peel off extra wrappers - div.innerHTML = wrap[1] + elem + wrap[2]; - - // Move to the right depth - while ( wrap[0]-- ) - div = div.lastChild; - - // Remove IE's autoinserted <tbody> from table fragments - if ( !jQuery.support.tbody ) { - - // String was a <table>, *may* have spurious <tbody> - var hasBody = /<tbody/i.test(elem), - tbody = !tags.indexOf("<table") && !hasBody ? - div.firstChild && div.firstChild.childNodes : - - // String was a bare <thead> or <tfoot> - wrap[1] == "<table>" && !hasBody ? - div.childNodes : - []; - - for ( var j = tbody.length - 1; j >= 0 ; --j ) - if ( jQuery.nodeName( tbody[ j ], "tbody" ) && !tbody[ j ].childNodes.length ) - tbody[ j ].parentNode.removeChild( tbody[ j ] ); - - } - - // IE completely kills leading whitespace when innerHTML is used - if ( !jQuery.support.leadingWhitespace && /^\s/.test( elem ) ) - div.insertBefore( context.createTextNode( elem.match(/^\s*/)[0] ), div.firstChild ); - - elem = jQuery.makeArray( div.childNodes ); - } - - if ( elem.nodeType ) - ret.push( elem ); - else - ret = jQuery.merge( ret, elem ); - - }); - - if ( fragment ) { - for ( var i = 0; ret[i]; i++ ) { - if ( jQuery.nodeName( ret[i], "script" ) && (!ret[i].type || ret[i].type.toLowerCase() === "text/javascript") ) { - scripts.push( ret[i].parentNode ? ret[i].parentNode.removeChild( ret[i] ) : ret[i] ); - } else { - if ( ret[i].nodeType === 1 ) - ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script"))) ); - fragment.appendChild( ret[i] ); - } - } - - return scripts; - } - - return ret; - }, - - attr: function( elem, name, value ) { - // don't set attributes on text and comment nodes - if (!elem || elem.nodeType == 3 || elem.nodeType == 8) - return undefined; - - var notxml = !jQuery.isXMLDoc( elem ), - // Whether we are setting (or getting) - set = value !== undefined; - - // Try to normalize/fix the name - name = notxml && jQuery.props[ name ] || name; - - // Only do all the following if this is a node (faster for style) - // IE elem.getAttribute passes even for style - if ( elem.tagName ) { - - // These attributes require special treatment - var special = /href|src|style/.test( name ); - - // Safari mis-reports the default selected property of a hidden option - // Accessing the parent's selectedIndex property fixes it - if ( name == "selected" && elem.parentNode ) - elem.parentNode.selectedIndex; - - // If applicable, access the attribute via the DOM 0 way - if ( name in elem && notxml && !special ) { - if ( set ){ - // We can't allow the type property to be changed (since it causes problems in IE) - if ( name == "type" && jQuery.nodeName( elem, "input" ) && elem.parentNode ) - throw "type property can't be changed"; - - elem[ name ] = value; - } - - // browsers index elements by id/name on forms, give priority to attributes. - if( jQuery.nodeName( elem, "form" ) && elem.getAttributeNode(name) ) - return elem.getAttributeNode( name ).nodeValue; - - // elem.tabIndex doesn't always return the correct value when it hasn't been explicitly set - // http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ - if ( name == "tabIndex" ) { - var attributeNode = elem.getAttributeNode( "tabIndex" ); - return attributeNode && attributeNode.specified - ? attributeNode.value - : elem.nodeName.match(/(button|input|object|select|textarea)/i) - ? 0 - : elem.nodeName.match(/^(a|area)$/i) && elem.href - ? 0 - : undefined; - } - - return elem[ name ]; - } - - if ( !jQuery.support.style && notxml && name == "style" ) - return jQuery.attr( elem.style, "cssText", value ); - - if ( set ) - // convert the value to a string (all browsers do this but IE) see #1070 - elem.setAttribute( name, "" + value ); - - var attr = !jQuery.support.hrefNormalized && notxml && special - // Some attributes require a special call on IE - ? elem.getAttribute( name, 2 ) - : elem.getAttribute( name ); - - // Non-existent attributes return null, we normalize to undefined - return attr === null ? undefined : attr; - } - - // elem is actually elem.style ... set the style - - // IE uses filters for opacity - if ( !jQuery.support.opacity && name == "opacity" ) { - if ( set ) { - // IE has trouble with opacity if it does not have layout - // Force it by setting the zoom level - elem.zoom = 1; - - // Set the alpha filter to set the opacity - elem.filter = (elem.filter || "").replace( /alpha\([^)]*\)/, "" ) + - (parseInt( value ) + '' == "NaN" ? "" : "alpha(opacity=" + value * 100 + ")"); - } - - return elem.filter && elem.filter.indexOf("opacity=") >= 0 ? - (parseFloat( elem.filter.match(/opacity=([^)]*)/)[1] ) / 100) + '': - ""; - } - - name = name.replace(/-([a-z])/ig, function(all, letter){ - return letter.toUpperCase(); - }); - - if ( set ) - elem[ name ] = value; - - return elem[ name ]; - }, - - trim: function( text ) { - return (text || "").replace( /^\s+|\s+$/g, "" ); - }, - - makeArray: function( array ) { - var ret = []; - - if( array != null ){ - var i = array.length; - // The window, strings (and functions) also have 'length' - if( i == null || typeof array === "string" || jQuery.isFunction(array) || array.setInterval ) - ret[0] = array; - else - while( i ) - ret[--i] = array[i]; - } - - return ret; - }, - - inArray: function( elem, array ) { - for ( var i = 0, length = array.length; i < length; i++ ) - // Use === because on IE, window == document - if ( array[ i ] === elem ) - return i; - - return -1; - }, - - merge: function( first, second ) { - // We have to loop this way because IE & Opera overwrite the length - // expando of getElementsByTagName - var i = 0, elem, pos = first.length; - // Also, we need to make sure that the correct elements are being returned - // (IE returns comment nodes in a '*' query) - if ( !jQuery.support.getAll ) { - while ( (elem = second[ i++ ]) != null ) - if ( elem.nodeType != 8 ) - first[ pos++ ] = elem; - - } else - while ( (elem = second[ i++ ]) != null ) - first[ pos++ ] = elem; - - return first; - }, - - unique: function( array ) { - var ret = [], done = {}; - - try { - - for ( var i = 0, length = array.length; i < length; i++ ) { - var id = jQuery.data( array[ i ] ); - - if ( !done[ id ] ) { - done[ id ] = true; - ret.push( array[ i ] ); - } - } - - } catch( e ) { - ret = array; - } - - return ret; - }, - - grep: function( elems, callback, inv ) { - var ret = []; - - // Go through the array, only saving the items - // that pass the validator function - for ( var i = 0, length = elems.length; i < length; i++ ) - if ( !inv != !callback( elems[ i ], i ) ) - ret.push( elems[ i ] ); - - return ret; - }, - - map: function( elems, callback ) { - var ret = []; - - // Go through the array, translating each of the items to their - // new value (or values). - for ( var i = 0, length = elems.length; i < length; i++ ) { - var value = callback( elems[ i ], i ); - - if ( value != null ) - ret[ ret.length ] = value; - } - - return ret.concat.apply( [], ret ); - } -}); - -// Use of jQuery.browser is deprecated. -// It's included for backwards compatibility and plugins, -// although they should work to migrate away. - -var userAgent = navigator.userAgent.toLowerCase(); - -// Figure out what browser is being used -jQuery.browser = { - version: (userAgent.match( /.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/ ) || [0,'0'])[1], - safari: /webkit/.test( userAgent ), - opera: /opera/.test( userAgent ), - msie: /msie/.test( userAgent ) && !/opera/.test( userAgent ), - mozilla: /mozilla/.test( userAgent ) && !/(compatible|webkit)/.test( userAgent ) -}; - -jQuery.each({ - parent: function(elem){return elem.parentNode;}, - parents: function(elem){return jQuery.dir(elem,"parentNode");}, - next: function(elem){return jQuery.nth(elem,2,"nextSibling");}, - prev: function(elem){return jQuery.nth(elem,2,"previousSibling");}, - nextAll: function(elem){return jQuery.dir(elem,"nextSibling");}, - prevAll: function(elem){return jQuery.dir(elem,"previousSibling");}, - siblings: function(elem){return jQuery.sibling(elem.parentNode.firstChild,elem);}, - children: function(elem){return jQuery.sibling(elem.firstChild);}, - contents: function(elem){return jQuery.nodeName(elem,"iframe")?elem.contentDocument||elem.contentWindow.document:jQuery.makeArray(elem.childNodes);} -}, function(name, fn){ - jQuery.fn[ name ] = function( selector ) { - var ret = jQuery.map( this, fn ); - - if ( selector && typeof selector == "string" ) - ret = jQuery.multiFilter( selector, ret ); - - return this.pushStack( jQuery.unique( ret ), name, selector ); - }; -}); - -jQuery.each({ - appendTo: "append", - prependTo: "prepend", - insertBefore: "before", - insertAfter: "after", - replaceAll: "replaceWith" -}, function(name, original){ - jQuery.fn[ name ] = function( selector ) { - var ret = [], insert = jQuery( selector ); - - for ( var i = 0, l = insert.length; i < l; i++ ) { - var elems = (i > 0 ? this.clone(true) : this).get(); - jQuery.fn[ original ].apply( jQuery(insert[i]), elems ); - ret = ret.concat( elems ); - } - - return this.pushStack( ret, name, selector ); - }; -}); - -jQuery.each({ - removeAttr: function( name ) { - jQuery.attr( this, name, "" ); - if (this.nodeType == 1) - this.removeAttribute( name ); - }, - - addClass: function( classNames ) { - jQuery.className.add( this, classNames ); - }, - - removeClass: function( classNames ) { - jQuery.className.remove( this, classNames ); - }, - - toggleClass: function( classNames, state ) { - if( typeof state !== "boolean" ) - state = !jQuery.className.has( this, classNames ); - jQuery.className[ state ? "add" : "remove" ]( this, classNames ); - }, - - remove: function( selector ) { - if ( !selector || jQuery.filter( selector, [ this ] ).length ) { - // Prevent memory leaks - jQuery( "*", this ).add([this]).each(function(){ - jQuery.event.remove(this); - jQuery.removeData(this); - }); - if (this.parentNode) - this.parentNode.removeChild( this ); - } - }, - - empty: function() { - // Remove element nodes and prevent memory leaks - jQuery(this).children().remove(); - - // Remove any remaining nodes - while ( this.firstChild ) - this.removeChild( this.firstChild ); - } -}, function(name, fn){ - jQuery.fn[ name ] = function(){ - return this.each( fn, arguments ); - }; -}); - -// Helper function used by the dimensions and offset modules -function num(elem, prop) { - return elem[0] && parseInt( jQuery.curCSS(elem[0], prop, true), 10 ) || 0; -} -var expando = "jQuery" + now(), uuid = 0, windowData = {}; - -jQuery.extend({ - cache: {}, - - data: function( elem, name, data ) { - elem = elem == window ? - windowData : - elem; - - var id = elem[ expando ]; - - // Compute a unique ID for the element - if ( !id ) - id = elem[ expando ] = ++uuid; - - // Only generate the data cache if we're - // trying to access or manipulate it - if ( name && !jQuery.cache[ id ] ) - jQuery.cache[ id ] = {}; - - // Prevent overriding the named cache with undefined values - if ( data !== undefined ) - jQuery.cache[ id ][ name ] = data; - - // Return the named cache data, or the ID for the element - return name ? - jQuery.cache[ id ][ name ] : - id; - }, - - removeData: function( elem, name ) { - elem = elem == window ? - windowData : - elem; - - var id = elem[ expando ]; - - // If we want to remove a specific section of the element's data - if ( name ) { - if ( jQuery.cache[ id ] ) { - // Remove the section of cache data - delete jQuery.cache[ id ][ name ]; - - // If we've removed all the data, remove the element's cache - name = ""; - - for ( name in jQuery.cache[ id ] ) - break; - - if ( !name ) - jQuery.removeData( elem ); - } - - // Otherwise, we want to remove all of the element's data - } else { - // Clean up the element expando - try { - delete elem[ expando ]; - } catch(e){ - // IE has trouble directly removing the expando - // but it's ok with using removeAttribute - if ( elem.removeAttribute ) - elem.removeAttribute( expando ); - } - - // Completely remove the data cache - delete jQuery.cache[ id ]; - } - }, - queue: function( elem, type, data ) { - if ( elem ){ - - type = (type || "fx") + "queue"; - - var q = jQuery.data( elem, type ); - - if ( !q || jQuery.isArray(data) ) - q = jQuery.data( elem, type, jQuery.makeArray(data) ); - else if( data ) - q.push( data ); - - } - return q; - }, - - dequeue: function( elem, type ){ - var queue = jQuery.queue( elem, type ), - fn = queue.shift(); - - if( !type || type === "fx" ) - fn = queue[0]; - - if( fn !== undefined ) - fn.call(elem); - } -}); - -jQuery.fn.extend({ - data: function( key, value ){ - var parts = key.split("."); - parts[1] = parts[1] ? "." + parts[1] : ""; - - if ( value === undefined ) { - var data = this.triggerHandler("getData" + parts[1] + "!", [parts[0]]); - - if ( data === undefined && this.length ) - data = jQuery.data( this[0], key ); - - return data === undefined && parts[1] ? - this.data( parts[0] ) : - data; - } else - return this.trigger("setData" + parts[1] + "!", [parts[0], value]).each(function(){ - jQuery.data( this, key, value ); - }); - }, - - removeData: function( key ){ - return this.each(function(){ - jQuery.removeData( this, key ); - }); - }, - queue: function(type, data){ - if ( typeof type !== "string" ) { - data = type; - type = "fx"; - } - - if ( data === undefined ) - return jQuery.queue( this[0], type ); - - return this.each(function(){ - var queue = jQuery.queue( this, type, data ); - - if( type == "fx" && queue.length == 1 ) - queue[0].call(this); - }); - }, - dequeue: function(type){ - return this.each(function(){ - jQuery.dequeue( this, type ); - }); - } -});/*! - * Sizzle CSS Selector Engine - v0.9.3 - * Copyright 2009, The Dojo Foundation - * Released under the MIT, BSD, and GPL Licenses. - * More information: http://sizzlejs.com/ - */ -(function(){ - -var chunker = /((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^[\]]*\]|['"][^'"]*['"]|[^[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?/g, - done = 0, - toString = Object.prototype.toString; - -var Sizzle = function(selector, context, results, seed) { - results = results || []; - context = context || document; - - if ( context.nodeType !== 1 && context.nodeType !== 9 ) - return []; - - if ( !selector || typeof selector !== "string" ) { - return results; - } - - var parts = [], m, set, checkSet, check, mode, extra, prune = true; - - // Reset the position of the chunker regexp (start from head) - chunker.lastIndex = 0; - - while ( (m = chunker.exec(selector)) !== null ) { - parts.push( m[1] ); - - if ( m[2] ) { - extra = RegExp.rightContext; - break; - } - } - - if ( parts.length > 1 && origPOS.exec( selector ) ) { - if ( parts.length === 2 && Expr.relative[ parts[0] ] ) { - set = posProcess( parts[0] + parts[1], context ); - } else { - set = Expr.relative[ parts[0] ] ? - [ context ] : - Sizzle( parts.shift(), context ); - - while ( parts.length ) { - selector = parts.shift(); - - if ( Expr.relative[ selector ] ) - selector += parts.shift(); - - set = posProcess( selector, set ); - } - } - } else { - var ret = seed ? - { expr: parts.pop(), set: makeArray(seed) } : - Sizzle.find( parts.pop(), parts.length === 1 && context.parentNode ? context.parentNode : context, isXML(context) ); - set = Sizzle.filter( ret.expr, ret.set ); - - if ( parts.length > 0 ) { - checkSet = makeArray(set); - } else { - prune = false; - } - - while ( parts.length ) { - var cur = parts.pop(), pop = cur; - - if ( !Expr.relative[ cur ] ) { - cur = ""; - } else { - pop = parts.pop(); - } - - if ( pop == null ) { - pop = context; - } - - Expr.relative[ cur ]( checkSet, pop, isXML(context) ); - } - } - - if ( !checkSet ) { - checkSet = set; - } - - if ( !checkSet ) { - throw "Syntax error, unrecognized expression: " + (cur || selector); - } - - if ( toString.call(checkSet) === "[object Array]" ) { - if ( !prune ) { - results.push.apply( results, checkSet ); - } else if ( context.nodeType === 1 ) { - for ( var i = 0; checkSet[i] != null; i++ ) { - if ( checkSet[i] && (checkSet[i] === true || checkSet[i].nodeType === 1 && contains(context, checkSet[i])) ) { - results.push( set[i] ); - } - } - } else { - for ( var i = 0; checkSet[i] != null; i++ ) { - if ( checkSet[i] && checkSet[i].nodeType === 1 ) { - results.push( set[i] ); - } - } - } - } else { - makeArray( checkSet, results ); - } - - if ( extra ) { - Sizzle( extra, context, results, seed ); - - if ( sortOrder ) { - hasDuplicate = false; - results.sort(sortOrder); - - if ( hasDuplicate ) { - for ( var i = 1; i < results.length; i++ ) { - if ( results[i] === results[i-1] ) { - results.splice(i--, 1); - } - } - } - } - } - - return results; -}; - -Sizzle.matches = function(expr, set){ - return Sizzle(expr, null, null, set); -}; - -Sizzle.find = function(expr, context, isXML){ - var set, match; - - if ( !expr ) { - return []; - } - - for ( var i = 0, l = Expr.order.length; i < l; i++ ) { - var type = Expr.order[i], match; - - if ( (match = Expr.match[ type ].exec( expr )) ) { - var left = RegExp.leftContext; - - if ( left.substr( left.length - 1 ) !== "\\" ) { - match[1] = (match[1] || "").replace(/\\/g, ""); - set = Expr.find[ type ]( match, context, isXML ); - if ( set != null ) { - expr = expr.replace( Expr.match[ type ], "" ); - break; - } - } - } - } - - if ( !set ) { - set = context.getElementsByTagName("*"); - } - - return {set: set, expr: expr}; -}; - -Sizzle.filter = function(expr, set, inplace, not){ - var old = expr, result = [], curLoop = set, match, anyFound, - isXMLFilter = set && set[0] && isXML(set[0]); - - while ( expr && set.length ) { - for ( var type in Expr.filter ) { - if ( (match = Expr.match[ type ].exec( expr )) != null ) { - var filter = Expr.filter[ type ], found, item; - anyFound = false; - - if ( curLoop == result ) { - result = []; - } - - if ( Expr.preFilter[ type ] ) { - match = Expr.preFilter[ type ]( match, curLoop, inplace, result, not, isXMLFilter ); - - if ( !match ) { - anyFound = found = true; - } else if ( match === true ) { - continue; - } - } - - if ( match ) { - for ( var i = 0; (item = curLoop[i]) != null; i++ ) { - if ( item ) { - found = filter( item, match, i, curLoop ); - var pass = not ^ !!found; - - if ( inplace && found != null ) { - if ( pass ) { - anyFound = true; - } else { - curLoop[i] = false; - } - } else if ( pass ) { - result.push( item ); - anyFound = true; - } - } - } - } - - if ( found !== undefined ) { - if ( !inplace ) { - curLoop = result; - } - - expr = expr.replace( Expr.match[ type ], "" ); - - if ( !anyFound ) { - return []; - } - - break; - } - } - } - - // Improper expression - if ( expr == old ) { - if ( anyFound == null ) { - throw "Syntax error, unrecognized expression: " + expr; - } else { - break; - } - } - - old = expr; - } - - return curLoop; -}; - -var Expr = Sizzle.selectors = { - order: [ "ID", "NAME", "TAG" ], - match: { - ID: /#((?:[\w\u00c0-\uFFFF_-]|\\.)+)/, - CLASS: /\.((?:[\w\u00c0-\uFFFF_-]|\\.)+)/, - NAME: /\[name=['"]*((?:[\w\u00c0-\uFFFF_-]|\\.)+)['"]*\]/, - ATTR: /\[\s*((?:[\w\u00c0-\uFFFF_-]|\\.)+)\s*(?:(\S?=)\s*(['"]*)(.*?)\3|)\s*\]/, - TAG: /^((?:[\w\u00c0-\uFFFF\*_-]|\\.)+)/, - CHILD: /:(only|nth|last|first)-child(?:\((even|odd|[\dn+-]*)\))?/, - POS: /:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^-]|$)/, - PSEUDO: /:((?:[\w\u00c0-\uFFFF_-]|\\.)+)(?:\((['"]*)((?:\([^\)]+\)|[^\2\(\)]*)+)\2\))?/ - }, - attrMap: { - "class": "className", - "for": "htmlFor" - }, - attrHandle: { - href: function(elem){ - return elem.getAttribute("href"); - } - }, - relative: { - "+": function(checkSet, part, isXML){ - var isPartStr = typeof part === "string", - isTag = isPartStr && !/\W/.test(part), - isPartStrNotTag = isPartStr && !isTag; - - if ( isTag && !isXML ) { - part = part.toUpperCase(); - } - - for ( var i = 0, l = checkSet.length, elem; i < l; i++ ) { - if ( (elem = checkSet[i]) ) { - while ( (elem = elem.previousSibling) && elem.nodeType !== 1 ) {} - - checkSet[i] = isPartStrNotTag || elem && elem.nodeName === part ? - elem || false : - elem === part; - } - } - - if ( isPartStrNotTag ) { - Sizzle.filter( part, checkSet, true ); - } - }, - ">": function(checkSet, part, isXML){ - var isPartStr = typeof part === "string"; - - if ( isPartStr && !/\W/.test(part) ) { - part = isXML ? part : part.toUpperCase(); - - for ( var i = 0, l = checkSet.length; i < l; i++ ) { - var elem = checkSet[i]; - if ( elem ) { - var parent = elem.parentNode; - checkSet[i] = parent.nodeName === part ? parent : false; - } - } - } else { - for ( var i = 0, l = checkSet.length; i < l; i++ ) { - var elem = checkSet[i]; - if ( elem ) { - checkSet[i] = isPartStr ? - elem.parentNode : - elem.parentNode === part; - } - } - - if ( isPartStr ) { - Sizzle.filter( part, checkSet, true ); - } - } - }, - "": function(checkSet, part, isXML){ - var doneName = done++, checkFn = dirCheck; - - if ( !part.match(/\W/) ) { - var nodeCheck = part = isXML ? part : part.toUpperCase(); - checkFn = dirNodeCheck; - } - - checkFn("parentNode", part, doneName, checkSet, nodeCheck, isXML); - }, - "~": function(checkSet, part, isXML){ - var doneName = done++, checkFn = dirCheck; - - if ( typeof part === "string" && !part.match(/\W/) ) { - var nodeCheck = part = isXML ? part : part.toUpperCase(); - checkFn = dirNodeCheck; - } - - checkFn("previousSibling", part, doneName, checkSet, nodeCheck, isXML); - } - }, - find: { - ID: function(match, context, isXML){ - if ( typeof context.getElementById !== "undefined" && !isXML ) { - var m = context.getElementById(match[1]); - return m ? [m] : []; - } - }, - NAME: function(match, context, isXML){ - if ( typeof context.getElementsByName !== "undefined" ) { - var ret = [], results = context.getElementsByName(match[1]); - - for ( var i = 0, l = results.length; i < l; i++ ) { - if ( results[i].getAttribute("name") === match[1] ) { - ret.push( results[i] ); - } - } - - return ret.length === 0 ? null : ret; - } - }, - TAG: function(match, context){ - return context.getElementsByTagName(match[1]); - } - }, - preFilter: { - CLASS: function(match, curLoop, inplace, result, not, isXML){ - match = " " + match[1].replace(/\\/g, "") + " "; - - if ( isXML ) { - return match; - } - - for ( var i = 0, elem; (elem = curLoop[i]) != null; i++ ) { - if ( elem ) { - if ( not ^ (elem.className && (" " + elem.className + " ").indexOf(match) >= 0) ) { - if ( !inplace ) - result.push( elem ); - } else if ( inplace ) { - curLoop[i] = false; - } - } - } - - return false; - }, - ID: function(match){ - return match[1].replace(/\\/g, ""); - }, - TAG: function(match, curLoop){ - for ( var i = 0; curLoop[i] === false; i++ ){} - return curLoop[i] && isXML(curLoop[i]) ? match[1] : match[1].toUpperCase(); - }, - CHILD: function(match){ - if ( match[1] == "nth" ) { - // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' - var test = /(-?)(\d*)n((?:\+|-)?\d*)/.exec( - match[2] == "even" && "2n" || match[2] == "odd" && "2n+1" || - !/\D/.test( match[2] ) && "0n+" + match[2] || match[2]); - - // calculate the numbers (first)n+(last) including if they are negative - match[2] = (test[1] + (test[2] || 1)) - 0; - match[3] = test[3] - 0; - } - - // TODO: Move to normal caching system - match[0] = done++; - - return match; - }, - ATTR: function(match, curLoop, inplace, result, not, isXML){ - var name = match[1].replace(/\\/g, ""); - - if ( !isXML && Expr.attrMap[name] ) { - match[1] = Expr.attrMap[name]; - } - - if ( match[2] === "~=" ) { - match[4] = " " + match[4] + " "; - } - - return match; - }, - PSEUDO: function(match, curLoop, inplace, result, not){ - if ( match[1] === "not" ) { - // If we're dealing with a complex expression, or a simple one - if ( match[3].match(chunker).length > 1 || /^\w/.test(match[3]) ) { - match[3] = Sizzle(match[3], null, null, curLoop); - } else { - var ret = Sizzle.filter(match[3], curLoop, inplace, true ^ not); - if ( !inplace ) { - result.push.apply( result, ret ); - } - return false; - } - } else if ( Expr.match.POS.test( match[0] ) || Expr.match.CHILD.test( match[0] ) ) { - return true; - } - - return match; - }, - POS: function(match){ - match.unshift( true ); - return match; - } - }, - filters: { - enabled: function(elem){ - return elem.disabled === false && elem.type !== "hidden"; - }, - disabled: function(elem){ - return elem.disabled === true; - }, - checked: function(elem){ - return elem.checked === true; - }, - selected: function(elem){ - // Accessing this property makes selected-by-default - // options in Safari work properly - elem.parentNode.selectedIndex; - return elem.selected === true; - }, - parent: function(elem){ - return !!elem.firstChild; - }, - empty: function(elem){ - return !elem.firstChild; - }, - has: function(elem, i, match){ - return !!Sizzle( match[3], elem ).length; - }, - header: function(elem){ - return /h\d/i.test( elem.nodeName ); - }, - text: function(elem){ - return "text" === elem.type; - }, - radio: function(elem){ - return "radio" === elem.type; - }, - checkbox: function(elem){ - return "checkbox" === elem.type; - }, - file: function(elem){ - return "file" === elem.type; - }, - password: function(elem){ - return "password" === elem.type; - }, - submit: function(elem){ - return "submit" === elem.type; - }, - image: function(elem){ - return "image" === elem.type; - }, - reset: function(elem){ - return "reset" === elem.type; - }, - button: function(elem){ - return "button" === elem.type || elem.nodeName.toUpperCase() === "BUTTON"; - }, - input: function(elem){ - return /input|select|textarea|button/i.test(elem.nodeName); - } - }, - setFilters: { - first: function(elem, i){ - return i === 0; - }, - last: function(elem, i, match, array){ - return i === array.length - 1; - }, - even: function(elem, i){ - return i % 2 === 0; - }, - odd: function(elem, i){ - return i % 2 === 1; - }, - lt: function(elem, i, match){ - return i < match[3] - 0; - }, - gt: function(elem, i, match){ - return i > match[3] - 0; - }, - nth: function(elem, i, match){ - return match[3] - 0 == i; - }, - eq: function(elem, i, match){ - return match[3] - 0 == i; - } - }, - filter: { - PSEUDO: function(elem, match, i, array){ - var name = match[1], filter = Expr.filters[ name ]; - - if ( filter ) { - return filter( elem, i, match, array ); - } else if ( name === "contains" ) { - return (elem.textContent || elem.innerText || "").indexOf(match[3]) >= 0; - } else if ( name === "not" ) { - var not = match[3]; - - for ( var i = 0, l = not.length; i < l; i++ ) { - if ( not[i] === elem ) { - return false; - } - } - - return true; - } - }, - CHILD: function(elem, match){ - var type = match[1], node = elem; - switch (type) { - case 'only': - case 'first': - while (node = node.previousSibling) { - if ( node.nodeType === 1 ) return false; - } - if ( type == 'first') return true; - node = elem; - case 'last': - while (node = node.nextSibling) { - if ( node.nodeType === 1 ) return false; - } - return true; - case 'nth': - var first = match[2], last = match[3]; - - if ( first == 1 && last == 0 ) { - return true; - } - - var doneName = match[0], - parent = elem.parentNode; - - if ( parent && (parent.sizcache !== doneName || !elem.nodeIndex) ) { - var count = 0; - for ( node = parent.firstChild; node; node = node.nextSibling ) { - if ( node.nodeType === 1 ) { - node.nodeIndex = ++count; - } - } - parent.sizcache = doneName; - } - - var diff = elem.nodeIndex - last; - if ( first == 0 ) { - return diff == 0; - } else { - return ( diff % first == 0 && diff / first >= 0 ); - } - } - }, - ID: function(elem, match){ - return elem.nodeType === 1 && elem.getAttribute("id") === match; - }, - TAG: function(elem, match){ - return (match === "*" && elem.nodeType === 1) || elem.nodeName === match; - }, - CLASS: function(elem, match){ - return (" " + (elem.className || elem.getAttribute("class")) + " ") - .indexOf( match ) > -1; - }, - ATTR: function(elem, match){ - var name = match[1], - result = Expr.attrHandle[ name ] ? - Expr.attrHandle[ name ]( elem ) : - elem[ name ] != null ? - elem[ name ] : - elem.getAttribute( name ), - value = result + "", - type = match[2], - check = match[4]; - - return result == null ? - type === "!=" : - type === "=" ? - value === check : - type === "*=" ? - value.indexOf(check) >= 0 : - type === "~=" ? - (" " + value + " ").indexOf(check) >= 0 : - !check ? - value && result !== false : - type === "!=" ? - value != check : - type === "^=" ? - value.indexOf(check) === 0 : - type === "$=" ? - value.substr(value.length - check.length) === check : - type === "|=" ? - value === check || value.substr(0, check.length + 1) === check + "-" : - false; - }, - POS: function(elem, match, i, array){ - var name = match[2], filter = Expr.setFilters[ name ]; - - if ( filter ) { - return filter( elem, i, match, array ); - } - } - } -}; - -var origPOS = Expr.match.POS; - -for ( var type in Expr.match ) { - Expr.match[ type ] = RegExp( Expr.match[ type ].source + /(?![^\[]*\])(?![^\(]*\))/.source ); -} - -var makeArray = function(array, results) { - array = Array.prototype.slice.call( array ); - - if ( results ) { - results.push.apply( results, array ); - return results; - } - - return array; -}; - -// Perform a simple check to determine if the browser is capable of -// converting a NodeList to an array using builtin methods. -try { - Array.prototype.slice.call( document.documentElement.childNodes ); - -// Provide a fallback method if it does not work -} catch(e){ - makeArray = function(array, results) { - var ret = results || []; - - if ( toString.call(array) === "[object Array]" ) { - Array.prototype.push.apply( ret, array ); - } else { - if ( typeof array.length === "number" ) { - for ( var i = 0, l = array.length; i < l; i++ ) { - ret.push( array[i] ); - } - } else { - for ( var i = 0; array[i]; i++ ) { - ret.push( array[i] ); - } - } - } - - return ret; - }; -} - -var sortOrder; - -if ( document.documentElement.compareDocumentPosition ) { - sortOrder = function( a, b ) { - var ret = a.compareDocumentPosition(b) & 4 ? -1 : a === b ? 0 : 1; - if ( ret === 0 ) { - hasDuplicate = true; - } - return ret; - }; -} else if ( "sourceIndex" in document.documentElement ) { - sortOrder = function( a, b ) { - var ret = a.sourceIndex - b.sourceIndex; - if ( ret === 0 ) { - hasDuplicate = true; - } - return ret; - }; -} else if ( document.createRange ) { - sortOrder = function( a, b ) { - var aRange = a.ownerDocument.createRange(), bRange = b.ownerDocument.createRange(); - aRange.selectNode(a); - aRange.collapse(true); - bRange.selectNode(b); - bRange.collapse(true); - var ret = aRange.compareBoundaryPoints(Range.START_TO_END, bRange); - if ( ret === 0 ) { - hasDuplicate = true; - } - return ret; - }; -} - -// Check to see if the browser returns elements by name when -// querying by getElementById (and provide a workaround) -(function(){ - // We're going to inject a fake input element with a specified name - var form = document.createElement("form"), - id = "script" + (new Date).getTime(); - form.innerHTML = "<input name='" + id + "'/>"; - - // Inject it into the root element, check its status, and remove it quickly - var root = document.documentElement; - root.insertBefore( form, root.firstChild ); - - // The workaround has to do additional checks after a getElementById - // Which slows things down for other browsers (hence the branching) - if ( !!document.getElementById( id ) ) { - Expr.find.ID = function(match, context, isXML){ - if ( typeof context.getElementById !== "undefined" && !isXML ) { - var m = context.getElementById(match[1]); - return m ? m.id === match[1] || typeof m.getAttributeNode !== "undefined" && m.getAttributeNode("id").nodeValue === match[1] ? [m] : undefined : []; - } - }; - - Expr.filter.ID = function(elem, match){ - var node = typeof elem.getAttributeNode !== "undefined" && elem.getAttributeNode("id"); - return elem.nodeType === 1 && node && node.nodeValue === match; - }; - } - - root.removeChild( form ); -})(); - -(function(){ - // Check to see if the browser returns only elements - // when doing getElementsByTagName("*") - - // Create a fake element - var div = document.createElement("div"); - div.appendChild( document.createComment("") ); - - // Make sure no comments are found - if ( div.getElementsByTagName("*").length > 0 ) { - Expr.find.TAG = function(match, context){ - var results = context.getElementsByTagName(match[1]); - - // Filter out possible comments - if ( match[1] === "*" ) { - var tmp = []; - - for ( var i = 0; results[i]; i++ ) { - if ( results[i].nodeType === 1 ) { - tmp.push( results[i] ); - } - } - - results = tmp; - } - - return results; - }; - } - - // Check to see if an attribute returns normalized href attributes - div.innerHTML = "<a href='#'></a>"; - if ( div.firstChild && typeof div.firstChild.getAttribute !== "undefined" && - div.firstChild.getAttribute("href") !== "#" ) { - Expr.attrHandle.href = function(elem){ - return elem.getAttribute("href", 2); - }; - } -})(); - -if ( document.querySelectorAll ) (function(){ - var oldSizzle = Sizzle, div = document.createElement("div"); - div.innerHTML = "<p class='TEST'></p>"; - - // Safari can't handle uppercase or unicode characters when - // in quirks mode. - if ( div.querySelectorAll && div.querySelectorAll(".TEST").length === 0 ) { - return; - } - - Sizzle = function(query, context, extra, seed){ - context = context || document; - - // Only use querySelectorAll on non-XML documents - // (ID selectors don't work in non-HTML documents) - if ( !seed && context.nodeType === 9 && !isXML(context) ) { - try { - return makeArray( context.querySelectorAll(query), extra ); - } catch(e){} - } - - return oldSizzle(query, context, extra, seed); - }; - - Sizzle.find = oldSizzle.find; - Sizzle.filter = oldSizzle.filter; - Sizzle.selectors = oldSizzle.selectors; - Sizzle.matches = oldSizzle.matches; -})(); - -if ( document.getElementsByClassName && document.documentElement.getElementsByClassName ) (function(){ - var div = document.createElement("div"); - div.innerHTML = "<div class='test e'></div><div class='test'></div>"; - - // Opera can't find a second classname (in 9.6) - if ( div.getElementsByClassName("e").length === 0 ) - return; - - // Safari caches class attributes, doesn't catch changes (in 3.2) - div.lastChild.className = "e"; - - if ( div.getElementsByClassName("e").length === 1 ) - return; - - Expr.order.splice(1, 0, "CLASS"); - Expr.find.CLASS = function(match, context, isXML) { - if ( typeof context.getElementsByClassName !== "undefined" && !isXML ) { - return context.getElementsByClassName(match[1]); - } - }; -})(); - -function dirNodeCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { - var sibDir = dir == "previousSibling" && !isXML; - for ( var i = 0, l = checkSet.length; i < l; i++ ) { - var elem = checkSet[i]; - if ( elem ) { - if ( sibDir && elem.nodeType === 1 ){ - elem.sizcache = doneName; - elem.sizset = i; - } - elem = elem[dir]; - var match = false; - - while ( elem ) { - if ( elem.sizcache === doneName ) { - match = checkSet[elem.sizset]; - break; - } - - if ( elem.nodeType === 1 && !isXML ){ - elem.sizcache = doneName; - elem.sizset = i; - } - - if ( elem.nodeName === cur ) { - match = elem; - break; - } - - elem = elem[dir]; - } - - checkSet[i] = match; - } - } -} - -function dirCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { - var sibDir = dir == "previousSibling" && !isXML; - for ( var i = 0, l = checkSet.length; i < l; i++ ) { - var elem = checkSet[i]; - if ( elem ) { - if ( sibDir && elem.nodeType === 1 ) { - elem.sizcache = doneName; - elem.sizset = i; - } - elem = elem[dir]; - var match = false; - - while ( elem ) { - if ( elem.sizcache === doneName ) { - match = checkSet[elem.sizset]; - break; - } - - if ( elem.nodeType === 1 ) { - if ( !isXML ) { - elem.sizcache = doneName; - elem.sizset = i; - } - if ( typeof cur !== "string" ) { - if ( elem === cur ) { - match = true; - break; - } - - } else if ( Sizzle.filter( cur, [elem] ).length > 0 ) { - match = elem; - break; - } - } - - elem = elem[dir]; - } - - checkSet[i] = match; - } - } -} - -var contains = document.compareDocumentPosition ? function(a, b){ - return a.compareDocumentPosition(b) & 16; -} : function(a, b){ - return a !== b && (a.contains ? a.contains(b) : true); -}; - -var isXML = function(elem){ - return elem.nodeType === 9 && elem.documentElement.nodeName !== "HTML" || - !!elem.ownerDocument && isXML( elem.ownerDocument ); -}; - -var posProcess = function(selector, context){ - var tmpSet = [], later = "", match, - root = context.nodeType ? [context] : context; - - // Position selectors must be done after the filter - // And so must :not(positional) so we move all PSEUDOs to the end - while ( (match = Expr.match.PSEUDO.exec( selector )) ) { - later += match[0]; - selector = selector.replace( Expr.match.PSEUDO, "" ); - } - - selector = Expr.relative[selector] ? selector + "*" : selector; - - for ( var i = 0, l = root.length; i < l; i++ ) { - Sizzle( selector, root[i], tmpSet ); - } - - return Sizzle.filter( later, tmpSet ); -}; - -// EXPOSE -jQuery.find = Sizzle; -jQuery.filter = Sizzle.filter; -jQuery.expr = Sizzle.selectors; -jQuery.expr[":"] = jQuery.expr.filters; - -Sizzle.selectors.filters.hidden = function(elem){ - return elem.offsetWidth === 0 || elem.offsetHeight === 0; -}; - -Sizzle.selectors.filters.visible = function(elem){ - return elem.offsetWidth > 0 || elem.offsetHeight > 0; -}; - -Sizzle.selectors.filters.animated = function(elem){ - return jQuery.grep(jQuery.timers, function(fn){ - return elem === fn.elem; - }).length; -}; - -jQuery.multiFilter = function( expr, elems, not ) { - if ( not ) { - expr = ":not(" + expr + ")"; - } - - return Sizzle.matches(expr, elems); -}; - -jQuery.dir = function( elem, dir ){ - var matched = [], cur = elem[dir]; - while ( cur && cur != document ) { - if ( cur.nodeType == 1 ) - matched.push( cur ); - cur = cur[dir]; - } - return matched; -}; - -jQuery.nth = function(cur, result, dir, elem){ - result = result || 1; - var num = 0; - - for ( ; cur; cur = cur[dir] ) - if ( cur.nodeType == 1 && ++num == result ) - break; - - return cur; -}; - -jQuery.sibling = function(n, elem){ - var r = []; - - for ( ; n; n = n.nextSibling ) { - if ( n.nodeType == 1 && n != elem ) - r.push( n ); - } - - return r; -}; - -return; - -window.Sizzle = Sizzle; - -})(); -/* - * A number of helper functions used for managing events. - * Many of the ideas behind this code originated from - * Dean Edwards' addEvent library. - */ -jQuery.event = { - - // Bind an event to an element - // Original by Dean Edwards - add: function(elem, types, handler, data) { - if ( elem.nodeType == 3 || elem.nodeType == 8 ) - return; - - // For whatever reason, IE has trouble passing the window object - // around, causing it to be cloned in the process - if ( elem.setInterval && elem != window ) - elem = window; - - // Make sure that the function being executed has a unique ID - if ( !handler.guid ) - handler.guid = this.guid++; - - // if data is passed, bind to handler - if ( data !== undefined ) { - // Create temporary function pointer to original handler - var fn = handler; - - // Create unique handler function, wrapped around original handler - handler = this.proxy( fn ); - - // Store data in unique handler - handler.data = data; - } - - // Init the element's event structure - var events = jQuery.data(elem, "events") || jQuery.data(elem, "events", {}), - handle = jQuery.data(elem, "handle") || jQuery.data(elem, "handle", function(){ - // Handle the second event of a trigger and when - // an event is called after a page has unloaded - return typeof jQuery !== "undefined" && !jQuery.event.triggered ? - jQuery.event.handle.apply(arguments.callee.elem, arguments) : - undefined; - }); - // Add elem as a property of the handle function - // This is to prevent a memory leak with non-native - // event in IE. - handle.elem = elem; - - // Handle multiple events separated by a space - // jQuery(...).bind("mouseover mouseout", fn); - jQuery.each(types.split(/\s+/), function(index, type) { - // Namespaced event handlers - var namespaces = type.split("."); - type = namespaces.shift(); - handler.type = namespaces.slice().sort().join("."); - - // Get the current list of functions bound to this event - var handlers = events[type]; - - if ( jQuery.event.specialAll[type] ) - jQuery.event.specialAll[type].setup.call(elem, data, namespaces); - - // Init the event handler queue - if (!handlers) { - handlers = events[type] = {}; - - // Check for a special event handler - // Only use addEventListener/attachEvent if the special - // events handler returns false - if ( !jQuery.event.special[type] || jQuery.event.special[type].setup.call(elem, data, namespaces) === false ) { - // Bind the global event handler to the element - if (elem.addEventListener) - elem.addEventListener(type, handle, false); - else if (elem.attachEvent) - elem.attachEvent("on" + type, handle); - } - } - - // Add the function to the element's handler list - handlers[handler.guid] = handler; - - // Keep track of which events have been used, for global triggering - jQuery.event.global[type] = true; - }); - - // Nullify elem to prevent memory leaks in IE - elem = null; - }, - - guid: 1, - global: {}, - - // Detach an event or set of events from an element - remove: function(elem, types, handler) { - // don't do events on text and comment nodes - if ( elem.nodeType == 3 || elem.nodeType == 8 ) - return; - - var events = jQuery.data(elem, "events"), ret, index; - - if ( events ) { - // Unbind all events for the element - if ( types === undefined || (typeof types === "string" && types.charAt(0) == ".") ) - for ( var type in events ) - this.remove( elem, type + (types || "") ); - else { - // types is actually an event object here - if ( types.type ) { - handler = types.handler; - types = types.type; - } - - // Handle multiple events seperated by a space - // jQuery(...).unbind("mouseover mouseout", fn); - jQuery.each(types.split(/\s+/), function(index, type){ - // Namespaced event handlers - var namespaces = type.split("."); - type = namespaces.shift(); - var namespace = RegExp("(^|\\.)" + namespaces.slice().sort().join(".*\\.") + "(\\.|$)"); - - if ( events[type] ) { - // remove the given handler for the given type - if ( handler ) - delete events[type][handler.guid]; - - // remove all handlers for the given type - else - for ( var handle in events[type] ) - // Handle the removal of namespaced events - if ( namespace.test(events[type][handle].type) ) - delete events[type][handle]; - - if ( jQuery.event.specialAll[type] ) - jQuery.event.specialAll[type].teardown.call(elem, namespaces); - - // remove generic event handler if no more handlers exist - for ( ret in events[type] ) break; - if ( !ret ) { - if ( !jQuery.event.special[type] || jQuery.event.special[type].teardown.call(elem, namespaces) === false ) { - if (elem.removeEventListener) - elem.removeEventListener(type, jQuery.data(elem, "handle"), false); - else if (elem.detachEvent) - elem.detachEvent("on" + type, jQuery.data(elem, "handle")); - } - ret = null; - delete events[type]; - } - } - }); - } - - // Remove the expando if it's no longer used - for ( ret in events ) break; - if ( !ret ) { - var handle = jQuery.data( elem, "handle" ); - if ( handle ) handle.elem = null; - jQuery.removeData( elem, "events" ); - jQuery.removeData( elem, "handle" ); - } - } - }, - - // bubbling is internal - trigger: function( event, data, elem, bubbling ) { - // Event object or event type - var type = event.type || event; - - if( !bubbling ){ - event = typeof event === "object" ? - // jQuery.Event object - event[expando] ? event : - // Object literal - jQuery.extend( jQuery.Event(type), event ) : - // Just the event type (string) - jQuery.Event(type); - - if ( type.indexOf("!") >= 0 ) { - event.type = type = type.slice(0, -1); - event.exclusive = true; - } - - // Handle a global trigger - if ( !elem ) { - // Don't bubble custom events when global (to avoid too much overhead) - event.stopPropagation(); - // Only trigger if we've ever bound an event for it - if ( this.global[type] ) - jQuery.each( jQuery.cache, function(){ - if ( this.events && this.events[type] ) - jQuery.event.trigger( event, data, this.handle.elem ); - }); - } - - // Handle triggering a single element - - // don't do events on text and comment nodes - if ( !elem || elem.nodeType == 3 || elem.nodeType == 8 ) - return undefined; - - // Clean up in case it is reused - event.result = undefined; - event.target = elem; - - // Clone the incoming data, if any - data = jQuery.makeArray(data); - data.unshift( event ); - } - - event.currentTarget = elem; - - // Trigger the event, it is assumed that "handle" is a function - var handle = jQuery.data(elem, "handle"); - if ( handle ) - handle.apply( elem, data ); - - // Handle triggering native .onfoo handlers (and on links since we don't call .click() for links) - if ( (!elem[type] || (jQuery.nodeName(elem, 'a') && type == "click")) && elem["on"+type] && elem["on"+type].apply( elem, data ) === false ) - event.result = false; - - // Trigger the native events (except for clicks on links) - if ( !bubbling && elem[type] && !event.isDefaultPrevented() && !(jQuery.nodeName(elem, 'a') && type == "click") ) { - this.triggered = true; - try { - elem[ type ](); - // prevent IE from throwing an error for some hidden elements - } catch (e) {} - } - - this.triggered = false; - - if ( !event.isPropagationStopped() ) { - var parent = elem.parentNode || elem.ownerDocument; - if ( parent ) - jQuery.event.trigger(event, data, parent, true); - } - }, - - handle: function(event) { - // returned undefined or false - var all, handlers; - - event = arguments[0] = jQuery.event.fix( event || window.event ); - event.currentTarget = this; - - // Namespaced event handlers - var namespaces = event.type.split("."); - event.type = namespaces.shift(); - - // Cache this now, all = true means, any handler - all = !namespaces.length && !event.exclusive; - - var namespace = RegExp("(^|\\.)" + namespaces.slice().sort().join(".*\\.") + "(\\.|$)"); - - handlers = ( jQuery.data(this, "events") || {} )[event.type]; - - for ( var j in handlers ) { - var handler = handlers[j]; - - // Filter the functions by class - if ( all || namespace.test(handler.type) ) { - // Pass in a reference to the handler function itself - // So that we can later remove it - event.handler = handler; - event.data = handler.data; - - var ret = handler.apply(this, arguments); - - if( ret !== undefined ){ - event.result = ret; - if ( ret === false ) { - event.preventDefault(); - event.stopPropagation(); - } - } - - if( event.isImmediatePropagationStopped() ) - break; - - } - } - }, - - props: "altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode metaKey newValue originalTarget pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target toElement view wheelDelta which".split(" "), - - fix: function(event) { - if ( event[expando] ) - return event; - - // store a copy of the original event object - // and "clone" to set read-only properties - var originalEvent = event; - event = jQuery.Event( originalEvent ); - - for ( var i = this.props.length, prop; i; ){ - prop = this.props[ --i ]; - event[ prop ] = originalEvent[ prop ]; - } - - // Fix target property, if necessary - if ( !event.target ) - event.target = event.srcElement || document; // Fixes #1925 where srcElement might not be defined either - - // check if target is a textnode (safari) - if ( event.target.nodeType == 3 ) - event.target = event.target.parentNode; - - // Add relatedTarget, if necessary - if ( !event.relatedTarget && event.fromElement ) - event.relatedTarget = event.fromElement == event.target ? event.toElement : event.fromElement; - - // Calculate pageX/Y if missing and clientX/Y available - if ( event.pageX == null && event.clientX != null ) { - var doc = document.documentElement, body = document.body; - event.pageX = event.clientX + (doc && doc.scrollLeft || body && body.scrollLeft || 0) - (doc.clientLeft || 0); - event.pageY = event.clientY + (doc && doc.scrollTop || body && body.scrollTop || 0) - (doc.clientTop || 0); - } - - // Add which for key events - if ( !event.which && ((event.charCode || event.charCode === 0) ? event.charCode : event.keyCode) ) - event.which = event.charCode || event.keyCode; - - // Add metaKey to non-Mac browsers (use ctrl for PC's and Meta for Macs) - if ( !event.metaKey && event.ctrlKey ) - event.metaKey = event.ctrlKey; - - // Add which for click: 1 == left; 2 == middle; 3 == right - // Note: button is not normalized, so don't use it - if ( !event.which && event.button ) - event.which = (event.button & 1 ? 1 : ( event.button & 2 ? 3 : ( event.button & 4 ? 2 : 0 ) )); - - return event; - }, - - proxy: function( fn, proxy ){ - proxy = proxy || function(){ return fn.apply(this, arguments); }; - // Set the guid of unique handler to the same of original handler, so it can be removed - proxy.guid = fn.guid = fn.guid || proxy.guid || this.guid++; - // So proxy can be declared as an argument - return proxy; - }, - - special: { - ready: { - // Make sure the ready event is setup - setup: bindReady, - teardown: function() {} - } - }, - - specialAll: { - live: { - setup: function( selector, namespaces ){ - jQuery.event.add( this, namespaces[0], liveHandler ); - }, - teardown: function( namespaces ){ - if ( namespaces.length ) { - var remove = 0, name = RegExp("(^|\\.)" + namespaces[0] + "(\\.|$)"); - - jQuery.each( (jQuery.data(this, "events").live || {}), function(){ - if ( name.test(this.type) ) - remove++; - }); - - if ( remove < 1 ) - jQuery.event.remove( this, namespaces[0], liveHandler ); - } - } - } - } -}; - -jQuery.Event = function( src ){ - // Allow instantiation without the 'new' keyword - if( !this.preventDefault ) - return new jQuery.Event(src); - - // Event object - if( src && src.type ){ - this.originalEvent = src; - this.type = src.type; - // Event type - }else - this.type = src; - - // timeStamp is buggy for some events on Firefox(#3843) - // So we won't rely on the native value - this.timeStamp = now(); - - // Mark it as fixed - this[expando] = true; -}; - -function returnFalse(){ - return false; -} -function returnTrue(){ - return true; -} - -// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding -// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html -jQuery.Event.prototype = { - preventDefault: function() { - this.isDefaultPrevented = returnTrue; - - var e = this.originalEvent; - if( !e ) - return; - // if preventDefault exists run it on the original event - if (e.preventDefault) - e.preventDefault(); - // otherwise set the returnValue property of the original event to false (IE) - e.returnValue = false; - }, - stopPropagation: function() { - this.isPropagationStopped = returnTrue; - - var e = this.originalEvent; - if( !e ) - return; - // if stopPropagation exists run it on the original event - if (e.stopPropagation) - e.stopPropagation(); - // otherwise set the cancelBubble property of the original event to true (IE) - e.cancelBubble = true; - }, - stopImmediatePropagation:function(){ - this.isImmediatePropagationStopped = returnTrue; - this.stopPropagation(); - }, - isDefaultPrevented: returnFalse, - isPropagationStopped: returnFalse, - isImmediatePropagationStopped: returnFalse -}; -// Checks if an event happened on an element within another element -// Used in jQuery.event.special.mouseenter and mouseleave handlers -var withinElement = function(event) { - // Check if mouse(over|out) are still within the same parent element - var parent = event.relatedTarget; - // Traverse up the tree - while ( parent && parent != this ) - try { parent = parent.parentNode; } - catch(e) { parent = this; } - - if( parent != this ){ - // set the correct event type - event.type = event.data; - // handle event if we actually just moused on to a non sub-element - jQuery.event.handle.apply( this, arguments ); - } -}; - -jQuery.each({ - mouseover: 'mouseenter', - mouseout: 'mouseleave' -}, function( orig, fix ){ - jQuery.event.special[ fix ] = { - setup: function(){ - jQuery.event.add( this, orig, withinElement, fix ); - }, - teardown: function(){ - jQuery.event.remove( this, orig, withinElement ); - } - }; -}); - -jQuery.fn.extend({ - bind: function( type, data, fn ) { - return type == "unload" ? this.one(type, data, fn) : this.each(function(){ - jQuery.event.add( this, type, fn || data, fn && data ); - }); - }, - - one: function( type, data, fn ) { - var one = jQuery.event.proxy( fn || data, function(event) { - jQuery(this).unbind(event, one); - return (fn || data).apply( this, arguments ); - }); - return this.each(function(){ - jQuery.event.add( this, type, one, fn && data); - }); - }, - - unbind: function( type, fn ) { - return this.each(function(){ - jQuery.event.remove( this, type, fn ); - }); - }, - - trigger: function( type, data ) { - return this.each(function(){ - jQuery.event.trigger( type, data, this ); - }); - }, - - triggerHandler: function( type, data ) { - if( this[0] ){ - var event = jQuery.Event(type); - event.preventDefault(); - event.stopPropagation(); - jQuery.event.trigger( event, data, this[0] ); - return event.result; - } - }, - - toggle: function( fn ) { - // Save reference to arguments for access in closure - var args = arguments, i = 1; - - // link all the functions, so any of them can unbind this click handler - while( i < args.length ) - jQuery.event.proxy( fn, args[i++] ); - - return this.click( jQuery.event.proxy( fn, function(event) { - // Figure out which function to execute - this.lastToggle = ( this.lastToggle || 0 ) % i; - - // Make sure that clicks stop - event.preventDefault(); - - // and execute the function - return args[ this.lastToggle++ ].apply( this, arguments ) || false; - })); - }, - - hover: function(fnOver, fnOut) { - return this.mouseenter(fnOver).mouseleave(fnOut); - }, - - ready: function(fn) { - // Attach the listeners - bindReady(); - - // If the DOM is already ready - if ( jQuery.isReady ) - // Execute the function immediately - fn.call( document, jQuery ); - - // Otherwise, remember the function for later - else - // Add the function to the wait list - jQuery.readyList.push( fn ); - - return this; - }, - - live: function( type, fn ){ - var proxy = jQuery.event.proxy( fn ); - proxy.guid += this.selector + type; - - jQuery(document).bind( liveConvert(type, this.selector), this.selector, proxy ); - - return this; - }, - - die: function( type, fn ){ - jQuery(document).unbind( liveConvert(type, this.selector), fn ? { guid: fn.guid + this.selector + type } : null ); - return this; - } -}); - -function liveHandler( event ){ - var check = RegExp("(^|\\.)" + event.type + "(\\.|$)"), - stop = true, - elems = []; - - jQuery.each(jQuery.data(this, "events").live || [], function(i, fn){ - if ( check.test(fn.type) ) { - var elem = jQuery(event.target).closest(fn.data)[0]; - if ( elem ) - elems.push({ elem: elem, fn: fn }); - } - }); - - elems.sort(function(a,b) { - return jQuery.data(a.elem, "closest") - jQuery.data(b.elem, "closest"); - }); - - jQuery.each(elems, function(){ - if ( this.fn.call(this.elem, event, this.fn.data) === false ) - return (stop = false); - }); - - return stop; -} - -function liveConvert(type, selector){ - return ["live", type, selector.replace(/\./g, "`").replace(/ /g, "|")].join("."); -} - -jQuery.extend({ - isReady: false, - readyList: [], - // Handle when the DOM is ready - ready: function() { - // Make sure that the DOM is not already loaded - if ( !jQuery.isReady ) { - // Remember that the DOM is ready - jQuery.isReady = true; - - // If there are functions bound, to execute - if ( jQuery.readyList ) { - // Execute all of them - jQuery.each( jQuery.readyList, function(){ - this.call( document, jQuery ); - }); - - // Reset the list of functions - jQuery.readyList = null; - } - - // Trigger any bound ready events - jQuery(document).triggerHandler("ready"); - } - } -}); - -var readyBound = false; - -function bindReady(){ - if ( readyBound ) return; - readyBound = true; - - // Mozilla, Opera and webkit nightlies currently support this event - if ( document.addEventListener ) { - // Use the handy event callback - document.addEventListener( "DOMContentLoaded", function(){ - document.removeEventListener( "DOMContentLoaded", arguments.callee, false ); - jQuery.ready(); - }, false ); - - // If IE event model is used - } else if ( document.attachEvent ) { - // ensure firing before onload, - // maybe late but safe also for iframes - document.attachEvent("onreadystatechange", function(){ - if ( document.readyState === "complete" ) { - document.detachEvent( "onreadystatechange", arguments.callee ); - jQuery.ready(); - } - }); - - // If IE and not an iframe - // continually check to see if the document is ready - if ( document.documentElement.doScroll && window == window.top ) (function(){ - if ( jQuery.isReady ) return; - - try { - // If IE is used, use the trick by Diego Perini - // http://javascript.nwbox.com/IEContentLoaded/ - document.documentElement.doScroll("left"); - } catch( error ) { - setTimeout( arguments.callee, 0 ); - return; - } - - // and execute any waiting functions - jQuery.ready(); - })(); - } - - // A fallback to window.onload, that will always work - jQuery.event.add( window, "load", jQuery.ready ); -} - -jQuery.each( ("blur,focus,load,resize,scroll,unload,click,dblclick," + - "mousedown,mouseup,mousemove,mouseover,mouseout,mouseenter,mouseleave," + - "change,select,submit,keydown,keypress,keyup,error").split(","), function(i, name){ - - // Handle event binding - jQuery.fn[name] = function(fn){ - return fn ? this.bind(name, fn) : this.trigger(name); - }; -}); - -// Prevent memory leaks in IE -// And prevent errors on refresh with events like mouseover in other browsers -// Window isn't included so as not to unbind existing unload events -jQuery( window ).bind( 'unload', function(){ - for ( var id in jQuery.cache ) - // Skip the window - if ( id != 1 && jQuery.cache[ id ].handle ) - jQuery.event.remove( jQuery.cache[ id ].handle.elem ); -}); -(function(){ - - jQuery.support = {}; - - var root = document.documentElement, - script = document.createElement("script"), - div = document.createElement("div"), - id = "script" + (new Date).getTime(); - - div.style.display = "none"; - div.innerHTML = ' <link/><table></table><a href="/a" style="color:red;float:left;opacity:.5;">a</a><select><option>text</option></select><object><param/></object>'; - - var all = div.getElementsByTagName("*"), - a = div.getElementsByTagName("a")[0]; - - // Can't get basic test support - if ( !all || !all.length || !a ) { - return; - } - - jQuery.support = { - // IE strips leading whitespace when .innerHTML is used - leadingWhitespace: div.firstChild.nodeType == 3, - - // Make sure that tbody elements aren't automatically inserted - // IE will insert them into empty tables - tbody: !div.getElementsByTagName("tbody").length, - - // Make sure that you can get all elements in an <object> element - // IE 7 always returns no results - objectAll: !!div.getElementsByTagName("object")[0] - .getElementsByTagName("*").length, - - // Make sure that link elements get serialized correctly by innerHTML - // This requires a wrapper element in IE - htmlSerialize: !!div.getElementsByTagName("link").length, - - // Get the style information from getAttribute - // (IE uses .cssText insted) - style: /red/.test( a.getAttribute("style") ), - - // Make sure that URLs aren't manipulated - // (IE normalizes it by default) - hrefNormalized: a.getAttribute("href") === "/a", - - // Make sure that element opacity exists - // (IE uses filter instead) - opacity: a.style.opacity === "0.5", - - // Verify style float existence - // (IE uses styleFloat instead of cssFloat) - cssFloat: !!a.style.cssFloat, - - // Will be defined later - scriptEval: false, - noCloneEvent: true, - boxModel: null - }; - - script.type = "text/javascript"; - try { - script.appendChild( document.createTextNode( "window." + id + "=1;" ) ); - } catch(e){} - - root.insertBefore( script, root.firstChild ); - - // Make sure that the execution of code works by injecting a script - // tag with appendChild/createTextNode - // (IE doesn't support this, fails, and uses .text instead) - if ( window[ id ] ) { - jQuery.support.scriptEval = true; - delete window[ id ]; - } - - root.removeChild( script ); - - if ( div.attachEvent && div.fireEvent ) { - div.attachEvent("onclick", function(){ - // Cloning a node shouldn't copy over any - // bound event handlers (IE does this) - jQuery.support.noCloneEvent = false; - div.detachEvent("onclick", arguments.callee); - }); - div.cloneNode(true).fireEvent("onclick"); - } - - // Figure out if the W3C box model works as expected - // document.body must exist before we can do this - jQuery(function(){ - var div = document.createElement("div"); - div.style.width = div.style.paddingLeft = "1px"; - - document.body.appendChild( div ); - jQuery.boxModel = jQuery.support.boxModel = div.offsetWidth === 2; - document.body.removeChild( div ).style.display = 'none'; - }); -})(); - -var styleFloat = jQuery.support.cssFloat ? "cssFloat" : "styleFloat"; - -jQuery.props = { - "for": "htmlFor", - "class": "className", - "float": styleFloat, - cssFloat: styleFloat, - styleFloat: styleFloat, - readonly: "readOnly", - maxlength: "maxLength", - cellspacing: "cellSpacing", - rowspan: "rowSpan", - tabindex: "tabIndex" -}; -jQuery.fn.extend({ - // Keep a copy of the old load - _load: jQuery.fn.load, - - load: function( url, params, callback ) { - if ( typeof url !== "string" ) - return this._load( url ); - - var off = url.indexOf(" "); - if ( off >= 0 ) { - var selector = url.slice(off, url.length); - url = url.slice(0, off); - } - - // Default to a GET request - var type = "GET"; - - // If the second parameter was provided - if ( params ) - // If it's a function - if ( jQuery.isFunction( params ) ) { - // We assume that it's the callback - callback = params; - params = null; - - // Otherwise, build a param string - } else if( typeof params === "object" ) { - params = jQuery.param( params ); - type = "POST"; - } - - var self = this; - - // Request the remote document - jQuery.ajax({ - url: url, - type: type, - dataType: "html", - data: params, - complete: function(res, status){ - // If successful, inject the HTML into all the matched elements - if ( status == "success" || status == "notmodified" ) - // See if a selector was specified - self.html( selector ? - // Create a dummy div to hold the results - jQuery("<div/>") - // inject the contents of the document in, removing the scripts - // to avoid any 'Permission Denied' errors in IE - .append(res.responseText.replace(/<script(.|\s)*?\/script>/g, "")) - - // Locate the specified elements - .find(selector) : - - // If not, just inject the full result - res.responseText ); - - if( callback ) - self.each( callback, [res.responseText, status, res] ); - } - }); - return this; - }, - - serialize: function() { - return jQuery.param(this.serializeArray()); - }, - serializeArray: function() { - return this.map(function(){ - return this.elements ? jQuery.makeArray(this.elements) : this; - }) - .filter(function(){ - return this.name && !this.disabled && - (this.checked || /select|textarea/i.test(this.nodeName) || - /text|hidden|password|search/i.test(this.type)); - }) - .map(function(i, elem){ - var val = jQuery(this).val(); - return val == null ? null : - jQuery.isArray(val) ? - jQuery.map( val, function(val, i){ - return {name: elem.name, value: val}; - }) : - {name: elem.name, value: val}; - }).get(); - } -}); - -// Attach a bunch of functions for handling common AJAX events -jQuery.each( "ajaxStart,ajaxStop,ajaxComplete,ajaxError,ajaxSuccess,ajaxSend".split(","), function(i,o){ - jQuery.fn[o] = function(f){ - return this.bind(o, f); - }; -}); - -var jsc = now(); - -jQuery.extend({ - - get: function( url, data, callback, type ) { - // shift arguments if data argument was ommited - if ( jQuery.isFunction( data ) ) { - callback = data; - data = null; - } - - return jQuery.ajax({ - type: "GET", - url: url, - data: data, - success: callback, - dataType: type - }); - }, - - getScript: function( url, callback ) { - return jQuery.get(url, null, callback, "script"); - }, - - getJSON: function( url, data, callback ) { - return jQuery.get(url, data, callback, "json"); - }, - - post: function( url, data, callback, type ) { - if ( jQuery.isFunction( data ) ) { - callback = data; - data = {}; - } - - return jQuery.ajax({ - type: "POST", - url: url, - data: data, - success: callback, - dataType: type - }); - }, - - ajaxSetup: function( settings ) { - jQuery.extend( jQuery.ajaxSettings, settings ); - }, - - ajaxSettings: { - url: location.href, - global: true, - type: "GET", - contentType: "application/x-www-form-urlencoded", - processData: true, - async: true, - /* - timeout: 0, - data: null, - username: null, - password: null, - */ - // Create the request object; Microsoft failed to properly - // implement the XMLHttpRequest in IE7, so we use the ActiveXObject when it is available - // This function can be overriden by calling jQuery.ajaxSetup - xhr:function(){ - return window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest(); - }, - accepts: { - xml: "application/xml, text/xml", - html: "text/html", - script: "text/javascript, application/javascript", - json: "application/json, text/javascript", - text: "text/plain", - _default: "*/*" - } - }, - - // Last-Modified header cache for next request - lastModified: {}, - - ajax: function( s ) { - // Extend the settings, but re-extend 's' so that it can be - // checked again later (in the test suite, specifically) - s = jQuery.extend(true, s, jQuery.extend(true, {}, jQuery.ajaxSettings, s)); - - var jsonp, jsre = /=\?(&|$)/g, status, data, - type = s.type.toUpperCase(); - - // convert data if not already a string - if ( s.data && s.processData && typeof s.data !== "string" ) - s.data = jQuery.param(s.data); - - // Handle JSONP Parameter Callbacks - if ( s.dataType == "jsonp" ) { - if ( type == "GET" ) { - if ( !s.url.match(jsre) ) - s.url += (s.url.match(/\?/) ? "&" : "?") + (s.jsonp || "callback") + "=?"; - } else if ( !s.data || !s.data.match(jsre) ) - s.data = (s.data ? s.data + "&" : "") + (s.jsonp || "callback") + "=?"; - s.dataType = "json"; - } - - // Build temporary JSONP function - if ( s.dataType == "json" && (s.data && s.data.match(jsre) || s.url.match(jsre)) ) { - jsonp = "jsonp" + jsc++; - - // Replace the =? sequence both in the query string and the data - if ( s.data ) - s.data = (s.data + "").replace(jsre, "=" + jsonp + "$1"); - s.url = s.url.replace(jsre, "=" + jsonp + "$1"); - - // We need to make sure - // that a JSONP style response is executed properly - s.dataType = "script"; - - // Handle JSONP-style loading - window[ jsonp ] = function(tmp){ - data = tmp; - success(); - complete(); - // Garbage collect - window[ jsonp ] = undefined; - try{ delete window[ jsonp ]; } catch(e){} - if ( head ) - head.removeChild( script ); - }; - } - - if ( s.dataType == "script" && s.cache == null ) - s.cache = false; - - if ( s.cache === false && type == "GET" ) { - var ts = now(); - // try replacing _= if it is there - var ret = s.url.replace(/(\?|&)_=.*?(&|$)/, "$1_=" + ts + "$2"); - // if nothing was replaced, add timestamp to the end - s.url = ret + ((ret == s.url) ? (s.url.match(/\?/) ? "&" : "?") + "_=" + ts : ""); - } - - // If data is available, append data to url for get requests - if ( s.data && type == "GET" ) { - s.url += (s.url.match(/\?/) ? "&" : "?") + s.data; - - // IE likes to send both get and post data, prevent this - s.data = null; - } - - // Watch for a new set of requests - if ( s.global && ! jQuery.active++ ) - jQuery.event.trigger( "ajaxStart" ); - - // Matches an absolute URL, and saves the domain - var parts = /^(\w+:)?\/\/([^\/?#]+)/.exec( s.url ); - - // If we're requesting a remote document - // and trying to load JSON or Script with a GET - if ( s.dataType == "script" && type == "GET" && parts - && ( parts[1] && parts[1] != location.protocol || parts[2] != location.host )){ - - var head = document.getElementsByTagName("head")[0]; - var script = document.createElement("script"); - script.src = s.url; - if (s.scriptCharset) - script.charset = s.scriptCharset; - - // Handle Script loading - if ( !jsonp ) { - var done = false; - - // Attach handlers for all browsers - script.onload = script.onreadystatechange = function(){ - if ( !done && (!this.readyState || - this.readyState == "loaded" || this.readyState == "complete") ) { - done = true; - success(); - complete(); - - // Handle memory leak in IE - script.onload = script.onreadystatechange = null; - head.removeChild( script ); - } - }; - } - - head.appendChild(script); - - // We handle everything using the script element injection - return undefined; - } - - var requestDone = false; - - // Create the request object - var xhr = s.xhr(); - - // Open the socket - // Passing null username, generates a login popup on Opera (#2865) - if( s.username ) - xhr.open(type, s.url, s.async, s.username, s.password); - else - xhr.open(type, s.url, s.async); - - // Need an extra try/catch for cross domain requests in Firefox 3 - try { - // Set the correct header, if data is being sent - if ( s.data ) - xhr.setRequestHeader("Content-Type", s.contentType); - - // Set the If-Modified-Since header, if ifModified mode. - if ( s.ifModified ) - xhr.setRequestHeader("If-Modified-Since", - jQuery.lastModified[s.url] || "Thu, 01 Jan 1970 00:00:00 GMT" ); - - // Set header so the called script knows that it's an XMLHttpRequest - xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); - - // Set the Accepts header for the server, depending on the dataType - xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ? - s.accepts[ s.dataType ] + ", */*" : - s.accepts._default ); - } catch(e){} - - // Allow custom headers/mimetypes and early abort - if ( s.beforeSend && s.beforeSend(xhr, s) === false ) { - // Handle the global AJAX counter - if ( s.global && ! --jQuery.active ) - jQuery.event.trigger( "ajaxStop" ); - // close opended socket - xhr.abort(); - return false; - } - - if ( s.global ) - jQuery.event.trigger("ajaxSend", [xhr, s]); - - // Wait for a response to come back - var onreadystatechange = function(isTimeout){ - // The request was aborted, clear the interval and decrement jQuery.active - if (xhr.readyState == 0) { - if (ival) { - // clear poll interval - clearInterval(ival); - ival = null; - // Handle the global AJAX counter - if ( s.global && ! --jQuery.active ) - jQuery.event.trigger( "ajaxStop" ); - } - // The transfer is complete and the data is available, or the request timed out - } else if ( !requestDone && xhr && (xhr.readyState == 4 || isTimeout == "timeout") ) { - requestDone = true; - - // clear poll interval - if (ival) { - clearInterval(ival); - ival = null; - } - - status = isTimeout == "timeout" ? "timeout" : - !jQuery.httpSuccess( xhr ) ? "error" : - s.ifModified && jQuery.httpNotModified( xhr, s.url ) ? "notmodified" : - "success"; - - if ( status == "success" ) { - // Watch for, and catch, XML document parse errors - try { - // process the data (runs the xml through httpData regardless of callback) - data = jQuery.httpData( xhr, s.dataType, s ); - } catch(e) { - status = "parsererror"; - } - } - - // Make sure that the request was successful or notmodified - if ( status == "success" ) { - // Cache Last-Modified header, if ifModified mode. - var modRes; - try { - modRes = xhr.getResponseHeader("Last-Modified"); - } catch(e) {} // swallow exception thrown by FF if header is not available - - if ( s.ifModified && modRes ) - jQuery.lastModified[s.url] = modRes; - - // JSONP handles its own success callback - if ( !jsonp ) - success(); - } else - jQuery.handleError(s, xhr, status); - - // Fire the complete handlers - complete(); - - if ( isTimeout ) - xhr.abort(); - - // Stop memory leaks - if ( s.async ) - xhr = null; - } - }; - - if ( s.async ) { - // don't attach the handler to the request, just poll it instead - var ival = setInterval(onreadystatechange, 13); - - // Timeout checker - if ( s.timeout > 0 ) - setTimeout(function(){ - // Check to see if the request is still happening - if ( xhr && !requestDone ) - onreadystatechange( "timeout" ); - }, s.timeout); - } - - // Send the data - try { - xhr.send(s.data); - } catch(e) { - jQuery.handleError(s, xhr, null, e); - } - - // firefox 1.5 doesn't fire statechange for sync requests - if ( !s.async ) - onreadystatechange(); - - function success(){ - // If a local callback was specified, fire it and pass it the data - if ( s.success ) - s.success( data, status ); - - // Fire the global callback - if ( s.global ) - jQuery.event.trigger( "ajaxSuccess", [xhr, s] ); - } - - function complete(){ - // Process result - if ( s.complete ) - s.complete(xhr, status); - - // The request was completed - if ( s.global ) - jQuery.event.trigger( "ajaxComplete", [xhr, s] ); - - // Handle the global AJAX counter - if ( s.global && ! --jQuery.active ) - jQuery.event.trigger( "ajaxStop" ); - } - - // return XMLHttpRequest to allow aborting the request etc. - return xhr; - }, - - handleError: function( s, xhr, status, e ) { - // If a local callback was specified, fire it - if ( s.error ) s.error( xhr, status, e ); - - // Fire the global callback - if ( s.global ) - jQuery.event.trigger( "ajaxError", [xhr, s, e] ); - }, - - // Counter for holding the number of active queries - active: 0, - - // Determines if an XMLHttpRequest was successful or not - httpSuccess: function( xhr ) { - try { - // IE error sometimes returns 1223 when it should be 204 so treat it as success, see #1450 - return !xhr.status && location.protocol == "file:" || - ( xhr.status >= 200 && xhr.status < 300 ) || xhr.status == 304 || xhr.status == 1223; - } catch(e){} - return false; - }, - - // Determines if an XMLHttpRequest returns NotModified - httpNotModified: function( xhr, url ) { - try { - var xhrRes = xhr.getResponseHeader("Last-Modified"); - - // Firefox always returns 200. check Last-Modified date - return xhr.status == 304 || xhrRes == jQuery.lastModified[url]; - } catch(e){} - return false; - }, - - httpData: function( xhr, type, s ) { - var ct = xhr.getResponseHeader("content-type"), - xml = type == "xml" || !type && ct && ct.indexOf("xml") >= 0, - data = xml ? xhr.responseXML : xhr.responseText; - - if ( xml && data.documentElement.tagName == "parsererror" ) - throw "parsererror"; - - // Allow a pre-filtering function to sanitize the response - // s != null is checked to keep backwards compatibility - if( s && s.dataFilter ) - data = s.dataFilter( data, type ); - - // The filter can actually parse the response - if( typeof data === "string" ){ - - // If the type is "script", eval it in global context - if ( type == "script" ) - jQuery.globalEval( data ); - - // Get the JavaScript object, if JSON is used. - if ( type == "json" ) - data = window["eval"]("(" + data + ")"); - } - - return data; - }, - - // Serialize an array of form elements or a set of - // key/values into a query string - param: function( a ) { - var s = [ ]; - - function add( key, value ){ - s[ s.length ] = encodeURIComponent(key) + '=' + encodeURIComponent(value); - }; - - // If an array was passed in, assume that it is an array - // of form elements - if ( jQuery.isArray(a) || a.jquery ) - // Serialize the form elements - jQuery.each( a, function(){ - add( this.name, this.value ); - }); - - // Otherwise, assume that it's an object of key/value pairs - else - // Serialize the key/values - for ( var j in a ) - // If the value is an array then the key names need to be repeated - if ( jQuery.isArray(a[j]) ) - jQuery.each( a[j], function(){ - add( j, this ); - }); - else - add( j, jQuery.isFunction(a[j]) ? a[j]() : a[j] ); - - // Return the resulting serialization - return s.join("&").replace(/%20/g, "+"); - } - -}); -var elemdisplay = {}, - timerId, - fxAttrs = [ - // height animations - [ "height", "marginTop", "marginBottom", "paddingTop", "paddingBottom" ], - // width animations - [ "width", "marginLeft", "marginRight", "paddingLeft", "paddingRight" ], - // opacity animations - [ "opacity" ] - ]; - -function genFx( type, num ){ - var obj = {}; - jQuery.each( fxAttrs.concat.apply([], fxAttrs.slice(0,num)), function(){ - obj[ this ] = type; - }); - return obj; -} - -jQuery.fn.extend({ - show: function(speed,callback){ - if ( speed ) { - return this.animate( genFx("show", 3), speed, callback); - } else { - for ( var i = 0, l = this.length; i < l; i++ ){ - var old = jQuery.data(this[i], "olddisplay"); - - this[i].style.display = old || ""; - - if ( jQuery.css(this[i], "display") === "none" ) { - var tagName = this[i].tagName, display; - - if ( elemdisplay[ tagName ] ) { - display = elemdisplay[ tagName ]; - } else { - var elem = jQuery("<" + tagName + " />").appendTo("body"); - - display = elem.css("display"); - if ( display === "none" ) - display = "block"; - - elem.remove(); - - elemdisplay[ tagName ] = display; - } - - jQuery.data(this[i], "olddisplay", display); - } - } - - // Set the display of the elements in a second loop - // to avoid the constant reflow - for ( var i = 0, l = this.length; i < l; i++ ){ - this[i].style.display = jQuery.data(this[i], "olddisplay") || ""; - } - - return this; - } - }, - - hide: function(speed,callback){ - if ( speed ) { - return this.animate( genFx("hide", 3), speed, callback); - } else { - for ( var i = 0, l = this.length; i < l; i++ ){ - var old = jQuery.data(this[i], "olddisplay"); - if ( !old && old !== "none" ) - jQuery.data(this[i], "olddisplay", jQuery.css(this[i], "display")); - } - - // Set the display of the elements in a second loop - // to avoid the constant reflow - for ( var i = 0, l = this.length; i < l; i++ ){ - this[i].style.display = "none"; - } - - return this; - } - }, - - // Save the old toggle function - _toggle: jQuery.fn.toggle, - - toggle: function( fn, fn2 ){ - var bool = typeof fn === "boolean"; - - return jQuery.isFunction(fn) && jQuery.isFunction(fn2) ? - this._toggle.apply( this, arguments ) : - fn == null || bool ? - this.each(function(){ - var state = bool ? fn : jQuery(this).is(":hidden"); - jQuery(this)[ state ? "show" : "hide" ](); - }) : - this.animate(genFx("toggle", 3), fn, fn2); - }, - - fadeTo: function(speed,to,callback){ - return this.animate({opacity: to}, speed, callback); - }, - - animate: function( prop, speed, easing, callback ) { - var optall = jQuery.speed(speed, easing, callback); - - return this[ optall.queue === false ? "each" : "queue" ](function(){ - - var opt = jQuery.extend({}, optall), p, - hidden = this.nodeType == 1 && jQuery(this).is(":hidden"), - self = this; - - for ( p in prop ) { - if ( prop[p] == "hide" && hidden || prop[p] == "show" && !hidden ) - return opt.complete.call(this); - - if ( ( p == "height" || p == "width" ) && this.style ) { - // Store display property - opt.display = jQuery.css(this, "display"); - - // Make sure that nothing sneaks out - opt.overflow = this.style.overflow; - } - } - - if ( opt.overflow != null ) - this.style.overflow = "hidden"; - - opt.curAnim = jQuery.extend({}, prop); - - jQuery.each( prop, function(name, val){ - var e = new jQuery.fx( self, opt, name ); - - if ( /toggle|show|hide/.test(val) ) - e[ val == "toggle" ? hidden ? "show" : "hide" : val ]( prop ); - else { - var parts = val.toString().match(/^([+-]=)?([\d+-.]+)(.*)$/), - start = e.cur(true) || 0; - - if ( parts ) { - var end = parseFloat(parts[2]), - unit = parts[3] || "px"; - - // We need to compute starting value - if ( unit != "px" ) { - self.style[ name ] = (end || 1) + unit; - start = ((end || 1) / e.cur(true)) * start; - self.style[ name ] = start + unit; - } - - // If a +=/-= token was provided, we're doing a relative animation - if ( parts[1] ) - end = ((parts[1] == "-=" ? -1 : 1) * end) + start; - - e.custom( start, end, unit ); - } else - e.custom( start, val, "" ); - } - }); - - // For JS strict compliance - return true; - }); - }, - - stop: function(clearQueue, gotoEnd){ - var timers = jQuery.timers; - - if (clearQueue) - this.queue([]); - - this.each(function(){ - // go in reverse order so anything added to the queue during the loop is ignored - for ( var i = timers.length - 1; i >= 0; i-- ) - if ( timers[i].elem == this ) { - if (gotoEnd) - // force the next step to be the last - timers[i](true); - timers.splice(i, 1); - } - }); - - // start the next in the queue if the last step wasn't forced - if (!gotoEnd) - this.dequeue(); - - return this; - } - -}); - -// Generate shortcuts for custom animations -jQuery.each({ - slideDown: genFx("show", 1), - slideUp: genFx("hide", 1), - slideToggle: genFx("toggle", 1), - fadeIn: { opacity: "show" }, - fadeOut: { opacity: "hide" } -}, function( name, props ){ - jQuery.fn[ name ] = function( speed, callback ){ - return this.animate( props, speed, callback ); - }; -}); - -jQuery.extend({ - - speed: function(speed, easing, fn) { - var opt = typeof speed === "object" ? speed : { - complete: fn || !fn && easing || - jQuery.isFunction( speed ) && speed, - duration: speed, - easing: fn && easing || easing && !jQuery.isFunction(easing) && easing - }; - - opt.duration = jQuery.fx.off ? 0 : typeof opt.duration === "number" ? opt.duration : - jQuery.fx.speeds[opt.duration] || jQuery.fx.speeds._default; - - // Queueing - opt.old = opt.complete; - opt.complete = function(){ - if ( opt.queue !== false ) - jQuery(this).dequeue(); - if ( jQuery.isFunction( opt.old ) ) - opt.old.call( this ); - }; - - return opt; - }, - - easing: { - linear: function( p, n, firstNum, diff ) { - return firstNum + diff * p; - }, - swing: function( p, n, firstNum, diff ) { - return ((-Math.cos(p*Math.PI)/2) + 0.5) * diff + firstNum; - } - }, - - timers: [], - - fx: function( elem, options, prop ){ - this.options = options; - this.elem = elem; - this.prop = prop; - - if ( !options.orig ) - options.orig = {}; - } - -}); - -jQuery.fx.prototype = { - - // Simple function for setting a style value - update: function(){ - if ( this.options.step ) - this.options.step.call( this.elem, this.now, this ); - - (jQuery.fx.step[this.prop] || jQuery.fx.step._default)( this ); - - // Set display property to block for height/width animations - if ( ( this.prop == "height" || this.prop == "width" ) && this.elem.style ) - this.elem.style.display = "block"; - }, - - // Get the current size - cur: function(force){ - if ( this.elem[this.prop] != null && (!this.elem.style || this.elem.style[this.prop] == null) ) - return this.elem[ this.prop ]; - - var r = parseFloat(jQuery.css(this.elem, this.prop, force)); - return r && r > -10000 ? r : parseFloat(jQuery.curCSS(this.elem, this.prop)) || 0; - }, - - // Start an animation from one number to another - custom: function(from, to, unit){ - this.startTime = now(); - this.start = from; - this.end = to; - this.unit = unit || this.unit || "px"; - this.now = this.start; - this.pos = this.state = 0; - - var self = this; - function t(gotoEnd){ - return self.step(gotoEnd); - } - - t.elem = this.elem; - - if ( t() && jQuery.timers.push(t) && !timerId ) { - timerId = setInterval(function(){ - var timers = jQuery.timers; - - for ( var i = 0; i < timers.length; i++ ) - if ( !timers[i]() ) - timers.splice(i--, 1); - - if ( !timers.length ) { - clearInterval( timerId ); - timerId = undefined; - } - }, 13); - } - }, - - // Simple 'show' function - show: function(){ - // Remember where we started, so that we can go back to it later - this.options.orig[this.prop] = jQuery.attr( this.elem.style, this.prop ); - this.options.show = true; - - // Begin the animation - // Make sure that we start at a small width/height to avoid any - // flash of content - this.custom(this.prop == "width" || this.prop == "height" ? 1 : 0, this.cur()); - - // Start by showing the element - jQuery(this.elem).show(); - }, - - // Simple 'hide' function - hide: function(){ - // Remember where we started, so that we can go back to it later - this.options.orig[this.prop] = jQuery.attr( this.elem.style, this.prop ); - this.options.hide = true; - - // Begin the animation - this.custom(this.cur(), 0); - }, - - // Each step of an animation - step: function(gotoEnd){ - var t = now(); - - if ( gotoEnd || t >= this.options.duration + this.startTime ) { - this.now = this.end; - this.pos = this.state = 1; - this.update(); - - this.options.curAnim[ this.prop ] = true; - - var done = true; - for ( var i in this.options.curAnim ) - if ( this.options.curAnim[i] !== true ) - done = false; - - if ( done ) { - if ( this.options.display != null ) { - // Reset the overflow - this.elem.style.overflow = this.options.overflow; - - // Reset the display - this.elem.style.display = this.options.display; - if ( jQuery.css(this.elem, "display") == "none" ) - this.elem.style.display = "block"; - } - - // Hide the element if the "hide" operation was done - if ( this.options.hide ) - jQuery(this.elem).hide(); - - // Reset the properties, if the item has been hidden or shown - if ( this.options.hide || this.options.show ) - for ( var p in this.options.curAnim ) - jQuery.attr(this.elem.style, p, this.options.orig[p]); - - // Execute the complete function - this.options.complete.call( this.elem ); - } - - return false; - } else { - var n = t - this.startTime; - this.state = n / this.options.duration; - - // Perform the easing function, defaults to swing - this.pos = jQuery.easing[this.options.easing || (jQuery.easing.swing ? "swing" : "linear")](this.state, n, 0, 1, this.options.duration); - this.now = this.start + ((this.end - this.start) * this.pos); - - // Perform the next step of the animation - this.update(); - } - - return true; - } - -}; - -jQuery.extend( jQuery.fx, { - speeds:{ - slow: 600, - fast: 200, - // Default speed - _default: 400 - }, - step: { - - opacity: function(fx){ - jQuery.attr(fx.elem.style, "opacity", fx.now); - }, - - _default: function(fx){ - if ( fx.elem.style && fx.elem.style[ fx.prop ] != null ) - fx.elem.style[ fx.prop ] = fx.now + fx.unit; - else - fx.elem[ fx.prop ] = fx.now; - } - } -}); -if ( document.documentElement["getBoundingClientRect"] ) - jQuery.fn.offset = function() { - if ( !this[0] ) return { top: 0, left: 0 }; - if ( this[0] === this[0].ownerDocument.body ) return jQuery.offset.bodyOffset( this[0] ); - var box = this[0].getBoundingClientRect(), doc = this[0].ownerDocument, body = doc.body, docElem = doc.documentElement, - clientTop = docElem.clientTop || body.clientTop || 0, clientLeft = docElem.clientLeft || body.clientLeft || 0, - top = box.top + (self.pageYOffset || jQuery.boxModel && docElem.scrollTop || body.scrollTop ) - clientTop, - left = box.left + (self.pageXOffset || jQuery.boxModel && docElem.scrollLeft || body.scrollLeft) - clientLeft; - return { top: top, left: left }; - }; -else - jQuery.fn.offset = function() { - if ( !this[0] ) return { top: 0, left: 0 }; - if ( this[0] === this[0].ownerDocument.body ) return jQuery.offset.bodyOffset( this[0] ); - jQuery.offset.initialized || jQuery.offset.initialize(); - - var elem = this[0], offsetParent = elem.offsetParent, prevOffsetParent = elem, - doc = elem.ownerDocument, computedStyle, docElem = doc.documentElement, - body = doc.body, defaultView = doc.defaultView, - prevComputedStyle = defaultView.getComputedStyle(elem, null), - top = elem.offsetTop, left = elem.offsetLeft; - - while ( (elem = elem.parentNode) && elem !== body && elem !== docElem ) { - computedStyle = defaultView.getComputedStyle(elem, null); - top -= elem.scrollTop, left -= elem.scrollLeft; - if ( elem === offsetParent ) { - top += elem.offsetTop, left += elem.offsetLeft; - if ( jQuery.offset.doesNotAddBorder && !(jQuery.offset.doesAddBorderForTableAndCells && /^t(able|d|h)$/i.test(elem.tagName)) ) - top += parseInt( computedStyle.borderTopWidth, 10) || 0, - left += parseInt( computedStyle.borderLeftWidth, 10) || 0; - prevOffsetParent = offsetParent, offsetParent = elem.offsetParent; - } - if ( jQuery.offset.subtractsBorderForOverflowNotVisible && computedStyle.overflow !== "visible" ) - top += parseInt( computedStyle.borderTopWidth, 10) || 0, - left += parseInt( computedStyle.borderLeftWidth, 10) || 0; - prevComputedStyle = computedStyle; - } - - if ( prevComputedStyle.position === "relative" || prevComputedStyle.position === "static" ) - top += body.offsetTop, - left += body.offsetLeft; - - if ( prevComputedStyle.position === "fixed" ) - top += Math.max(docElem.scrollTop, body.scrollTop), - left += Math.max(docElem.scrollLeft, body.scrollLeft); - - return { top: top, left: left }; - }; - -jQuery.offset = { - initialize: function() { - if ( this.initialized ) return; - var body = document.body, container = document.createElement('div'), innerDiv, checkDiv, table, td, rules, prop, bodyMarginTop = body.style.marginTop, - html = '<div style="position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;"><div></div></div><table style="position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;" cellpadding="0" cellspacing="0"><tr><td></td></tr></table>'; - - rules = { position: 'absolute', top: 0, left: 0, margin: 0, border: 0, width: '1px', height: '1px', visibility: 'hidden' }; - for ( prop in rules ) container.style[prop] = rules[prop]; - - container.innerHTML = html; - body.insertBefore(container, body.firstChild); - innerDiv = container.firstChild, checkDiv = innerDiv.firstChild, td = innerDiv.nextSibling.firstChild.firstChild; - - this.doesNotAddBorder = (checkDiv.offsetTop !== 5); - this.doesAddBorderForTableAndCells = (td.offsetTop === 5); - - innerDiv.style.overflow = 'hidden', innerDiv.style.position = 'relative'; - this.subtractsBorderForOverflowNotVisible = (checkDiv.offsetTop === -5); - - body.style.marginTop = '1px'; - this.doesNotIncludeMarginInBodyOffset = (body.offsetTop === 0); - body.style.marginTop = bodyMarginTop; - - body.removeChild(container); - this.initialized = true; - }, - - bodyOffset: function(body) { - jQuery.offset.initialized || jQuery.offset.initialize(); - var top = body.offsetTop, left = body.offsetLeft; - if ( jQuery.offset.doesNotIncludeMarginInBodyOffset ) - top += parseInt( jQuery.curCSS(body, 'marginTop', true), 10 ) || 0, - left += parseInt( jQuery.curCSS(body, 'marginLeft', true), 10 ) || 0; - return { top: top, left: left }; - } -}; - - -jQuery.fn.extend({ - position: function() { - var left = 0, top = 0, results; - - if ( this[0] ) { - // Get *real* offsetParent - var offsetParent = this.offsetParent(), - - // Get correct offsets - offset = this.offset(), - parentOffset = /^body|html$/i.test(offsetParent[0].tagName) ? { top: 0, left: 0 } : offsetParent.offset(); - - // Subtract element margins - // note: when an element has margin: auto the offsetLeft and marginLeft - // are the same in Safari causing offset.left to incorrectly be 0 - offset.top -= num( this, 'marginTop' ); - offset.left -= num( this, 'marginLeft' ); - - // Add offsetParent borders - parentOffset.top += num( offsetParent, 'borderTopWidth' ); - parentOffset.left += num( offsetParent, 'borderLeftWidth' ); - - // Subtract the two offsets - results = { - top: offset.top - parentOffset.top, - left: offset.left - parentOffset.left - }; - } - - return results; - }, - - offsetParent: function() { - var offsetParent = this[0].offsetParent || document.body; - while ( offsetParent && (!/^body|html$/i.test(offsetParent.tagName) && jQuery.css(offsetParent, 'position') == 'static') ) - offsetParent = offsetParent.offsetParent; - return jQuery(offsetParent); - } -}); - - -// Create scrollLeft and scrollTop methods -jQuery.each( ['Left', 'Top'], function(i, name) { - var method = 'scroll' + name; - - jQuery.fn[ method ] = function(val) { - if (!this[0]) return null; - - return val !== undefined ? - - // Set the scroll offset - this.each(function() { - this == window || this == document ? - window.scrollTo( - !i ? val : jQuery(window).scrollLeft(), - i ? val : jQuery(window).scrollTop() - ) : - this[ method ] = val; - }) : - - // Return the scroll offset - this[0] == window || this[0] == document ? - self[ i ? 'pageYOffset' : 'pageXOffset' ] || - jQuery.boxModel && document.documentElement[ method ] || - document.body[ method ] : - this[0][ method ]; - }; -}); -// Create innerHeight, innerWidth, outerHeight and outerWidth methods -jQuery.each([ "Height", "Width" ], function(i, name){ - - var tl = i ? "Left" : "Top", // top or left - br = i ? "Right" : "Bottom", // bottom or right - lower = name.toLowerCase(); - - // innerHeight and innerWidth - jQuery.fn["inner" + name] = function(){ - return this[0] ? - jQuery.css( this[0], lower, false, "padding" ) : - null; - }; - - // outerHeight and outerWidth - jQuery.fn["outer" + name] = function(margin) { - return this[0] ? - jQuery.css( this[0], lower, false, margin ? "margin" : "border" ) : - null; - }; - - var type = name.toLowerCase(); - - jQuery.fn[ type ] = function( size ) { - // Get window width or height - return this[0] == window ? - // Everyone else use document.documentElement or document.body depending on Quirks vs Standards mode - document.compatMode == "CSS1Compat" && document.documentElement[ "client" + name ] || - document.body[ "client" + name ] : - - // Get document width or height - this[0] == document ? - // Either scroll[Width/Height] or offset[Width/Height], whichever is greater - Math.max( - document.documentElement["client" + name], - document.body["scroll" + name], document.documentElement["scroll" + name], - document.body["offset" + name], document.documentElement["offset" + name] - ) : - - // Get or set width or height on the element - size === undefined ? - // Get width or height on the element - (this.length ? jQuery.css( this[0], type ) : null) : - - // Set the width or height on the element (default to pixels if value is unitless) - this.css( type, typeof size === "string" ? size : size + "px" ); - }; - -}); -})(); diff --git a/config/snort-dev/javascript/jquery.blockUI.js b/config/snort-dev/javascript/jquery.blockUI.js deleted file mode 100644 index 57318334..00000000 --- a/config/snort-dev/javascript/jquery.blockUI.js +++ /dev/null @@ -1,463 +0,0 @@ -/*! - * jQuery blockUI plugin - * Version 2.26 (09-SEP-2009) - * @requires jQuery v1.2.3 or later - * - * Examples at: http://malsup.com/jquery/block/ - * Copyright (c) 2007-2008 M. Alsup - * Dual licensed under the MIT and GPL licenses: - * http://www.opensource.org/licenses/mit-license.php - * http://www.gnu.org/licenses/gpl.html - * - * Thanks to Amir-Hossein Sobhi for some excellent contributions! - */ - -;(function($) { - -if (/1\.(0|1|2)\.(0|1|2)/.test($.fn.jquery) || /^1.1/.test($.fn.jquery)) { - alert('blockUI requires jQuery v1.2.3 or later! You are using v' + $.fn.jquery); - return; -} - -$.fn._fadeIn = $.fn.fadeIn; - -// this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle -// retarded userAgent strings on Vista) -var mode = document.documentMode || 0; -var setExpr = $.browser.msie && (($.browser.version < 8 && !mode) || mode < 8); -var ie6 = $.browser.msie && /MSIE 6.0/.test(navigator.userAgent) && !mode; - -// global $ methods for blocking/unblocking the entire page -$.blockUI = function(opts) { install(window, opts); }; -$.unblockUI = function(opts) { remove(window, opts); }; - -// convenience method for quick growl-like notifications (http://www.google.com/search?q=growl) -$.growlUI = function(title, message, timeout, onClose) { - var $m = $('<div class="growlUI"></div>'); - if (title) $m.append('<h1>'+title+'</h1>'); - if (message) $m.append('<h2>'+message+'</h2>'); - if (timeout == undefined) timeout = 3000; - $.blockUI({ - message: $m, fadeIn: 700, fadeOut: 1000, centerY: false, - timeout: timeout, showOverlay: false, - onUnblock: onClose, - css: $.blockUI.defaults.growlCSS - }); -}; - -// plugin method for blocking element content -$.fn.block = function(opts) { - return this.unblock({ fadeOut: 0 }).each(function() { - if ($.css(this,'position') == 'static') - this.style.position = 'relative'; - if ($.browser.msie) - this.style.zoom = 1; // force 'hasLayout' - install(this, opts); - }); -}; - -// plugin method for unblocking element content -$.fn.unblock = function(opts) { - return this.each(function() { - remove(this, opts); - }); -}; - -$.blockUI.version = 2.26; // 2nd generation blocking at no extra cost! - -// override these in your code to change the default behavior and style -$.blockUI.defaults = { - // message displayed when blocking (use null for no message) - message: '<h1>Please wait...</h1>', - - title: null, // title string; only used when theme == true - draggable: true, // only used when theme == true (requires jquery-ui.js to be loaded) - - theme: false, // set to true to use with jQuery UI themes - - // styles for the message when blocking; if you wish to disable - // these and use an external stylesheet then do this in your code: - // $.blockUI.defaults.css = {}; - css: { - padding: 0, - margin: 0, - width: '30%', - top: '40%', - left: '35%', - textAlign: 'center', - color: '#000', - border: '3px solid #aaa', - backgroundColor:'#fff', - cursor: 'wait' - }, - - // minimal style set used when themes are used - themedCSS: { - width: '30%', - top: '40%', - left: '35%' - }, - - // styles for the overlay - overlayCSS: { - backgroundColor: '#000', - opacity: 0.6, - cursor: 'wait' - }, - - // styles applied when using $.growlUI - growlCSS: { - width: '350px', - top: '10px', - left: '', - right: '10px', - border: 'none', - padding: '5px', - opacity: 0.6, - cursor: 'default', - color: '#fff', - backgroundColor: '#000', - '-webkit-border-radius': '10px', - '-moz-border-radius': '10px' - }, - - // IE issues: 'about:blank' fails on HTTPS and javascript:false is s-l-o-w - // (hat tip to Jorge H. N. de Vasconcelos) - iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank', - - // force usage of iframe in non-IE browsers (handy for blocking applets) - forceIframe: false, - - // z-index for the blocking overlay - baseZ: 1000, - - // set these to true to have the message automatically centered - centerX: true, // <-- only effects element blocking (page block controlled via css above) - centerY: true, - - // allow body element to be stetched in ie6; this makes blocking look better - // on "short" pages. disable if you wish to prevent changes to the body height - allowBodyStretch: true, - - // enable if you want key and mouse events to be disabled for content that is blocked - bindEvents: true, - - // be default blockUI will supress tab navigation from leaving blocking content - // (if bindEvents is true) - constrainTabKey: true, - - // fadeIn time in millis; set to 0 to disable fadeIn on block - fadeIn: 200, - - // fadeOut time in millis; set to 0 to disable fadeOut on unblock - fadeOut: 400, - - // time in millis to wait before auto-unblocking; set to 0 to disable auto-unblock - timeout: 0, - - // disable if you don't want to show the overlay - showOverlay: true, - - // if true, focus will be placed in the first available input field when - // page blocking - focusInput: true, - - // suppresses the use of overlay styles on FF/Linux (due to performance issues with opacity) - applyPlatformOpacityRules: true, - - // callback method invoked when unblocking has completed; the callback is - // passed the element that has been unblocked (which is the window object for page - // blocks) and the options that were passed to the unblock call: - // onUnblock(element, options) - onUnblock: null, - - // don't ask; if you really must know: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a79a77a78e493 - quirksmodeOffsetHack: 4 -}; - -// private data and functions follow... - -var pageBlock = null; -var pageBlockEls = []; - -function install(el, opts) { - var full = (el == window); - var msg = opts && opts.message !== undefined ? opts.message : undefined; - opts = $.extend({}, $.blockUI.defaults, opts || {}); - opts.overlayCSS = $.extend({}, $.blockUI.defaults.overlayCSS, opts.overlayCSS || {}); - var css = $.extend({}, $.blockUI.defaults.css, opts.css || {}); - var themedCSS = $.extend({}, $.blockUI.defaults.themedCSS, opts.themedCSS || {}); - msg = msg === undefined ? opts.message : msg; - - // remove the current block (if there is one) - if (full && pageBlock) - remove(window, {fadeOut:0}); - - // if an existing element is being used as the blocking content then we capture - // its current place in the DOM (and current display style) so we can restore - // it when we unblock - if (msg && typeof msg != 'string' && (msg.parentNode || msg.jquery)) { - var node = msg.jquery ? msg[0] : msg; - var data = {}; - $(el).data('blockUI.history', data); - data.el = node; - data.parent = node.parentNode; - data.display = node.style.display; - data.position = node.style.position; - if (data.parent) - data.parent.removeChild(node); - } - - var z = opts.baseZ; - - // blockUI uses 3 layers for blocking, for simplicity they are all used on every platform; - // layer1 is the iframe layer which is used to supress bleed through of underlying content - // layer2 is the overlay layer which has opacity and a wait cursor (by default) - // layer3 is the message content that is displayed while blocking - - var lyr1 = ($.browser.msie || opts.forceIframe) - ? $('<iframe class="blockUI" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+opts.iframeSrc+'"></iframe>') - : $('<div class="blockUI" style="display:none"></div>'); - var lyr2 = $('<div class="blockUI blockOverlay" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>'); - - var lyr3; - if (opts.theme && full) { - var s = '<div class="blockUI blockMsg blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+z+';display:none;position:fixed">' + - '<div class="ui-widget-header ui-dialog-titlebar blockTitle">'+(opts.title || ' ')+'</div>' + - '<div class="ui-widget-content ui-dialog-content"></div>' + - '</div>'; - lyr3 = $(s); - } - else { - lyr3 = full ? $('<div class="blockUI blockMsg blockPage" style="z-index:'+z+';display:none;position:fixed"></div>') - : $('<div class="blockUI blockMsg blockElement" style="z-index:'+z+';display:none;position:absolute"></div>'); - } - - // if we have a message, style it - if (msg) { - if (opts.theme) { - lyr3.css(themedCSS); - lyr3.addClass('ui-widget-content'); - } - else - lyr3.css(css); - } - - // style the overlay - if (!opts.applyPlatformOpacityRules || !($.browser.mozilla && /Linux/.test(navigator.platform))) - lyr2.css(opts.overlayCSS); - lyr2.css('position', full ? 'fixed' : 'absolute'); - - // make iframe layer transparent in IE - if ($.browser.msie || opts.forceIframe) - lyr1.css('opacity',0.0); - - $([lyr1[0],lyr2[0],lyr3[0]]).appendTo(full ? 'body' : el); - - if (opts.theme && opts.draggable && $.fn.draggable) { - lyr3.draggable({ - handle: '.ui-dialog-titlebar', - cancel: 'li' - }); - } - - // ie7 must use absolute positioning in quirks mode and to account for activex issues (when scrolling) - var expr = setExpr && (!$.boxModel || $('object,embed', full ? null : el).length > 0); - if (ie6 || expr) { - // give body 100% height - if (full && opts.allowBodyStretch && $.boxModel) - $('html,body').css('height','100%'); - - // fix ie6 issue when blocked element has a border width - if ((ie6 || !$.boxModel) && !full) { - var t = sz(el,'borderTopWidth'), l = sz(el,'borderLeftWidth'); - var fixT = t ? '(0 - '+t+')' : 0; - var fixL = l ? '(0 - '+l+')' : 0; - } - - // simulate fixed position - $.each([lyr1,lyr2,lyr3], function(i,o) { - var s = o[0].style; - s.position = 'absolute'; - if (i < 2) { - full ? s.setExpression('height','Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.boxModel?0:'+opts.quirksmodeOffsetHack+') + "px"') - : s.setExpression('height','this.parentNode.offsetHeight + "px"'); - full ? s.setExpression('width','jQuery.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"') - : s.setExpression('width','this.parentNode.offsetWidth + "px"'); - if (fixL) s.setExpression('left', fixL); - if (fixT) s.setExpression('top', fixT); - } - else if (opts.centerY) { - if (full) s.setExpression('top','(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"'); - s.marginTop = 0; - } - else if (!opts.centerY && full) { - var top = (opts.css && opts.css.top) ? parseInt(opts.css.top) : 0; - var expression = '((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + '+top+') + "px"'; - s.setExpression('top',expression); - } - }); - } - - // show the message - if (msg) { - if (opts.theme) - lyr3.find('.ui-widget-content').append(msg); - else - lyr3.append(msg); - if (msg.jquery || msg.nodeType) - $(msg).show(); - } - - if (($.browser.msie || opts.forceIframe) && opts.showOverlay) - lyr1.show(); // opacity is zero - if (opts.fadeIn) { - if (opts.showOverlay) - lyr2._fadeIn(opts.fadeIn); - if (msg) - lyr3.fadeIn(opts.fadeIn); - } - else { - if (opts.showOverlay) - lyr2.show(); - if (msg) - lyr3.show(); - } - - // bind key and mouse events - bind(1, el, opts); - - if (full) { - pageBlock = lyr3[0]; - pageBlockEls = $(':input:enabled:visible',pageBlock); - if (opts.focusInput) - setTimeout(focus, 20); - } - else - center(lyr3[0], opts.centerX, opts.centerY); - - if (opts.timeout) { - // auto-unblock - var to = setTimeout(function() { - full ? $.unblockUI(opts) : $(el).unblock(opts); - }, opts.timeout); - $(el).data('blockUI.timeout', to); - } -}; - -// remove the block -function remove(el, opts) { - var full = (el == window); - var $el = $(el); - var data = $el.data('blockUI.history'); - var to = $el.data('blockUI.timeout'); - if (to) { - clearTimeout(to); - $el.removeData('blockUI.timeout'); - } - opts = $.extend({}, $.blockUI.defaults, opts || {}); - bind(0, el, opts); // unbind events - - var els; - if (full) // crazy selector to handle odd field errors in ie6/7 - els = $('body').children().filter('.blockUI').add('body > .blockUI'); - else - els = $('.blockUI', el); - - if (full) - pageBlock = pageBlockEls = null; - - if (opts.fadeOut) { - els.fadeOut(opts.fadeOut); - setTimeout(function() { reset(els,data,opts,el); }, opts.fadeOut); - } - else - reset(els, data, opts, el); -}; - -// move blocking element back into the DOM where it started -function reset(els,data,opts,el) { - els.each(function(i,o) { - // remove via DOM calls so we don't lose event handlers - if (this.parentNode) - this.parentNode.removeChild(this); - }); - - if (data && data.el) { - data.el.style.display = data.display; - data.el.style.position = data.position; - if (data.parent) - data.parent.appendChild(data.el); - $(data.el).removeData('blockUI.history'); - } - - if (typeof opts.onUnblock == 'function') - opts.onUnblock(el,opts); -}; - -// bind/unbind the handler -function bind(b, el, opts) { - var full = el == window, $el = $(el); - - // don't bother unbinding if there is nothing to unbind - if (!b && (full && !pageBlock || !full && !$el.data('blockUI.isBlocked'))) - return; - if (!full) - $el.data('blockUI.isBlocked', b); - - // don't bind events when overlay is not in use or if bindEvents is false - if (!opts.bindEvents || (b && !opts.showOverlay)) - return; - - // bind anchors and inputs for mouse and key events - var events = 'mousedown mouseup keydown keypress'; - b ? $(document).bind(events, opts, handler) : $(document).unbind(events, handler); - -// former impl... -// var $e = $('a,:input'); -// b ? $e.bind(events, opts, handler) : $e.unbind(events, handler); -}; - -// event handler to suppress keyboard/mouse events when blocking -function handler(e) { - // allow tab navigation (conditionally) - if (e.keyCode && e.keyCode == 9) { - if (pageBlock && e.data.constrainTabKey) { - var els = pageBlockEls; - var fwd = !e.shiftKey && e.target == els[els.length-1]; - var back = e.shiftKey && e.target == els[0]; - if (fwd || back) { - setTimeout(function(){focus(back)},10); - return false; - } - } - } - // allow events within the message content - if ($(e.target).parents('div.blockMsg').length > 0) - return true; - - // allow events for content that is not being blocked - return $(e.target).parents().children().filter('div.blockUI').length == 0; -}; - -function focus(back) { - if (!pageBlockEls) - return; - var e = pageBlockEls[back===true ? pageBlockEls.length-1 : 0]; - if (e) - e.focus(); -}; - -function center(el, x, y) { - var p = el.parentNode, s = el.style; - var l = ((p.offsetWidth - el.offsetWidth)/2) - sz(p,'borderLeftWidth'); - var t = ((p.offsetHeight - el.offsetHeight)/2) - sz(p,'borderTopWidth'); - if (x) s.left = l > 0 ? (l+'px') : '0'; - if (y) s.top = t > 0 ? (t+'px') : '0'; -}; - -function sz(el, p) { - return parseInt($.css(el,p))||0; -}; - -})(jQuery); diff --git a/config/snort-dev/javascript/mootools.js b/config/snort-dev/javascript/mootools.js deleted file mode 100644 index e058db83..00000000 --- a/config/snort-dev/javascript/mootools.js +++ /dev/null @@ -1,3 +0,0 @@ -//MooTools, My Object Oriented Javascript Tools. Copyright (c) 2006 Valerio Proietti, <http://mad4milk.net>, MIT Style License. - -eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o ay={a6:\'1.11\'};m $5B(N){k(N!=9e)};m $G(N){B(!$5B(N))k U;B(N.4t)k\'L\';o G=5X N;B(G==\'2t\'&&N.a8){21(N.7v){Y 1:k\'L\';Y 3:k(/\\S/).2N(N.91)?\'a9\':\'bo\'}}B(G==\'2t\'||G==\'m\'){21(N.7X){Y 2j:k\'1u\';Y 7u:k\'5e\';Y 1f:k\'7F\'}B(5X N.V==\'3P\'){B(N.2U)k\'bw\';B(N.7b)k\'1b\'}}k G};m $1Q(){o 4f={};M(o i=0;i<1b.V;i++){M(o I 1e 1b[i]){o ap=1b[i][I];o 5z=4f[I];B(5z&&$G(ap)==\'2t\'&&$G(5z)==\'2t\')4f[I]=$1Q(5z,ap);19 4f[I]=ap}}k 4f};o $Q=m(){o 1l=1b;B(!1l[1])1l=[c,1l[0]];M(o I 1e 1l[1])1l[0][I]=1l[1][I];k 1l[0]};o $4d=m(){M(o i=0,l=1b.V;i<l;i++){1b[i].Q=m(1N){M(o 1T 1e 1N){B(!c.1x[1T])c.1x[1T]=1N[1T];B(!c[1T])c[1T]=$4d.6c(1T)}}}};$4d.6c=m(1T){k m(17){k c.1x[1T].3t(17,2j.1x.8K.1X(1b,1))}};$4d(7B,2j,6g,9P);m $2w(N){k!!(N||N===0)};m $4F(N,7U){k $5B(N)?N:7U};m $6X(2X,1L){k 1c.8s(1c.6X()*(1L-2X+1)+2X)};m $33(){k O 9z().9Q()};m $6J(2b){b5(2b);b4(2b);k 1k};o 3d=m(N){N=N||{};N.Q=$Q;k N};o b8=O 3d(W);o bm=O 3d(R);R.67=R.2G(\'67\')[0];W.3B=!!(R.54);B(W.9a)W.2s=W[W.66?\'aV\':\'9E\']=1g;19 B(R.8X&&!R.bj&&!ai.a3)W.3L=W[W.3B?\'a7\':\'5T\']=1g;19 B(R.aG!=1k)W.7f=1g;W.ax=W.3L;6Y.Q=$Q;B(5X 5j==\'9e\'){o 5j=m(){};B(W.3L)R.9V("aO");5j.1x=(W.3L)?W["[[aW.1x]]"]:{}}5j.1x.4t=m(){};B(W.9E)49{R.aT("aA",U,1g)}48(e){};o 1f=m(1y){o 4V=m(){k(1b[0]!==1k&&c.1w&&$G(c.1w)==\'m\')?c.1w.3t(c,1b):c};$Q(4V,c);4V.1x=1y;4V.7X=1f;k 4V};1f.1r=m(){};1f.1x={Q:m(1y){o 68=O c(1k);M(o I 1e 1y){o 8c=68[I];68[I]=1f.86(8c,1y[I])}k O 1f(68)},56:m(){M(o i=0,l=1b.V;i<l;i++)$Q(c.1x,1b[i])}};1f.86=m(3y,2a){B(3y&&3y!=2a){o G=$G(2a);B(G!=$G(3y))k 2a;21(G){Y\'m\':o 7q=m(){c.1o=1b.7b.1o;k 2a.3t(c,1b)};7q.1o=3y;k 7q;Y\'2t\':k $1Q(3y,2a)}}k 2a};o 6G=O 1f({af:m(T){c.3Y=c.3Y||[];c.3Y.1i(T);k c},7h:m(){B(c.3Y&&c.3Y.V)c.3Y.8I().2q(10,c)},bn:m(){c.3Y=[]}});o 2A=O 1f({29:m(G,T){B(T!=1f.1r){c.$1a=c.$1a||{};c.$1a[G]=c.$1a[G]||[];c.$1a[G].6q(T)}k c},1v:m(G,1l,2q){B(c.$1a&&c.$1a[G]){c.$1a[G].1z(m(T){T.2L({\'17\':c,\'2q\':2q,\'1b\':1l})()},c)}k c},4m:m(G,T){B(c.$1a&&c.$1a[G])c.$1a[G].2O(T);k c}});o 6a=O 1f({3Z:m(){c.C=$1Q.3t(1k,[c.C].Q(1b));B(c.29){M(o 35 1e c.C){B($G(c.C[35]==\'m\')&&(/^51[A-Z]/).2N(35))c.29(35,c.C[35])}}k c}});2j.Q({61:m(T,17){M(o i=0,j=c.V;i<j;i++)T.1X(17,c[i],i,c)},2R:m(T,17){o 4j=[];M(o i=0,j=c.V;i<j;i++){B(T.1X(17,c[i],i,c))4j.1i(c[i])}k 4j},2y:m(T,17){o 4j=[];M(o i=0,j=c.V;i<j;i++)4j[i]=T.1X(17,c[i],i,c);k 4j},5E:m(T,17){M(o i=0,j=c.V;i<j;i++){B(!T.1X(17,c[i],i,c))k U}k 1g},aL:m(T,17){M(o i=0,j=c.V;i<j;i++){B(T.1X(17,c[i],i,c))k 1g}k U},4n:m(2U,12){o 4v=c.V;M(o i=(12<0)?1c.1L(0,4v+12):12||0;i<4v;i++){B(c[i]===2U)k i}k-1},6Z:m(1q,V){1q=1q||0;B(1q<0)1q=c.V+1q;V=V||(c.V-1q);o 6z=[];M(o i=0;i<V;i++)6z[i]=c[1q++];k 6z},2O:m(2U){o i=0;o 4v=c.V;62(i<4v){B(c[i]===2U){c.5m(i,1);4v--}19{i++}}k c},1j:m(2U,12){k c.4n(2U,12)!=-1},aN:m(1G){o N={},V=1c.2X(c.V,1G.V);M(o i=0;i<V;i++)N[1G[i]]=c[i];k N},Q:m(1u){M(o i=0,j=1u.V;i<j;i++)c.1i(1u[i]);k c},1Q:m(1u){M(o i=0,l=1u.V;i<l;i++)c.6q(1u[i]);k c},6q:m(2U){B(!c.1j(2U))c.1i(2U);k c},b0:m(){k c[$6X(0,c.V-1)]||1k},7p:m(){k c[c.V-1]||1k}});2j.1x.1z=2j.1x.61;2j.1z=2j.61;m $A(1u){k 2j.6Z(1u)};m $1z(3o,T,17){B(3o&&5X 3o.V==\'3P\'&&$G(3o)!=\'2t\'){2j.61(3o,T,17)}19{M(o 1p 1e 3o)T.1X(17||3o,3o[1p],1p)}};2j.1x.2N=2j.1x.1j;6g.Q({2N:m(6e,2z){k(($G(6e)==\'2h\')?O 7u(6e,2z):6e).2N(c)},2P:m(){k 4X(c,10)},9A:m(){k 4T(c)},7I:m(){k c.31(/-\\D/g,m(2M){k 2M.6T(1).7D()})},8U:m(){k c.31(/\\w[A-Z]/g,m(2M){k(2M.6T(0)+\'-\'+2M.6T(1).4S())})},7S:m(){k c.31(/\\b[a-z]/g,m(2M){k 2M.7D()})},6y:m(){k c.31(/^\\s+|\\s+$/g,\'\')},7x:m(){k c.31(/\\s{2,}/g,\' \').6y()},52:m(1u){o 1m=c.2M(/\\d{1,3}/g);k(1m)?1m.52(1u):U},57:m(1u){o 3i=c.2M(/^#?(\\w{1,2})(\\w{1,2})(\\w{1,2})$/);k(3i)?3i.8K(1).57(1u):U},1j:m(2h,s){k(s)?(s+c+s).4n(s+2h+s)>-1:c.4n(2h)>-1},84:m(){k c.31(/([.*+?^${}()|[\\]\\/\\\\])/g,\'\\\\$1\')}});2j.Q({52:m(1u){B(c.V<3)k U;B(c.V==4&&c[3]==0&&!1u)k\'ba\';o 3i=[];M(o i=0;i<3;i++){o 4B=(c[i]-0).3F(16);3i.1i((4B.V==1)?\'0\'+4B:4B)}k 1u?3i:\'#\'+3i.1V(\'\')},57:m(1u){B(c.V!=3)k U;o 1m=[];M(o i=0;i<3;i++){1m.1i(4X((c[i].V==1)?c[i]+c[i]:c[i],16))}k 1u?1m:\'1m(\'+1m.1V(\',\')+\')\'}});7B.Q({2L:m(C){o T=c;C=$1Q({\'17\':T,\'K\':U,\'1b\':1k,\'2q\':U,\'3G\':U,\'6n\':U},C);B($2w(C.1b)&&$G(C.1b)!=\'1u\')C.1b=[C.1b];k m(K){o 1l;B(C.K){K=K||W.K;1l=[(C.K===1g)?K:O C.K(K)];B(C.1b)1l.Q(C.1b)}19 1l=C.1b||1b;o 3j=m(){k T.3t($4F(C.17,T),1l)};B(C.2q)k 9G(3j,C.2q);B(C.3G)k aa(3j,C.3G);B(C.6n)49{k 3j()}48(aF){k U};k 3j()}},aq:m(1l,17){k c.2L({\'1b\':1l,\'17\':17})},6n:m(1l,17){k c.2L({\'1b\':1l,\'17\':17,\'6n\':1g})()},17:m(17,1l){k c.2L({\'17\':17,\'1b\':1l})},ak:m(17,1l){k c.2L({\'17\':17,\'K\':1g,\'1b\':1l})},2q:m(2q,17,1l){k c.2L({\'2q\':2q,\'17\':17,\'1b\':1l})()},3G:m(9M,17,1l){k c.2L({\'3G\':9M,\'17\':17,\'1b\':1l})()}});9P.Q({2P:m(){k 4X(c)},9A:m(){k 4T(c)},1M:m(2X,1L){k 1c.2X(1L,1c.1L(2X,c))},2c:m(5d){5d=1c.36(10,5d||0);k 1c.2c(c*5d)/5d},b7:m(T){M(o i=0;i<c;i++)T(i)}});o P=O 1f({1w:m(F,1N){B($G(F)==\'2h\'){B(W.2s&&1N&&(1N.1p||1N.G)){o 1p=(1N.1p)?\' 1p="\'+1N.1p+\'"\':\'\';o G=(1N.G)?\' G="\'+1N.G+\'"\':\'\';4p 1N.1p;4p 1N.G;F=\'<\'+F+1p+G+\'>\'}F=R.9V(F)}F=$(F);k(!1N||!F)?F:F.26(1N)}});o 1R=O 1f({1w:m(15){k(15)?$Q(15,c):c}});1R.Q=m(1N){M(o 1T 1e 1N){c.1x[1T]=1N[1T];c[1T]=$4d.6c(1T)}};m $(F){B(!F)k 1k;B(F.4t)k 2n.4q(F);B([W,R].1j(F))k F;o G=$G(F);B(G==\'2h\'){F=R.5Q(F);G=(F)?\'L\':U}B(G!=\'L\')k 1k;B(F.4t)k 2n.4q(F);B([\'2t\',\'b3\'].1j(F.5M.4S()))k F;$Q(F,P.1x);F.4t=m(){};k 2n.4q(F)};R.5P=R.2G;m $$(){o 15=[];M(o i=0,j=1b.V;i<j;i++){o 1J=1b[i];21($G(1J)){Y\'L\':15.1i(1J);Y\'b2\':1B;Y U:1B;Y\'2h\':1J=R.5P(1J,1g);5Z:15.Q(1J)}}k $$.4U(15)};$$.4U=m(1u){o 15=[];M(o i=0,l=1u.V;i<l;i++){B(1u[i].$64)5L;o L=$(1u[i]);B(L&&!L.$64){L.$64=1g;15.1i(L)}}M(o n=0,d=15.V;n<d;n++)15[n].$64=1k;k O 1R(15)};1R.5G=m(I){k m(){o 1l=1b;o 1t=[];o 15=1g;M(o i=0,j=c.V,3j;i<j;i++){3j=c[i][I].3t(c[i],1l);B($G(3j)!=\'L\')15=U;1t.1i(3j)};k(15)?$$.4U(1t):1t}};P.Q=m(1y){M(o I 1e 1y){5j.1x[I]=1y[I];P.1x[I]=1y[I];P[I]=$4d.6c(I);o 97=(2j.1x[I])?I+\'1R\':I;1R.1x[97]=1R.5G(I)}};P.Q({26:m(1N){M(o 1T 1e 1N){o 3E=1N[1T];21(1T){Y\'90\':c.7w(3E);1B;Y\'1a\':B(c.65)c.65(3E);1B;Y\'1y\':c.6f(3E);1B;5Z:c.5J(1T,3E)}}k c},34:m(F,8M){F=$(F);21(8M){Y\'9m\':F.2Y.6B(c,F);1B;Y\'9r\':o 4D=F.8Q();B(!4D)F.2Y.7m(c);19 F.2Y.6B(c,4D);1B;Y\'1E\':o 6C=F.6H;B(6C){F.6B(c,6C);1B}5Z:F.7m(c)}k c},bB:m(F){k c.34(F,\'9m\')},92:m(F){k c.34(F,\'9r\')},ae:m(F){k c.34(F,\'4I\')},aj:m(F){k c.34(F,\'1E\')},93:m(){o 15=[];$1z(1b,m(9s){15=15.6F(9s)});$$(15).34(c);k c},2O:m(){k c.2Y.9L(c)},a4:m(9c){o F=$(c.ag(9c!==U));B(!F.$1a)k F;F.$1a={};M(o G 1e c.$1a)F.$1a[G]={\'1G\':$A(c.$1a[G].1G),\'1A\':$A(c.$1a[G].1A)};k F.5v()},az:m(F){F=$(F);c.2Y.am(F,c);k F},80:m(1I){c.7m(R.av(1I));k c},7r:m(1F){k c.1F.1j(1F,\' \')},9f:m(1F){B(!c.7r(1F))c.1F=(c.1F+\' \'+1F).7x();k c},9g:m(1F){c.1F=c.1F.31(O 7u(\'(^|\\\\s)\'+1F+\'(?:\\\\s|$)\'),\'$1\').7x();k c},aD:m(1F){k c.7r(1F)?c.9g(1F):c.9f(1F)},30:m(I,J){21(I){Y\'2p\':k c.9n(4T(J));Y\'aB\':I=(W.2s)?\'ah\':\'ab\'}I=I.7I();21($G(J)){Y\'3P\':B(![\'bi\',\'99\'].1j(I))J+=\'4x\';1B;Y\'1u\':J=\'1m(\'+J.1V(\',\')+\')\'}c.1D[I]=J;k c},7w:m(1O){21($G(1O)){Y\'2t\':P.5n(c,\'30\',1O);1B;Y\'2h\':c.1D.77=1O}k c},9n:m(2p){B(2p==0){B(c.1D.5C!="5r")c.1D.5C="5r"}19{B(c.1D.5C!="9o")c.1D.5C="9o"}B(!c.5V||!c.5V.bf)c.1D.99=1;B(W.2s)c.1D.2R=(2p==1)?\'\':"6l(2p="+2p*3w+")";c.1D.2p=c.$3q.2p=2p;k c},1Z:m(I){I=I.7I();o 1C=c.1D[I];B(!$2w(1C)){B(I==\'2p\')k c.$3q.2p;1C=[];M(o 1D 1e P.3s){B(I==1D){P.3s[1D].1z(m(s){o 1D=c.1Z(s);1C.1i(4X(1D)?1D:\'8d\')},c);B(I==\'3p\'){o 5E=1C.5E(m(4B){k(4B==1C[0])});k(5E)?1C[0]:U}k 1C.1V(\' \')}}B(I.1j(\'3p\')){B(P.3s.3p.1j(I)){k[\'7T\',\'6O\',\'2x\'].2y(m(p){k c.1Z(I+p)},c).1V(\' \')}19 B(P.7N.1j(I)){k[\'8J\',\'8H\',\'8n\',\'8p\'].2y(m(p){k c.1Z(\'3p\'+p+I.31(\'3p\',\'\'))},c).1V(\' \')}}B(R.8S)1C=R.8S.bA(c,1k).bt(I.8U());19 B(c.5V)1C=c.5V[I]}B(W.2s)1C=P.7Y(I,1C,c);B(1C&&I.2N(/2o/i)&&1C.1j(\'1m\')){k 1C.5D(\'1m\').5m(1,4).2y(m(2o){k 2o.52()}).1V(\' \')}k 1C},8Z:m(){k P.7J(c,\'1Z\',1b)},4J:m(5I,1q){5I+=\'b9\';o F=(1q)?c[1q]:c[5I];62(F&&$G(F)!=\'L\')F=F[5I];k $(F)},aS:m(){k c.4J(\'3y\')},8Q:m(){k c.4J(\'4D\')},aU:m(){k c.4J(\'4D\',\'6H\')},7p:m(){k c.4J(\'3y\',\'aK\')},aJ:m(){k $(c.2Y)},aM:m(){k $$(c.8X)},7a:m(F){k!!$A(c.2G(\'*\')).1j(F)},5b:m(I){o 3l=P.5O[I];B(3l)k c[3l];o 6w=P.8r[I]||0;B(!W.2s||6w)k c.b6(I,6w);o 6K=c.aX[I];k(6K)?6K.91:1k},b1:m(I){o 3l=P.5O[I];B(3l)c[3l]=\'\';19 c.aZ(I);k c},aY:m(){k P.7J(c,\'5b\',1b)},5J:m(I,J){o 3l=P.5O[I];B(3l)c[3l]=J;19 c.bz(I,J);k c},6f:m(1O){k P.5n(c,\'5J\',1O)},72:m(){c.7Q=$A(1b).1V(\'\');k c},by:m(1I){o 2T=c.4w();B([\'1D\',\'2f\'].1j(2T)){B(W.2s){B(2T==\'1D\')c.8a.77=1I;19 B(2T==\'2f\')c.5J(\'1I\',1I);k c}19{c.9L(c.6H);k c.80(1I)}}c[$5B(c.73)?\'73\':\'7M\']=1I;k c},a2:m(){o 2T=c.4w();B([\'1D\',\'2f\'].1j(2T)){B(W.2s){B(2T==\'1D\')k c.8a.77;19 B(2T==\'2f\')k c.5b(\'1I\')}19{k c.7Q}}k($4F(c.73,c.7M))},4w:m(){k c.5M.4S()},1r:m(){2n.5u(c.2G(\'*\'));k c.72(\'\')}});P.7Y=m(I,1C,L){B($2w(4X(1C)))k 1C;B([\'3f\',\'2H\'].1j(I)){o 1A=(I==\'2H\')?[\'1H\',\'4H\']:[\'1E\',\'4I\'];o 3S=0;1A.1z(m(J){3S+=L.1Z(\'3p-\'+J+\'-2H\').2P()+L.1Z(\'6Q-\'+J).2P()});k L[\'3n\'+I.7S()]-3S+\'4x\'}19 B(I.2N(/3p(.+)7T|2J|6Q/)){k\'8d\'}k 1C};P.3s={\'3p\':[],\'6Q\':[],\'2J\':[]};[\'8J\',\'8H\',\'8n\',\'8p\'].1z(m(7R){M(o 1D 1e P.3s)P.3s[1D].1i(1D+7R)});P.7N=[\'aP\',\'aQ\',\'aR\'];P.7J=m(F,1P,1G){o 1C={};$1z(1G,m(1n){1C[1n]=F[1P](1n)});k 1C};P.5n=m(F,1P,7E){M(o 1n 1e 7E)F[1P](1n,7E[1n]);k F};P.5O=O 3d({\'7F\':\'1F\',\'M\':\'bu\',\'bs\':\'bp\',\'bq\':\'bv\',\'bx\':\'be\',\'bd\':\'bb\',\'bc\':\'bg\',\'bh\':\'aI\',\'bl\':\'bk\',\'J\':\'J\',\'6U\':\'6U\',\'6P\':\'6P\',\'6W\':\'6W\',\'74\':\'74\'});P.8r={\'7O\':2,\'3W\':2};P.2m={5w:{2S:m(G,T){B(c.7c)c.7c(G,T,U);19 c.a5(\'51\'+G,T);k c},4h:m(G,T){B(c.8u)c.8u(G,T,U);19 c.aH(\'51\'+G,T);k c}}};W.Q(P.2m.5w);R.Q(P.2m.5w);P.Q(P.2m.5w);o 2n={15:[],4q:m(F){B(!F.$3q){2n.15.1i(F);F.$3q={\'2p\':1}}k F},5u:m(15){M(o i=0,j=15.V,F;i<j;i++){B(!(F=15[i])||!F.$3q)5L;B(F.$1a)F.1v(\'5u\').5v();M(o p 1e F.$3q)F.$3q[p]=1k;M(o d 1e P.1x)F[d]=1k;2n.15[2n.15.4n(F)]=1k;F.4t=F.$3q=F=1k}2n.15.2O(1k)},1r:m(){2n.4q(W);2n.4q(R);2n.5u(2n.15)}};W.2S(\'8m\',m(){W.2S(\'7H\',2n.1r);B(W.2s)W.2S(\'7H\',aC)});o 2E=O 1f({1w:m(K){B(K&&K.$8G)k K;c.$8G=1g;K=K||W.K;c.K=K;c.G=K.G;c.3m=K.3m||K.aE;B(c.3m.7v==3)c.3m=c.3m.2Y;c.8I=K.ao;c.an=K.au;c.as=K.at;c.ar=K.aw;B([\'7j\',\'43\'].1j(c.G)){c.a1=(K.87)?K.87/ad:-(K.ac||0)/3}19 B(c.G.1j(\'1n\')){c.5k=K.7V||K.al;M(o 1p 1e 2E.1G){B(2E.1G[1p]==c.5k){c.1n=1p;1B}}B(c.G==\'8o\'){o 5p=c.5k-ca;B(5p>0&&5p<13)c.1n=\'f\'+5p}c.1n=c.1n||6g.dp(c.5k).4S()}19 B(c.G.2N(/(8t|2Z|dq)/)){c.4k={\'x\':K.7n||K.7Z+R.2D.4Y,\'y\':K.7s||K.7P+R.2D.59};c.dr={\'x\':K.7n?K.7n-W.85:K.7Z,\'y\':K.7s?K.7s-W.8b:K.7P};c.dn=(K.7V==3)||(K.dm==2);21(c.G){Y\'7z\':c.28=K.28||K.dj;1B;Y\'7L\':c.28=K.28||K.9w}c.8B()}k c},1S:m(){k c.5y().5t()},5y:m(){B(c.K.5y)c.K.5y();19 c.K.dk=1g;k c},5t:m(){B(c.K.5t)c.K.5t();19 c.K.dl=U;k c}});2E.5s={28:m(){B(c.28&&c.28.7v==3)c.28=c.28.2Y},8z:m(){49{2E.5s.28.1X(c)}48(e){c.28=c.3m}}};2E.1x.8B=(W.7f)?2E.5s.8z:2E.5s.28;2E.1G=O 3d({\'ds\':13,\'dt\':38,\'dz\':40,\'1H\':37,\'4H\':39,\'dA\':27,\'dy\':32,\'dx\':8,\'du\':9,\'4p\':46});P.2m.2A={29:m(G,T){c.$1a=c.$1a||{};c.$1a[G]=c.$1a[G]||{\'1G\':[],\'1A\':[]};B(c.$1a[G].1G.1j(T))k c;c.$1a[G].1G.1i(T);o 5q=G;o 2d=P.2A[G];B(2d){B(2d.6N)2d.6N.1X(c,T);B(2d.2y)T=2d.2y;B(2d.G)5q=2d.G}B(!c.7c)T=T.2L({\'17\':c,\'K\':1g});c.$1a[G].1A.1i(T);k(P.7k.1j(5q))?c.2S(5q,T):c},4m:m(G,T){B(!c.$1a||!c.$1a[G])k c;o 2e=c.$1a[G].1G.4n(T);B(2e==-1)k c;o 1n=c.$1a[G].1G.5m(2e,1)[0];o J=c.$1a[G].1A.5m(2e,1)[0];o 2d=P.2A[G];B(2d){B(2d.2O)2d.2O.1X(c,T);B(2d.G)G=2d.G}k(P.7k.1j(G))?c.4h(G,J):c},65:m(1O){k P.5n(c,\'29\',1O)},5v:m(G){B(!c.$1a)k c;B(!G){M(o 5U 1e c.$1a)c.5v(5U);c.$1a=1k}19 B(c.$1a[G]){c.$1a[G].1G.1z(m(T){c.4m(G,T)},c);c.$1a[G]=1k}k c},1v:m(G,1l,2q){B(c.$1a&&c.$1a[G]){c.$1a[G].1G.1z(m(T){T.2L({\'17\':c,\'2q\':2q,\'1b\':1l})()},c)}k c},8j:m(12,G){B(!12.$1a)k c;B(!G){M(o 5U 1e 12.$1a)c.8j(12,5U)}19 B(12.$1a[G]){12.$1a[G].1G.1z(m(T){c.29(G,T)},c)}k c}};W.Q(P.2m.2A);R.Q(P.2m.2A);P.Q(P.2m.2A);P.2A=O 3d({\'8i\':{G:\'7z\',2y:m(K){K=O 2E(K);B(K.28!=c&&!c.7a(K.28))c.1v(\'8i\',K)}},\'8h\':{G:\'7L\',2y:m(K){K=O 2E(K);B(K.28!=c&&!c.7a(K.28))c.1v(\'8h\',K)}},\'43\':{G:(W.7f)?\'7j\':\'43\'}});P.7k=[\'8t\',\'dv\',\'7l\',\'7e\',\'43\',\'7j\',\'7z\',\'7L\',\'4g\',\'8o\',\'dw\',\'di\',\'3C\',\'7H\',\'8m\',\'dh\',\'d4\',\'d5\',\'d6\',\'9H\',\'d3\',\'d2\',\'3z\',\'8l\',\'79\',\'cZ\',\'45\'];7B.Q({5K:m(17,1l){k c.2L({\'17\':17,\'1b\':1l,\'K\':2E})}});1R.Q({d0:m(2T){k O 1R(c.2R(m(F){k(P.4w(F)==2T)}))},8e:m(1F,2l){o 15=c.2R(m(F){k(F.1F&&F.1F.1j(1F,\' \'))});k(2l)?15:O 1R(15)},8k:m(3D,2l){o 15=c.2R(m(F){k(F.3D==3D)});k(2l)?15:O 1R(15)},89:m(1p,7G,J,2l){o 15=c.2R(m(F){o 2a=P.5b(F,1p);B(!2a)k U;B(!7G)k 1g;21(7G){Y\'=\':k(2a==J);Y\'*=\':k(2a.1j(J));Y\'^=\':k(2a.8C(0,J.V)==J);Y\'$=\':k(2a.8C(2a.V-J.V)==J);Y\'!=\':k(2a!=J);Y\'~=\':k 2a.1j(J,\' \')}k U});k(2l)?15:O 1R(15)}});m $E(1J,2R){k($(2R)||R).8y(1J)};m $d1(1J,2R){k($(2R)||R).5P(1J)};$$.3c={\'5e\':/^(\\w*|\\*)(?:#([\\w-]+)|\\.([\\w-]+))?(?:\\[(\\w+)(?:([!*^$]?=)["\']?([^"\'\\]]*)["\']?)?])?$/,\'3B\':{6t:m(1t,2Q,1d,i){o 2v=[2Q.d7?\'78:\':\'\',1d[1]];B(1d[2])2v.1i(\'[@3D="\',1d[2],\'"]\');B(1d[3])2v.1i(\'[1j(6F(" ", @7F, " "), " \',1d[3],\' ")]\');B(1d[4]){B(1d[5]&&1d[6]){21(1d[5]){Y\'*=\':2v.1i(\'[1j(@\',1d[4],\', "\',1d[6],\'")]\');1B;Y\'^=\':2v.1i(\'[d8-de(@\',1d[4],\', "\',1d[6],\'")]\');1B;Y\'$=\':2v.1i(\'[df(@\',1d[4],\', 2h-V(@\',1d[4],\') - \',1d[6].V,\' + 1) = "\',1d[6],\'"]\');1B;Y\'=\':2v.1i(\'[@\',1d[4],\'="\',1d[6],\'"]\');1B;Y\'!=\':2v.1i(\'[@\',1d[4],\'!="\',1d[6],\'"]\')}}19{2v.1i(\'[@\',1d[4],\']\')}}1t.1i(2v.1V(\'\'));k 1t},6x:m(1t,2Q,2l){o 15=[];o 3B=R.54(\'.//\'+1t.1V(\'//\'),2Q,$$.3c.88,dC.dd,1k);M(o i=0,j=3B.dc;i<j;i++)15.1i(3B.d9(i));k(2l)?15:O 1R(15.2y($))}},\'8g\':{6t:m(1t,2Q,1d,i){B(i==0){B(1d[2]){o F=2Q.5Q(1d[2]);B(!F||((1d[1]!=\'*\')&&(P.4w(F)!=1d[1])))k U;1t=[F]}19{1t=$A(2Q.2G(1d[1]))}}19{1t=$$.3c.2G(1t,1d[1]);B(1d[2])1t=1R.8k(1t,1d[2],1g)}B(1d[3])1t=1R.8e(1t,1d[3],1g);B(1d[4])1t=1R.89(1t,1d[4],1d[5],1d[6],1g);k 1t},6x:m(1t,2Q,2l){k(2l)?1t:$$.4U(1t)}},88:m(7W){k(7W==\'78\')?\'da://9k.db.dB/dK/78\':U},2G:m(2Q,5M){o 6D=[];M(o i=0,j=2Q.V;i<j;i++)6D.Q(2Q[i].2G(5M));k 6D}};$$.3c.1P=(W.3B)?\'3B\':\'8g\';P.2m.76={5S:m(1J,2l){o 1t=[];1J=1J.6y().5D(\' \');M(o i=0,j=1J.V;i<j;i++){o 8q=1J[i];o 1d=8q.2M($$.3c.5e);B(!1d)1B;1d[1]=1d[1]||\'*\';o 2v=$$.3c[$$.3c.1P].6t(1t,c,1d,i);B(!2v)1B;1t=2v}k $$.3c[$$.3c.1P].6x(1t,c,2l)},8y:m(1J){k $(c.5S(1J,1g)[0]||U)},5P:m(1J,2l){o 15=[];1J=1J.5D(\',\');M(o i=0,j=1J.V;i<j;i++)15=15.6F(c.5S(1J[i],1g));k(2l)?15:$$.4U(15)}};P.Q({5Q:m(3D){o F=R.5Q(3D);B(!F)k U;M(o 1o=F.2Y;1o!=c;1o=1o.2Y){B(!1o)k U}k F},dW:m(1F){k c.5S(\'.\'+1F)}});R.Q(P.2m.76);P.Q(P.2m.76);P.Q({3v:m(){21(c.4w()){Y\'3z\':o 1A=[];$1z(c.C,m(35){B(35.74)1A.1i($4F(35.J,35.1I))});k(c.6W)?1A:1A[0];Y\'8D\':B(!(c.6P&&[\'dT\',\'dU\'].1j(c.G))&&![\'5r\',\'1I\',\'e1\'].1j(c.G))1B;Y\'8w\':k c.J}k U},8f:m(){k $$(c.2G(\'8D\'),c.2G(\'3z\'),c.2G(\'8w\'))},5c:m(){o 47=[];c.8f().1z(m(F){o 1p=F.1p;o J=F.3v();B(J===U||!1p||F.6U)k;o 6S=m(3E){47.1i(1p+\'=\'+6m(3E))};B($G(J)==\'1u\')J.1z(6S);19 6S(J)});k 47.1V(\'&\')}});P.Q({3x:m(x,y){c.4Y=x;c.59=y},6L:m(){k{\'45\':{\'x\':c.4Y,\'y\':c.59},\'3S\':{\'x\':c.4L,\'y\':c.4G},\'6M\':{\'x\':c.5A,\'y\':c.5H}}},3Q:m(22){22=22||[];o F=c,1H=0,1E=0;do{1H+=F.e6||0;1E+=F.e7||0;F=F.e2}62(F);22.1z(m(L){1H-=L.4Y||0;1E-=L.59||0});k{\'x\':1H,\'y\':1E}},9i:m(22){k c.3Q(22).y},9h:m(22){k c.3Q(22).x},6j:m(22){o 2i=c.3Q(22);o N={\'2H\':c.4L,\'3f\':c.4G,\'1H\':2i.x,\'1E\':2i.y};N.4H=N.1H+N.2H;N.4I=N.1E+N.3f;k N}});P.2A.6r={6N:m(T){B(W.5R){T.1X(c);k}o 4Z=m(){B(W.5R)k;W.5R=1g;W.2b=$6J(W.2b);c.1v(\'6r\')}.17(c);B(R.4u&&W.3L){W.2b=m(){B([\'5R\',\'6v\'].1j(R.4u))4Z()}.3G(50)}19 B(R.4u&&W.2s){B(!$(\'6s\')){o 3W=(W.dV.dR==\'dH:\')?\'://0\':\'70:dS(0)\';R.dI(\'<2f 3D="6s" dG 3W="\'+3W+\'"><\\/2f>\');$(\'6s\').69=m(){B(c.4u==\'6v\')4Z()}}}19{W.2S("3C",4Z);R.2S("dF",4Z)}}};W.dJ=m(T){k c.29(\'6r\',T)};W.Q({8L:m(){B(c.5T)k c.dP;B(c.82)k R.5F.81;k R.2D.81},9Y:m(){B(c.5T)k c.dQ;B(c.82)k R.5F.83;k R.2D.83},9S:m(){B(c.2s)k 1c.1L(R.2D.4L,R.2D.5A);B(c.3L)k R.5F.5A;k R.2D.5A},9F:m(){B(c.2s)k 1c.1L(R.2D.4G,R.2D.5H);B(c.3L)k R.5F.5H;k R.2D.5H},9D:m(){k c.85||R.2D.4Y},9T:m(){k c.8b||R.2D.59},6L:m(){k{\'3S\':{\'x\':c.8L(),\'y\':c.9Y()},\'6M\':{\'x\':c.9S(),\'y\':c.9F()},\'45\':{\'x\':c.9D(),\'y\':c.9T()}}},3Q:m(){k{\'x\':0,\'y\':0}}});o 1h={};1h.2F=O 1f({C:{4P:1f.1r,25:1f.1r,6I:1f.1r,1W:m(p){k-(1c.9p(1c.7C*p)-1)/2},3r:dN,2k:\'4x\',44:1g,9R:50},1w:m(C){c.L=c.L||1k;c.3Z(C);B(c.C.1w)c.C.1w.1X(c)},9I:m(){o 33=$33();B(33<c.33+c.C.3r){c.3R=c.C.1W((33-c.33)/c.C.3r);c.3N();c.3V()}19{c.1S(1g);c.26(c.14);c.1v(\'25\',c.L,10);c.7h()}},26:m(14){c.18=14;c.3V();k c},3N:m(){c.18=c.3J(c.12,c.14)},3J:m(12,14){k(14-12)*c.3R+12},1q:m(12,14){B(!c.C.44)c.1S();19 B(c.2b)k c;c.12=12;c.14=14;c.9H=c.14-c.12;c.33=$33();c.2b=c.9I.3G(1c.2c(8A/c.C.9R),c);c.1v(\'4P\',c.L);k c},1S:m(5N){B(!c.2b)k c;c.2b=$6J(c.2b);B(!5N)c.1v(\'6I\',c.L);k c},2d:m(12,14){k c.1q(12,14)},dM:m(5N){k c.1S(5N)}});1h.2F.56(O 6G,O 2A,O 6a);1h.2W={3z:m(I,14){B(I.2N(/2o/i))k c.2x;o G=$G(14);B((G==\'1u\')||(G==\'2h\'&&14.1j(\' \')))k c.5G;k c.9K},2B:m(F,I,4l){B(!4l.1i)4l=[4l];o 12=4l[0],14=4l[1];B(!$2w(14)){14=12;12=F.1Z(I)}o 1s=c.3z(I,14);k{\'12\':1s.2B(12),\'14\':1s.2B(14),\'1s\':1s}}};1h.2W.9K={2B:m(J){k 4T(J)},4b:m(12,14,4c){k 4c.3J(12,14)},3v:m(J,2k,I){B(2k==\'4x\'&&I!=\'2p\')J=1c.2c(J);k J+2k}};1h.2W.5G={2B:m(J){k J.1i?J:J.5D(\' \').2y(m(v){k 4T(v)})},4b:m(12,14,4c){o 18=[];M(o i=0;i<12.V;i++)18[i]=4c.3J(12[i],14[i]);k 18},3v:m(J,2k,I){B(2k==\'4x\'&&I!=\'2p\')J=J.2y(1c.2c);k J.1V(2k+\' \')+2k}};1h.2W.2x={2B:m(J){k J.1i?J:J.57(1g)},4b:m(12,14,4c){o 18=[];M(o i=0;i<12.V;i++)18[i]=1c.2c(4c.3J(12[i],14[i]));k 18},3v:m(J){k\'1m(\'+J.1V(\',\')+\')\'}};1h.6O=1h.2F.Q({1w:m(F,I,C){c.L=$(F);c.I=I;c.1o(C)},94:m(){k c.26(0)},3N:m(){c.18=c.1s.4b(c.12,c.14,c)},26:m(14){c.1s=1h.2W.3z(c.I,14);k c.1o(c.1s.2B(14))},1q:m(12,14){B(c.2b&&c.C.44)k c;o 1U=1h.2W.2B(c.L,c.I,[12,14]);c.1s=1U.1s;k c.1o(1U.12,1U.14)},3V:m(){c.L.30(c.I,c.1s.3v(c.18,c.C.2k,c.I))}});P.Q({dO:m(I,C){k O 1h.6O(c,I,C)}});1h.3s=1h.2F.Q({1w:m(F,C){c.L=$(F);c.1o(C)},3N:m(){M(o p 1e c.12)c.18[p]=c.1s[p].4b(c.12[p],c.14[p],c)},26:m(14){o 1U={};c.1s={};M(o p 1e 14){c.1s[p]=1h.2W.3z(p,14[p]);1U[p]=c.1s[p].2B(14[p])}k c.1o(1U)},1q:m(N){B(c.2b&&c.C.44)k c;c.18={};c.1s={};o 12={},14={};M(o p 1e N){o 1U=1h.2W.2B(c.L,p,N[p]);12[p]=1U.12;14[p]=1U.14;c.1s[p]=1U.1s}k c.1o(12,14)},3V:m(){M(o p 1e c.18)c.L.30(p,c.1s[p].3v(c.18[p],c.C.2k,p))}});P.Q({dE:m(C){k O 1h.3s(c,C)}});1h.1R=1h.2F.Q({1w:m(15,C){c.15=$$(15);c.1o(C)},3N:m(){M(o i 1e c.12){o 5f=c.12[i],3u=c.14[i],3e=c.1s[i],5g=c.18[i]={};M(o p 1e 5f)5g[p]=3e[p].4b(5f[p],3u[p],c)}},26:m(14){o 1U={};c.1s={};M(o i 1e 14){o 3u=14[i],3e=c.1s[i]={},9y=1U[i]={};M(o p 1e 3u){3e[p]=1h.2W.3z(p,3u[p]);9y[p]=3e[p].2B(3u[p])}}k c.1o(1U)},1q:m(N){B(c.2b&&c.C.44)k c;c.18={};c.1s={};o 12={},14={};M(o i 1e N){o 6R=N[i],5f=12[i]={},3u=14[i]={},3e=c.1s[i]={};M(o p 1e 6R){o 1U=1h.2W.2B(c.15[i],p,6R[p]);5f[p]=1U.12;3u[p]=1U.14;3e[p]=1U.1s}}k c.1o(12,14)},3V:m(){M(o i 1e c.18){o 5g=c.18[i],3e=c.1s[i];M(o p 1e 5g)c.15[i].30(p,3e[p].3v(5g[p],c.C.2k,p))}}});1h.dD=1h.2F.Q({C:{22:[],3n:{\'x\':0,\'y\':0},9W:1g},1w:m(L,C){c.18=[];c.L=$(L);c.2u={\'1S\':c.1S.17(c,U)};c.1o(C);B(c.C.9W){c.29(\'4P\',m(){R.29(\'43\',c.2u.1S)}.17(c));c.29(\'25\',m(){R.4m(\'43\',c.2u.1S)}.17(c))}},3N:m(){M(o i=0;i<2;i++)c.18[i]=c.3J(c.12[i],c.14[i])},3x:m(x,y){B(c.2b&&c.C.44)k c;o F=c.L.6L();o 1A={\'x\':x,\'y\':y};M(o z 1e F.3S){o 1L=F.6M[z]-F.3S[z];B($2w(1A[z]))1A[z]=($G(1A[z])==\'3P\')?1A[z].1M(0,1L):1L;19 1A[z]=F.45[z];1A[z]+=c.C.3n[z]}k c.1q([F.45.x,F.45.y],[1A.x,1A.y])},e3:m(){k c.3x(U,0)},e5:m(){k c.3x(U,\'9N\')},bC:m(){k c.3x(0,U)},e4:m(){k c.3x(\'9N\',U)},9w:m(F){o 1o=c.L.3Q(c.C.22);o 3m=$(F).3Q(c.C.22);k c.3x(3m.x-1o.x,3m.y-1o.y)},3V:m(){c.L.3x(c.18[0],c.18[1])}});1h.e0=1h.2F.Q({C:{23:\'95\'},1w:m(F,C){c.L=$(F);c.3U=O P(\'dX\',{\'90\':$Q(c.L.8Z(\'2J\'),{\'dZ\':\'5r\'})}).92(c.L).93(c.L);c.L.30(\'2J\',0);c.3Z(C);c.18=[];c.1o(c.C);c.4z=1g;c.29(\'25\',m(){c.4z=(c.18[0]===0)});B(W.5T)c.29(\'25\',m(){B(c.4z)c.L.2O().34(c.3U)})},3N:m(){M(o i=0;i<2;i++)c.18[i]=c.3J(c.12[i],c.14[i])},95:m(){c.2J=\'2J-1E\';c.4E=\'3f\';c.3n=c.L.4G},dY:m(){c.2J=\'2J-1H\';c.4E=\'2H\';c.3n=c.L.4L},8W:m(23){c[23||c.C.23]();k c.1q([c.L.1Z(c.2J).2P(),c.3U.1Z(c.4E).2P()],[0,c.3n])},8P:m(23){c[23||c.C.23]();k c.1q([c.L.1Z(c.2J).2P(),c.3U.1Z(c.4E).2P()],[-c.3n,0])},94:m(23){c[23||c.C.23]();c.4z=U;k c.26([-c.3n,0])},dg:m(23){c[23||c.C.23]();c.4z=1g;k c.26([0,c.3n])},cX:m(23){B(c.3U.4G==0||c.3U.4L==0)k c.8W(23);k c.8P(23)},3V:m(){c.L.30(c.2J,c.18[0]+c.C.2k);c.3U.30(c.4E,c.18[1]+c.C.2k)}});1h.7K=m(1W,2z){2z=2z||[];B($G(2z)!=\'1u\')2z=[2z];k $Q(1W,{c4:m(2e){k 1W(2e,2z)},c5:m(2e){k 1-1W(1-2e,2z)},c6:m(2e){k(2e<=0.5)?1W(2*2e,2z)/2:(2-1W(2*(1-2e),2z))/2}})};1h.2V=O 3d({cY:m(p){k p}});1h.2V.Q=m(6A){M(o 1W 1e 6A){1h.2V[1W]=O 1h.7K(6A[1W]);1h.2V.7g(1W)}};1h.2V.7g=m(1W){[\'c2\',\'bY\',\'bZ\'].1z(m(75){1h.2V[1W.4S()+75]=1h.2V[1W][\'c0\'+75]})};1h.2V.Q({c1:m(p,x){k 1c.36(p,x[0]||6)},c7:m(p){k 1c.36(2,8*(p-1))},c8:m(p){k 1-1c.8T(1c.ce(p))},cf:m(p){k 1-1c.8T((1-p)*1c.7C/2)},cg:m(p,x){x=x[0]||1.cd;k 1c.36(p,2)*((x+1)*p-x)},cc:m(p){o J;M(o a=0,b=1;1;a+=b,b/=2){B(p>=(7-4*a)/11){J=-1c.36((11-6*a-11*p)/4,2)+b*b;1B}}k J},c9:m(p,x){k 1c.36(2,10*--p)*1c.9p(20*p*1c.7C*(x[0]||1)/3)}});[\'cb\',\'bX\',\'bW\',\'bJ\'].1z(m(1W,i){1h.2V[1W]=O 1h.7K(m(p){k 1c.36(p,[i+2])});1h.2V.7g(1W)});o 3X={};3X.2F=O 1f({C:{4M:U,2k:\'4x\',4P:1f.1r,9v:1f.1r,25:1f.1r,9l:1f.1r,9b:1f.1r,1M:U,3A:{x:\'1H\',y:\'1E\'},3T:U,9t:6},1w:m(F,C){c.3Z(C);c.L=$(F);c.4M=$(c.C.4M)||c.L;c.2Z={\'18\':{},\'2e\':{}};c.J={\'1q\':{},\'18\':{}};c.2u={\'1q\':c.1q.5K(c),\'4i\':c.4i.5K(c),\'3H\':c.3H.5K(c),\'1S\':c.1S.17(c)};c.9q();B(c.C.1w)c.C.1w.1X(c)},9q:m(){c.4M.29(\'7e\',c.2u.1q);k c},bK:m(){c.4M.4m(\'7e\',c.2u.1q);k c},1q:m(K){c.1v(\'9v\',c.L);c.2Z.1q=K.4k;o 1M=c.C.1M;c.1M={\'x\':[],\'y\':[]};M(o z 1e c.C.3A){B(!c.C.3A[z])5L;c.J.18[z]=c.L.1Z(c.C.3A[z]).2P();c.2Z.2e[z]=K.4k[z]-c.J.18[z];B(1M&&1M[z]){M(o i=0;i<2;i++){B($2w(1M[z][i]))c.1M[z][i]=($G(1M[z][i])==\'m\')?1M[z][i]():1M[z][i]}}}B($G(c.C.3T)==\'3P\')c.C.3T={\'x\':c.C.3T,\'y\':c.C.3T};R.2S(\'4g\',c.2u.4i);R.2S(\'7l\',c.2u.1S);c.1v(\'4P\',c.L);K.1S()},4i:m(K){o 9u=1c.2c(1c.bL(1c.36(K.4k.x-c.2Z.1q.x,2)+1c.36(K.4k.y-c.2Z.1q.y,2)));B(9u>c.C.9t){R.4h(\'4g\',c.2u.4i);R.2S(\'4g\',c.2u.3H);c.3H(K);c.1v(\'9l\',c.L)}K.1S()},3H:m(K){c.4K=U;c.2Z.18=K.4k;M(o z 1e c.C.3A){B(!c.C.3A[z])5L;c.J.18[z]=c.2Z.18[z]-c.2Z.2e[z];B(c.1M[z]){B($2w(c.1M[z][1])&&(c.J.18[z]>c.1M[z][1])){c.J.18[z]=c.1M[z][1];c.4K=1g}19 B($2w(c.1M[z][0])&&(c.J.18[z]<c.1M[z][0])){c.J.18[z]=c.1M[z][0];c.4K=1g}}B(c.C.3T[z])c.J.18[z]-=(c.J.18[z]%c.C.3T[z]);c.L.30(c.C.3A[z],c.J.18[z]+c.C.2k)}c.1v(\'9b\',c.L);K.1S()},1S:m(){R.4h(\'4g\',c.2u.4i);R.4h(\'4g\',c.2u.3H);R.4h(\'7l\',c.2u.1S);c.1v(\'25\',c.L)}});3X.2F.56(O 2A,O 6a);P.Q({bI:m(C){k O 3X.2F(c,$1Q({3A:{x:\'2H\',y:\'3f\'}},C))}});3X.9j=3X.2F.Q({C:{5o:[],2K:U,22:[]},1w:m(F,C){c.3Z(C);c.L=$(F);c.5o=$$(c.C.5o);c.2K=$(c.C.2K);c.2i={\'L\':c.L.1Z(\'2i\'),\'2K\':U};B(c.2K)c.2i.2K=c.2K.1Z(\'2i\');B(![\'7y\',\'4o\',\'7t\'].1j(c.2i.L))c.2i.L=\'4o\';o 1E=c.L.1Z(\'1E\').2P();o 1H=c.L.1Z(\'1H\').2P();B(c.2i.L==\'4o\'&&![\'7y\',\'4o\',\'7t\'].1j(c.2i.2K)){1E=$2w(1E)?1E:c.L.9i(c.C.22);1H=$2w(1H)?1H:c.L.9h(c.C.22)}19{1E=$2w(1E)?1E:0;1H=$2w(1H)?1H:0}c.L.7w({\'1E\':1E,\'1H\':1H,\'2i\':c.2i.L});c.1o(c.L)},1q:m(K){c.2I=1k;B(c.2K){o 3M=c.2K.6j();o F=c.L.6j();B(c.2i.L==\'4o\'&&![\'7y\',\'4o\',\'7t\'].1j(c.2i.2K)){c.C.1M={\'x\':[3M.1H,3M.4H-F.2H],\'y\':[3M.1E,3M.4I-F.3f]}}19{c.C.1M={\'y\':[0,3M.3f-F.3f],\'x\':[0,3M.2H-F.2H]}}}c.1o(K)},3H:m(K){c.1o(K);o 2I=c.4K?U:c.5o.2R(c.8V,c).7p();B(c.2I!=2I){B(c.2I)c.2I.1v(\'bH\',[c.L,c]);c.2I=2I?2I.1v(\'bD\',[c.L,c]):1k}k c},8V:m(F){F=F.6j(c.C.22);o 18=c.2Z.18;k(18.x>F.1H&&18.x<F.4H&&18.y<F.4I&&18.y>F.1E)},1S:m(){B(c.2I&&!c.4K)c.2I.1v(\'bF\',[c.L,c]);19 c.L.1v(\'bG\',c);c.1o();k c}});P.Q({bM:m(C){k O 3X.9j(c,C)}});o 5W=O 1f({C:{1P:\'42\',9x:1g,8N:1f.1r,4A:1f.1r,6d:1f.1r,9d:1g,4Q:\'bN-8\',98:U,3O:{}},6E:m(){c.2g=(W.66)?O 66():(W.2s?O 9a(\'bT.bU\'):U);k c},1w:m(C){c.6E().3Z(C);c.C.4R=c.C.4R||c.4R;c.3O={};B(c.C.9d&&c.C.1P==\'42\'){o 4Q=(c.C.4Q)?\'; bV=\'+c.C.4Q:\'\';c.4C(\'9X-G\',\'8Y/x-9k-bS-bR\'+4Q)}B(c.C.1w)c.C.1w.1X(c)},8R:m(){B(c.2g.4u!=4||!c.4a)k;c.4a=U;o 41=0;49{41=c.2g.41}48(e){};B(c.C.4R.1X(c,41))c.4A();19 c.6d();c.2g.69=1f.1r},4R:m(41){k((41>=bO)&&(41<bP))},4A:m(){c.3a={\'1I\':c.2g.bQ,\'5i\':c.2g.ch};c.1v(\'4A\',[c.3a.1I,c.3a.5i]);c.7h()},6d:m(){c.1v(\'6d\',c.2g)},4C:m(1p,J){c.3O[1p]=J;k c},5a:m(2r,1K){B(c.C.98)c.8O();19 B(c.4a)k c;c.4a=1g;B(1K&&c.C.1P==\'53\'){2r=2r+(2r.1j(\'?\')?\'&\':\'?\')+1K;1K=1k}c.2g.4z(c.C.1P.7D(),2r,c.C.9x);c.2g.69=c.8R.17(c);B((c.C.1P==\'42\')&&c.2g.ci)c.4C(\'cK\',\'cL\');$Q(c.3O,c.C.3O);M(o G 1e c.3O)49{c.2g.cM(G,c.3O[G])}48(e){};c.1v(\'8N\');c.2g.5a($4F(1K,1k));k c},8O:m(){B(!c.4a)k c;c.4a=U;c.2g.79();c.2g.69=1f.1r;c.6E();c.1v(\'6I\');k c}});5W.56(O 6G,O 2A,O 6a);o 9B=5W.Q({C:{1K:1k,71:1k,25:1f.1r,5Y:U,6V:U},1w:m(2r,C){c.29(\'4A\',c.25);c.3Z(C);c.C.1K=c.C.1K||c.C.cJ;B(![\'42\',\'53\'].1j(c.C.1P)){c.5h=\'5h=\'+c.C.1P;c.C.1P=\'42\'}c.1o();c.4C(\'X-cI-cE\',\'66\');c.4C(\'cF\',\'1I/70, 1I/cG, 8Y/5i, 1I/5i, */*\');c.2r=2r},25:m(){B(c.C.71)$(c.C.71).1r().72(c.3a.1I);B(c.C.5Y||c.C.6V)c.5Y();c.1v(\'25\',[c.3a.1I,c.3a.5i],20)},9J:m(1K){1K=1K||c.C.1K;21($G(1K)){Y\'L\':1K=$(1K).5c();1B;Y\'2t\':1K=6Y.5c(1K)}B(c.5h)1K=(1K)?[c.5h,1K].1V(\'&\'):c.5h;k c.5a(c.2r,1K)},5Y:m(){o 2f,3b;B(c.C.6V||(/(cN|cU)2f/).2N(c.9C(\'9X-G\')))3b=c.3a.1I;19{3b=[];o 5e=/<2f[^>]*>([\\s\\S]*?)<\\/2f>/cW;62((2f=5e.cT(c.3a.1I)))3b.1i(2f[1]);3b=3b.1V(\'\\n\')}B(3b)(W.9U)?W.9U(3b):W.9G(3b,0)},9C:m(1p){49{k c.2g.cS(1p)}48(e){};k 1k}});6Y.5c=m(1O){o 47=[];M(o I 1e 1O)47.1i(6m(I)+\'=\'+6m(1O[I]));k 47.1V(\'&\')};P.Q({5a:m(C){k O 9B(c.5b(\'cQ\'),$1Q({1K:c.5c()},C,{1P:\'42\'})).9J()}});o 3g=O 3d({C:{6k:U,6i:U,3r:U,4y:U},26:m(1n,J,C){C=$1Q(c.C,C);J=6m(J);B(C.6k)J+=\'; 6k=\'+C.6k;B(C.6i)J+=\'; 6i=\'+C.6i;B(C.3r){o 6h=O 9z();6h.cR(6h.9Q()+C.3r*24*60*60*8A);J+=\'; cC=\'+6h.cp()}B(C.4y)J+=\'; 4y\';R.3K=1n+\'=\'+J;k $Q(C,{\'1n\':1n,\'J\':J})},53:m(1n){o J=R.3K.2M(\'(?:^|;)\\\\s*\'+1n.84()+\'=([^;]*)\');k J?cq(J[1]):U},2O:m(3K,C){B($G(3K)==\'2t\')c.26(3K.1n,\'\',$1Q(3K,{3r:-1}));19 c.26(3K,\'\',$1Q(C,{3r:-1}))}});o 3h={3F:m(N){21($G(N)){Y\'2h\':k\'"\'+N.31(/(["\\\\])/g,\'\\\\$1\')+\'"\';Y\'1u\':k\'[\'+N.2y(3h.3F).1V(\',\')+\']\';Y\'2t\':o 2h=[];M(o I 1e N)2h.1i(3h.3F(I)+\':\'+3h.3F(N[I]));k\'{\'+2h.1V(\',\')+\'}\';Y\'3P\':B(cr(N))1B;Y U:k\'1k\'}k 6g(N)},54:m(3I,4y){k(($G(3I)!=\'2h\')||(4y&&!3I.2N(/^("(\\\\.|[^"\\\\\\n\\r])*?"|[,:{}\\[\\]0-9.\\-+co-u \\n\\r\\t])+?$/)))?1k:ck(\'(\'+3I+\')\')}};3h.cl=5W.Q({1w:m(2r,C){c.2r=2r;c.29(\'4A\',c.25);c.1o(C);c.4C(\'X-cs\',\'ct\')},5a:m(N){k c.1o(c.2r,\'cz=\'+3h.3F(N))},25:m(){c.1v(\'25\',[3h.54(c.3a.1I,c.C.4y)])}});o 8v=O 3d({70:m(1O,1y){1y=$1Q({\'58\':1f.1r},1y);o 2f=O P(\'2f\',{\'3W\':1O}).65({\'3C\':1y.58,\'cA\':m(){B(c.4u==\'6v\')c.1v(\'3C\')}});4p 1y.58;k 2f.6f(1y).34(R.67)},1s:m(1O,1y){k O P(\'cB\',$1Q({\'cy\':\'cx\',\'cu\':\'cv\',\'G\':\'1I/1s\',\'7O\':1O},1y)).34(R.67)},4s:m(1O,1y){1y=$1Q({\'58\':1f.1r,\'cw\':1f.1r,\'c3\':1f.1r},1y);o 4s=O cm();4s.3W=1O;o L=O P(\'7d\',{\'3W\':1O});[\'3C\',\'79\',\'8l\'].1z(m(G){o K=1y[\'51\'+G];4p 1y[\'51\'+G];L.29(G,m(){c.4m(G,1b.7b);K.1X(c)})});B(4s.2H&&4s.3f)L.1v(\'3C\',L,1);k L.6f(1y)},6p:m(4r,C){C=$1Q({25:1f.1r,8F:1f.1r},C);B(!4r.1i)4r=[4r];o 6p=[];o 63=0;4r.1z(m(1O){o 7d=O 8v.4s(1O,{\'58\':m(){C.8F.1X(c,63);63++;B(63==4r.V)C.25()}});6p.1i(7d)});k O 1R(6p)}});o 3k=O 1f({V:0,1w:m(2t){c.N=2t||{};c.55()},53:m(1n){k(c.6o(1n))?c.N[1n]:1k},6o:m(1n){k(1n 1e c.N)},26:m(1n,J){B(!c.6o(1n))c.V++;c.N[1n]=J;k c},55:m(){c.V=0;M(o p 1e c.N)c.V++;k c},2O:m(1n){B(c.6o(1n)){4p c.N[1n];c.V--}k c},1z:m(T,17){$1z(c.N,T,17)},Q:m(N){$Q(c.N,N);k c.55()},1Q:m(){c.N=$1Q.3t(1k,[c.N].Q(1b));k c.55()},1r:m(){c.N={};c.V=0;k c},1G:m(){o 1G=[];M(o I 1e c.N)1G.1i(I);k 1G},1A:m(){o 1A=[];M(o I 1e c.N)1A.1i(c.N[I]);k 1A}});m $H(N){k O 3k(N)};3k.3g=3k.Q({1w:m(1p,C){c.1p=1p;c.C=$Q({\'8x\':1g},C||{});c.3C()},8E:m(){B(c.V==0){3g.2O(c.1p,c.C);k 1g}o 3I=3h.3F(c.N);B(3I.V>cj)k U;3g.26(c.1p,3I,c.C);k 1g},3C:m(){c.N=3h.54(3g.53(c.1p),1g)||{};c.55()}});3k.3g.2m={};[\'Q\',\'26\',\'1Q\',\'1r\',\'2O\'].1z(m(1P){3k.3g.2m[1P]=m(){3k.1x[1P].3t(c,1b);B(c.C.8x)c.8E();k c}});3k.3g.56(3k.3g.2m);o 2x=O 1f({1w:m(2o,G){G=G||(2o.1i?\'1m\':\'3i\');o 1m,1Y;21(G){Y\'1m\':1m=2o;1Y=1m.7o();1B;Y\'1Y\':1m=2o.96();1Y=2o;1B;5Z:1m=2o.57(1g);1Y=1m.7o()}1m.1Y=1Y;1m.3i=1m.52();k $Q(1m,2x.1x)},4f:m(){o 4W=$A(1b);o 6l=($G(4W[4W.V-1])==\'3P\')?4W.cn():50;o 1m=c.6Z();4W.1z(m(2o){2o=O 2x(2o);M(o i=0;i<3;i++)1m[i]=1c.2c((1m[i]/ 3w * (3w - 6l)) + (2o[i] /3w*6l))});k O 2x(1m,\'1m\')},cD:m(){k O 2x(c.2y(m(J){k 4e-J}))},cP:m(J){k O 2x([J,c.1Y[1],c.1Y[2]],\'1Y\')},cV:m(6b){k O 2x([c.1Y[0],6b,c.1Y[2]],\'1Y\')},cO:m(6b){k O 2x([c.1Y[0],c.1Y[1],6b],\'1Y\')}});m $cH(r,g,b){k O 2x([r,g,b],\'1m\')};m $bE(h,s,b){k O 2x([h,s,b],\'1Y\')};2j.Q({7o:m(){o 4O=c[0],4N=c[1],5x=c[2];o 2C,5l,6u;o 1L=1c.1L(4O,4N,5x),2X=1c.2X(4O,4N,5x);o 3R=1L-2X;6u=1L/4e;5l=(1L!=0)?3R/1L:0;B(5l==0){2C=0}19{o 7i=(1L-4O)/3R;o 7A=(1L-4N)/3R;o br=(1L-5x)/3R;B(4O==1L)2C=br-7A;19 B(4N==1L)2C=2+7i-br;19 2C=4+7A-7i;2C/=6;B(2C<0)2C++}k[1c.2c(2C*9Z),1c.2c(5l*3w),1c.2c(6u*3w)]},96:m(){o br=1c.2c(c[2]/3w*4e);B(c[1]==0){k[br,br,br]}19{o 2C=c[0]%9Z;o f=2C%60;o p=1c.2c((c[2]*(3w-c[1]))/dL*4e);o q=1c.2c((c[2]*(a0-c[1]*f))/9O*4e);o t=1c.2c((c[2]*(a0-c[1]*(60-f)))/9O*4e);21(1c.8s(2C/60)){Y 0:k[br,t,p];Y 1:k[q,br,p];Y 2:k[p,br,t];Y 3:k[p,q,br];Y 4:k[t,p,br];Y 5:k[br,p,q]}}k U}});',62,876,'||||||||||||this||||||||return||function||var|||||||||||||if|options|||el|type||property|value|event|element|for|obj|new|Element|extend|document||fn|false|length|window||case||||from||to|elements||bind|now|else|events|arguments|Math|param|in|Class|true|Fx|push|contains|null|args|rgb|key|parent|name|start|empty|css|items|array|fireEvent|initialize|prototype|properties|each|values|break|result|style|top|className|keys|left|text|selector|data|max|limit|props|source|method|merge|Elements|stop|prop|parsed|join|transition|call|hsb|getStyle||switch|overflown|mode||onComplete|set||relatedTarget|addEvent|current|timer|round|custom|pos|script|transport|string|position|Array|unit|nocash|Methods|Garbage|color|opacity|delay|url|ie|object|bound|temp|chk|Color|map|params|Events|parse|hue|documentElement|Event|Base|getElementsByTagName|width|overed|margin|container|create|match|test|remove|toInt|context|filter|addListener|tag|item|Transitions|CSS|min|parentNode|mouse|setStyle|replace||time|inject|option|pow||||response|scripts|shared|Abstract|iCss|height|Cookie|Json|hex|returns|Hash|index|target|offset|iterable|border|tmp|duration|Styles|apply|iTo|getValue|100|scrollTo|previous|select|modifiers|xpath|load|id|val|toString|periodical|drag|str|compute|cookie|webkit|cont|setNow|headers|number|getPosition|delta|size|grid|wrapper|increase|src|Drag|chains|setOptions||status|post|mousewheel|wait|scroll||queryString|catch|try|running|getNow|fx|native|255|mix|mousemove|removeListener|check|results|page|fromTo|removeEvent|indexOf|absolute|delete|collect|sources|image|htmlElement|readyState|len|getTag|px|secure|open|onSuccess|bit|setHeader|next|layout|pick|offsetHeight|right|bottom|walk|out|offsetWidth|handle|green|red|onStart|encoding|isSuccess|toLowerCase|parseFloat|unique|klass|colors|parseInt|scrollLeft|domReady||on|rgbToHex|get|evaluate|setLength|implement|hexToRgb|onload|scrollTop|send|getProperty|toQueryString|precision|regexp|iFrom|iNow|_method|xml|HTMLElement|code|saturation|splice|setMany|droppables|fKey|realType|hidden|fix|preventDefault|trash|removeEvents|Listeners|blue|stopPropagation|mp|scrollWidth|defined|visibility|split|every|body|Multi|scrollHeight|brother|setProperty|bindWithEvent|continue|tagName|end|Properties|getElementsBySelector|getElementById|loaded|getElements|webkit419|evType|currentStyle|XHR|typeof|evalScripts|default||forEach|while|counter|included|addEvents|XMLHttpRequest|head|proto|onreadystatechange|Options|percent|generic|onFailure|regex|setProperties|String|date|path|getCoordinates|domain|alpha|encodeURIComponent|attempt|hasKey|images|include|domready|ie_ready|getParam|brightness|complete|flag|getItems|trim|newArray|transitions|insertBefore|first|found|setTransport|concat|Chain|firstChild|onCancel|clear|node|getSize|scrollSize|add|Style|checked|padding|iProps|qs|charAt|disabled|evalResponse|multiple|random|Object|copy|javascript|update|setHTML|innerText|selected|easeType|Dom|cssText|xhtml|abort|hasChild|callee|addEventListener|img|mousedown|gecko|compat|callChain|rr|DOMMouseScroll|NativeEvents|mouseup|appendChild|pageX|rgbToHsb|getLast|merged|hasClass|pageY|fixed|RegExp|nodeType|setStyles|clean|relative|mouseover|gr|Function|PI|toUpperCase|pairs|class|operator|unload|camelCase|getMany|Transition|mouseout|textContent|borderShort|href|clientY|innerHTML|direction|capitalize|Width|picked|which|prefix|constructor|fixStyle|clientX|appendText|clientWidth|opera|clientHeight|escapeRegExp|pageXOffset|Merge|wheelDelta|resolver|filterByAttribute|styleSheet|pageYOffset|pp|0px|filterByClass|getFormElements|normal|mouseleave|mouseenter|cloneEvents|filterById|error|beforeunload|Bottom|keydown|Left|sel|PropertiesIFlag|floor|click|removeEventListener|Asset|textarea|autoSave|getElement|relatedTargetGecko|1000|fixRelatedTarget|substr|input|save|onProgress|extended|Right|shift|Top|slice|getWidth|where|onRequest|cancel|slideOut|getNext|onStateChange|defaultView|sin|hyphenate|checkAgainst|slideIn|childNodes|application|getStyles|styles|nodeValue|injectAfter|adopt|hide|vertical|hsbToRgb|elementsProperty|autoCancel|zoom|ActiveXObject|onDrag|contents|urlEncoded|undefined|addClass|removeClass|getLeft|getTop|Move|www|onSnap|before|setOpacity|visible|cos|attach|after|argument|snap|distance|onBeforeStart|toElement|async|iParsed|Date|toFloat|Ajax|getHeader|getScrollLeft|ie6|getScrollHeight|setTimeout|change|step|request|Single|removeChild|interval|full|600000|Number|getTime|fps|getScrollWidth|getScrollTop|execScript|createElement|wheelStops|Content|getHeight|360|6000|wheel|getText|taintEnabled|clone|attachEvent|version|webkit420|nodeName|textnode|setInterval|cssFloat|detail|120|injectInside|chain|cloneNode|styleFloat|navigator|injectTop|bindAsEventListener|keyCode|replaceChild|control|shiftKey||pass|meta|alt|altKey|ctrlKey|createTextNode|metaKey|khtml|MooTools|replaceWith|BackgroundImageCache|float|CollectGarbage|toggleClass|srcElement|err|getBoxObjectFor|detachEvent|readOnly|getParent|lastChild|some|getChildren|associate|iframe|borderWidth|borderStyle|borderColor|getPrevious|execCommand|getFirst|ie7|DOMElement|attributes|getProperties|removeAttribute|getRandom|removeProperty|boolean|embed|clearInterval|clearTimeout|getAttribute|times|Window|Sibling|transparent|tabIndex|maxlength|tabindex|accessKey|hasLayout|maxLength|readonly|zIndex|all|frameBorder|frameborder|Document|clearChain|whitespace|colSpan|rowspan||colspan|getPropertyValue|htmlFor|rowSpan|collection|accesskey|setText|setAttribute|getComputedStyle|injectBefore|toLeft|over|HSB|drop|emptydrop|leave|makeResizable|Quint|detach|sqrt|makeDraggable|utf|200|300|responseText|urlencoded|form|Microsoft|XMLHTTP|charset|Quart|Cubic|Out|InOut|ease|Pow|In|onerror|easeIn|easeOut|easeInOut|Expo|Circ|Elastic|111|Quad|Bounce|618|acos|Sine|Back|responseXML|overrideMimeType|4096|eval|Remote|Image|pop|Eaeflnr|toGMTString|decodeURIComponent|isFinite|Request|JSON|media|screen|onabort|stylesheet|rel|json|readystatechange|link|expires|invert|With|Accept|html|RGB|Requested|postBody|Connection|close|setRequestHeader|ecma|setBrightness|setHue|action|setTime|getResponseHeader|exec|java|setSaturation|gi|toggle|linear|contextmenu|filterByTag|ES|reset|submit|move|focus|blur|namespaceURI|starts|snapshotItem|http|w3|snapshotLength|UNORDERED_NODE_SNAPSHOT_TYPE|with|substring|show|resize|keyup|fromElement|cancelBubble|returnValue|button|rightClick||fromCharCode|menu|client|enter|up|tab|dblclick|keypress|backspace|space|down|esc|org|XPathResult|Scroll|effects|DOMContentLoaded|defer|https|write|onDomReady|1999|10000|clearTimer|500|effect|innerWidth|innerHeight|protocol|void|checkbox|radio|location|getElementsByClassName|div|horizontal|overflow|Slide|password|offsetParent|toTop|toRight|toBottom|offsetLeft|offsetTop'.split('|'),0,{})) diff --git a/config/snort-dev/javascript/sortableTable.js b/config/snort-dev/javascript/sortableTable.js deleted file mode 100644 index 096f8d4c..00000000 --- a/config/snort-dev/javascript/sortableTable.js +++ /dev/null @@ -1,288 +0,0 @@ - - -/************************************************************** - - Script : Sortable Table - Version : 1.4 - Authors : Samuel Birch - Desc : Sorts and filters table elements - Licence : Open Source MIT Licence - -**************************************************************/ - -var sortableTable = new Class({ - - getOptions: function(){ - return { - overCls: false, - onClick: false, - sortOn: 0, - sortBy: 'ASC', - filterHide: true, - filterHideCls: 'hide', - filterSelectedCls: 'selected' - }; - }, - - initialize: function(table, options){ - this.setOptions(this.getOptions(), options); - this.table = $(table); - this.tHead = this.table.getElement('thead'); - this.tBody = this.table.getElement('tbody'); - this.tFoot = this.table.getElement('tfoot'); - this.elements = this.tBody.getElements('tr'); - this.filtered = false; - - /*for(i=0;i<10;i++){ - this.elements.clone().injectInside(this.tBody); - } - this.elements = this.tBody.getElements('tr');*/ - - this.elements.each(function(el,i){ - if(this.options.overCls){ - el.addEvent('mouseover', function(){ - el.addClass(options.overCls); - }, this); - el.addEvent('mouseout', function(){ - el.removeClass(options.overCls); - }); - } - if(this.options.onClick){ - el.addEvent('click', options.onClick); - } - }, this); - - //setup header - this.tHead.getElements('th').each(function(el,i){ - if(el.axis){ - el.addEvent('click', this.sort.bind(this,i)); - el.addEvent('mouseover', function(){ - el.addClass('tableHeaderOver'); - }); - el.addEvent('mouseout', function(){ - el.removeClass('tableHeaderOver'); - }); - el.getdate = function(str){ - // inner util function to convert 2-digit years to 4 - function fixYear(yr) { - yr = +yr; - if (yr<50) { yr += 2000; } - else if (yr<100) { yr += 1900; } - return yr; - }; - var ret; - // - if (str.length>12){ - strtime = str.substring(str.lastIndexOf(' ')+1); - strtime = strtime.substring(0,2)+strtime.substr(-2) - }else{ - strtime = '0000'; - } - // - // YYYY-MM-DD - if (ret=str.match(/(\d{2,4})-(\d{1,2})-(\d{1,2})/)) { - return (fixYear(ret[1])*10000) + (ret[2]*100) + (+ret[3]) + strtime; - } - // DD/MM/YY[YY] or DD-MM-YY[YY] - if (ret=str.match(/(\d{1,2})[\/-](\d{1,2})[\/-](\d{2,4})/)) { - return (fixYear(ret[3])*10000) + (ret[2]*100) + (+ret[1]) + strtime; - } - return 999999990000; // So non-parsed dates will be last, not first - }; - // - el.findData = function(elem){ - var child = elem.getFirst(); - if(child){ - return el.findData(child); - }else{ - return elem.innerHTML.trim(); - } - }; - // - el.compare = function(a,b){ - var1 = el.findData(a.getChildren()[i]); - var2 = el.findData(b.getChildren()[i]); - //var1 = a.getChildren()[i].firstChild.data; - //var2 = b.getChildren()[i].firstChild.data; - - if(el.axis == 'number'){ - var1 = parseFloat(var1); - var2 = parseFloat(var2); - - if(el.sortBy == 'ASC'){ - return var1-var2; - }else{ - return var2-var1; - } - - }else if(el.axis == 'string'){ - var1 = var1.toUpperCase(); - var2 = var2.toUpperCase(); - - if(var1==var2){return 0}; - if(el.sortBy == 'ASC'){ - if(var1<var2){return -1}; - }else{ - if(var1>var2){return -1}; - } - return 1; - - }else if(el.axis == 'date'){ - var1 = parseFloat(el.getdate(var1)); - var2 = parseFloat(el.getdate(var2)); - - if(el.sortBy == 'ASC'){ - return var1-var2; - }else{ - return var2-var1; - } - - }else if(el.axis == 'currency'){ - var1 = parseFloat(var1.substr(1).replace(',','')); - var2 = parseFloat(var2.substr(1).replace(',','')); - - if(el.sortBy == 'ASC'){ - return var1-var2; - }else{ - return var2-var1; - } - - } - - } - - if(i == this.options.sortOn){ - el.fireEvent('click'); - } - } - }, this); - }, - - sort: function(index){ - if(this.options.onStart){ - this.fireEvent('onStart'); - } - // - this.options.sortOn = index; - var header = this.tHead.getElements('th'); - var el = header[index]; - - header.each(function(e,i){ - if(i != index){ - e.removeClass('sortedASC'); - e.removeClass('sortedDESC'); - } - }); - - if(el.hasClass('sortedASC')){ - el.removeClass('sortedASC'); - el.addClass('sortedDESC'); - el.sortBy = 'DESC'; - }else if(el.hasClass('sortedDESC')){ - el.removeClass('sortedDESC'); - el.addClass('sortedASC'); - el.sortBy = 'ASC'; - }else{ - if(this.options.sortBy == 'ASC'){ - el.addClass('sortedASC'); - el.sortBy = 'ASC'; - }else if(this.options.sortBy == 'DESC'){ - el.addClass('sortedDESC'); - el.sortBy = 'DESC'; - } - } - // - this.elements.sort(el.compare); - this.elements.injectInside(this.tBody); - // - if(this.filtered){ - this.filteredAltRow(); - }else{ - this.altRow(); - } - - // - if(this.options.onComplete){ - this.fireEvent('onComplete'); - } - }, - - altRow: function(){ - this.elements.each(function(el,i){ - if(i % 2){ - el.removeClass('altRow'); - }else{ - el.addClass('altRow'); - } - }); - }, - - filteredAltRow: function(){ - this.table.getElements('.'+this.options.filterSelectedCls).each(function(el,i){ - if(i % 2){ - el.removeClass('altRow'); - }else{ - el.addClass('altRow'); - } - }); - }, - - filter: function(form){ - var form = $(form); - var col = 0; - var key = ''; - - form.getChildren().each(function(el,i){ - if(el.id == 'column'){ - col = Number(el.value); - } - if(el.id == 'keyword'){ - key = el.value.toLowerCase(); - } - if(el.type == 'reset'){ - el.addEvent('click',this.clearFilter.bind(this)); - } - }, this); - - if(key){ - this.elements.each(function(el,i){ - if(this.options.filterHide){ - el.removeClass('altRow'); - } - if(el.getChildren()[col].firstChild.data.toLowerCase().indexOf(key) > -1){ - el.addClass(this.options.filterSelectedCls); - if(this.options.filterHide){ - el.removeClass(this.options.filterHideCls); - } - }else{ - el.removeClass(this.options.filterSelectedCls); - if(this.options.filterHide){ - el.addClass(this.options.filterHideCls); - } - } - }, this); - if(this.options.filterHide){ - this.filteredAltRow(); - this.filtered = true; - } - } - }, - - clearFilter: function(){ - this.elements.each(function(el,i){ - el.removeClass(this.options.filterSelectedCls); - if(this.options.filterHide){ - el.removeClass(this.options.filterHideCls); - } - }, this); - if(this.options.filterHide){ - this.altRow(); - this.filtered = false; - } - } - -}); -sortableTable.implement(new Events); -sortableTable.implement(new Options); - -/*************************************************************/ diff --git a/config/snort-dev/javascript/tabs.js b/config/snort-dev/javascript/tabs.js deleted file mode 100644 index 40e54f0e..00000000 --- a/config/snort-dev/javascript/tabs.js +++ /dev/null @@ -1,123 +0,0 @@ -// CSS helper functions -CSS = { - // Adds a class to an element. - AddClass: function (e, c) { - if (!e.className.match(new RegExp("\\b" + c + "\\b", "i"))) - e.className += (e.className ? " " : "") + c; - }, - - // Removes a class from an element. - RemoveClass: function (e, c) { - e.className = e.className.replace(new RegExp(" \\b" + c + "\\b|\\b" + c + "\\b ?", "gi"), ""); - } -}; - -// Functions for handling tabs. -Tabs = { - // Changes to the tab with the specified ID. - GoTo: function (contentId, skipReplace) { - // This variable will be true if a tab for the specified - // content ID was found. - var foundTab = false; - - // Get the TOC element. - var toc = document.getElementById("toc"); - if (toc) { - var lis = toc.getElementsByTagName("li"); - for (var j = 0; j < lis.length; j++) { - var li = lis[j]; - - // Give the current tab link the class "current" and - // remove the class from any other TOC links. - var anchors = li.getElementsByTagName("a"); - for (var k = 0; k < anchors.length; k++) { - if (anchors[k].hash == "#" + contentId) { - CSS.AddClass(li, "current"); - foundTab = true; - break; - } else { - CSS.RemoveClass(li, "current"); - } - } - } - } - - // Show the content with the specified ID. - var divsToHide = []; - var divs = document.getElementsByTagName("div"); - for (var i = 0; i < divs.length; i++) { - var div = divs[i]; - - if (div.className.match(/\bcontent\b/i)) { - if (div.id == "_" + contentId) - div.style.display = "block"; - else - divsToHide.push(div); - } - } - - // Hide the other content boxes. - for (var i = 0; i < divsToHide.length; i++) - divsToHide[i].style.display = "none"; - - // Change the address bar. - if (!skipReplace) window.location.replace("#" + contentId); - }, - - OnClickHandler: function (e) { - // Stop the event (to stop it from scrolling or - // making an entry in the history). - if (!e) e = window.event; - if (e.preventDefault) e.preventDefault(); else e.returnValue = false; - - // Get the name of the anchor of the link that was clicked. - Tabs.GoTo(this.hash.substring(1)); - }, - - Init: function () { - if (!document.getElementsByTagName) return; - - // Attach an onclick event to all the anchor links on the page. - var anchors = document.getElementsByTagName("a"); - for (var i = 0; i < anchors.length; i++) { - var a = anchors[i]; - if (a.hash) a.onclick = Tabs.OnClickHandler; - } - - var contentId; - if (window.location.hash) contentId = window.location.hash.substring(1); - - var divs = document.getElementsByTagName("div"); - for (var i = 0; i < divs.length; i++) { - var div = divs[i]; - - if (div.className.match(/\bcontent\b/i)) { - if (!contentId) contentId = div.id; - div.id = "_" + div.id; - } - } - - if (contentId) Tabs.GoTo(contentId, true); - } -}; - -// Hook up the OnLoad event to the tab initialization function. -window.onload = Tabs.Init; - -// Hide the content while waiting for the onload event to trigger. -var contentId = window.location.hash || "#Introduction"; - -if (document.createStyleSheet) { - var style = document.createStyleSheet(); - style.addRule("div.content", "display: none;"); - style.addRule("div" + contentId, "display: block;"); -} else { - var head = document.getElementsByTagName("head")[0]; - if (head) { - var style = document.createElement("style"); - style.setAttribute("type", "text/css"); - style.appendChild(document.createTextNode("div.content { display: none; }")); - style.appendChild(document.createTextNode("div" + contentId + " { display: block; }")); - head.appendChild(style); - } -}
\ No newline at end of file diff --git a/config/snort-dev/pfsense_rules/local.rules b/config/snort-dev/pfsense_rules/local.rules deleted file mode 100644 index 83a05f1b..00000000 --- a/config/snort-dev/pfsense_rules/local.rules +++ /dev/null @@ -1,7 +0,0 @@ -# ---------------- -# LOCAL RULES -# ---------------- -# This file intentionally does not come with signatures. Put your local -# additions here. Pfsense first install rule. Rule edit tabe fails with out this file. -# -#
\ No newline at end of file diff --git a/config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md5 deleted file mode 100644 index 0aede4a0..00000000 --- a/config/snort-dev/pfsense_rules/pfsense_rules.tar.gz.md5 +++ /dev/null @@ -1 +0,0 @@ -102
\ No newline at end of file diff --git a/config/snort-dev/pfsense_rules/rules/pfsense-voip.rules b/config/snort-dev/pfsense_rules/rules/pfsense-voip.rules deleted file mode 100644 index 12f2fdf2..00000000 --- a/config/snort-dev/pfsense_rules/rules/pfsense-voip.rules +++ /dev/null @@ -1,10 +0,0 @@ -alert ip any any -> $HOME_NET $SIP_PROXY_PORTS (msg:"OPTIONS SIP scan"; content:"OPTIONS"; depth:7; threshold: type both , track by_src, count 30, seconds 3; sid:5000001; rev:1;) -# Excessive number of SIP 4xx Responses Does not work -#### alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Excessive number of SIP 4xx Responses - possible user or password guessing attack"; pcre:"/^SIP\/2.0 4\d{2}"; threshold: type both, track by_src, count 100, seconds 60; sid:5000002; rev:1;) -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Ghost call attack"; content:"SIP/2.0 180"; depth:11; threshold: type both, track by_src, count 100, seconds 60; sid:5000003; rev:1;) -# Rule for alerting of INVITE flood attack: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"INVITE"; depth:6; threshold: type both , track by_src, count 100, seconds 60; sid:5000004; rev:1;) -# Rule for alerting of REGISTER flood attack: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"REGISTER message flooding"; content:"REGISTER"; depth:8; threshold: type both , track by_src, count 100, seconds 60; sid:5000005; rev:1;) -# Threshold rule for unauthorized responses: -alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"SIP/2.0 401 Unauthorized"; depth:24; threshold: type both, track by_src, count 100, seconds 60; sid:5000006; rev:1;) diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc deleted file mode 100644 index cd8ba9a2..00000000 --- a/config/snort-dev/snort.inc +++ /dev/null @@ -1,2306 +0,0 @@ -<?php -/* $Id$ */ -/* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("pfsense-utils.inc"); -require_once("config.inc"); -require_once("functions.inc"); - -// Needed on 2.0 because of filter_get_vpns_list() -require_once("filter.inc"); - -/* find out if were in 1.2.3-RELEASE */ - -$pfsense_ver_chk = exec('/bin/cat /etc/version'); -if ($pfsense_ver_chk == '1.2.3-RELEASE') -{ - $pfsense_stable = 'yes'; -}else{ - $pfsense_stable = 'no'; -} - -/* checks to see if snort is running yes/no and stop/start */ - function Running_Ck($snort_uuid, $if_real, $id) { - global $config; - - $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); - - if(snort_up_ck == ''){ - $snort_up = 'no'; - return $snort_up; - } - - if(snort_up_ck != ''){ - - //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); - //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - - /* use ob_clean to clear output buffer, this code needs to be watched */ - ob_clean(); - $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval); - - if ($snort_up_prell != "") { - $snort_uph = 'yes'; - }else{ - $snort_uph = 'no'; - } - } - - return $snort_uph; - } - -/* checks to see if barnyard2 is running yes/no */ - function Running_Ck_b($snort_uuid, $if_real, $id) { - global $config; - - $snort_up_ck_b = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$2;}' | sed 1q"); - - if($snort_up_ck_b == ''){ - $snort_up_b = 'no'; - return $snort_up_b; - } - - if(snort_up_ck_b != ''){ - - //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - - /* use ob_clean to clear output buffer, this code needs to be watched */ - ob_clean(); - $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - - if ($snort_up_pre_b != '') { - $snort_up_b = 'yes'; - }else{ - $snort_up_b = 'no'; - } - } - - return $snort_up_b; - } - - function Running_Stop($snort_uuid, $if_real, $id) { - global $config; - - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); - $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - - $start2_upb_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - - if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") - { - if ($start_up_s != "") - { - exec("/bin/kill {$start_up_s}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != "") - { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - if ($start_up_r != "") - { - exec("/bin/kill {$start_up_r}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != "") - { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); - } - } - - - function Running_Start($snort_uuid, $if_real, $id) { - global $config; - - $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; - if ($snort_info_chk == 'on') { - exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); - } - /* define snortbarnyardlog_chk */ - /* top will have trouble if the uuid is to far back */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; - if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') { - exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"); - } - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); - } - -/* get the real iface name of wan */ -function convert_friendly_interface_to_real_interface_name2($interface) -{ - global $config; - - $lc_interface = strtolower($interface); - if($lc_interface == "lan") return $config['interfaces']['lan']['if']; - if($lc_interface == "wan") return $config['interfaces']['wan']['if']; - $ifdescrs = array(); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) - $ifdescrs['opt' . $j] = "opt" . $j; - foreach ($ifdescrs as $ifdescr => $ifname) - { - if(strtolower($ifname) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - } - - return $interface; -} - -$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake); - -/* Allow additional execution time 0 = no limit. */ -ini_set('max_execution_time', '9999'); -ini_set('max_input_time', '9999'); - -/* define oinkid */ -if($config['installedpackages']['snortglobal']) - $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; - -function snort_postinstall() -{ - global $config; - conf_mount_rw(); - - if(!file_exists("/var/log/snort/")) { - mwexec("mkdir -p /var/log/snort/"); - mwexec("mkdir -p /var/log/snort/barnyard2"); - } - - if(!file_exists("/var/log/snort/alert")) - touch("/var/log/snort/alert"); - - /* snort -> advanced features */ - $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; - $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; - $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; - - - /* create a few directories and ensure the sample files are in place */ - exec("/bin/mkdir -p /usr/local/etc/snort"); - exec("/bin/mkdir -p /var/log/snort"); - exec("/bin/mkdir -p /usr/local/etc/snort/rules"); - - if(file_exists("/usr/local/etc/snort/snort.conf-sample")) - { - exec("/bin/rm /usr/local/etc/snort/snort.conf-sample"); - exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample"); - exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample"); - exec("/bin/rm /usr/local/etc/snort/unicode.map-sample"); - exec("/bin/rm /usr/local/etc/snort/classification.config-sample"); - exec("/bin/rm /usr/local/etc/snort/generators-sample"); - exec("/bin/rm /usr/local/etc/snort/reference.config-sample"); - exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample"); - exec("/bin/rm /usr/local/etc/snort/sid"); - exec("/bin/rm /usr/local/etc/rc.d/snort"); - exec("/bin/rm /usr/local/etc/rc.d/bardyard2"); - } - - if(!file_exists("/usr/local/etc/snort/custom_rules")) - { - exec("/bin/mkdir -p /usr/local/etc/snort/custom_rules/"); - } - - exec("/usr/sbin/pw groupadd snort"); - exec('/usr/sbin/pw useradd snort -c "SNORT USER" -d /nonexistent -g snort -s /sbin/nologin'); - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); - - - /* remove example files */ - if(file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0")) - { - exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); - } - - if(file_exists("/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so")) - { - exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); - } - - /* find out if were in 1.2.3-RELEASE */ - $pfsense_ver_chk = exec('/bin/cat /etc/version'); - if ($pfsense_ver_chk == '1.2.3-RELEASE') - { - $pfsense_stable = 'yes'; - }else{ - $pfsense_stable = 'no'; - } - - /* move files around, make it look clean */ - exec('/bin/mkdir -p /usr/local/www/snort/css'); - exec('/bin/mkdir -p /usr/local/www/snort/images'); - exec('/bin/mkdir -p /usr/local/www/snort/javascript'); - - chdir ("/usr/local/www/snort/css/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style.css'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style2.css'); - chdir ("/usr/local/www/snort/images/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); - chdir ("/usr/local/www/snort/javascript/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.blockUI.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.3.2.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/mootools.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/sortableTable.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/tabs.js'); - - /* install barnyard2 for 2.0 and 1.2.3 */ - chdir ("/usr/local/bin/"); - if ($pfsense_stable == 'yes') { - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/bin/7.2.x86/barnyard2'); - }else{ - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/bin/8.0.x86/barnyard2'); - } - exec('/bin/chmod 077 /usr/local/bin/barnyard2'); - - /* back to default */ - chdir ("/root/"); - - conf_mount_ro(); - -} - -function sync_package_snort_reinstall() -{ - global $config; - conf_mount_rw(); - - if(!$config['installedpackages']['snortglobal']) - return; - - /* create snort configuration file */ - create_snort_conf(); - - /* start snort service */ - // start_service("snort"); // do not start, may be needed latter. - - conf_mount_ro(); -} - -/* func for updating cron */ -function snort_rm_blocked_install_cron($should_install) -{ - global $config, $g; - - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) - { - if (strstr($item['command'], "snort2c")) - { - $is_installed = true; - break; - } - $x++; - } - - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "1h_b") - { - $snort_rm_blocked_min = "*/5"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "3600"; - } - if ($snort_rm_blocked_info_ck == "3h_b") - { - $snort_rm_blocked_min = "*/15"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "10800"; - } - if ($snort_rm_blocked_info_ck == "6h_b") - { - $snort_rm_blocked_min = "*/30"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "21600"; - } - if ($snort_rm_blocked_info_ck == "12h_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/1"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "43200"; - } - if ($snort_rm_blocked_info_ck == "1d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/2"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "86400"; - } - if ($snort_rm_blocked_info_ck == "4d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/8"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "345600"; - } - if ($snort_rm_blocked_info_ck == "7d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/14"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "604800"; - } - if ($snort_rm_blocked_info_ck == "28d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "0"; - $snort_rm_blocked_mday = "*/2"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "2419200"; - } - switch($should_install) - { - case true: - if(!$is_installed) - { - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - $config['cron']['item'][] = $cron_item; - write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules"); - configure_cron(); - } - break; - case false: - if($is_installed == true) - { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - break; - } -} - -/* func to install snort update */ -function snort_rules_up_install_cron($should_install) { - global $config, $g; - - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "6h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/6"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "12h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/12"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "1d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/1"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "4d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/4"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "7d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/7"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "28d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/28"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - break; - } -} - -function sync_snort_package_remove_old() -{ - - global $config, $g; - -$snort_dir_scan = '/usr/local/etc/snort'; - -// scan dirm might have to make this into a funtion -$dh_scan = opendir($snort_dir_scan); -while (false !== ($dir_filename = readdir($dh_scan))) { - $list_dir_files[] = $dir_filename; -} - -// find patern in a array, very cool code -class array_ereg { - function array_ereg($pattern) { $this->pattern = $pattern; } - function ereg($string) { - return ereg($this->pattern, $string); - } -} - - $rule_array2 = $config['installedpackages']['snortglobal']['rule']; - $id2 = -1; - foreach ($rule_array2 as $value) - { - - $id += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - - $snort_rules_list[] = "snort_$id$if_real"; - - } - - -$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg')); -$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list); - - foreach ($snort_dir_filter_search_result as $value) - { - exec("rm -r /usr/local/etc/snort/$value"); - } - -} - -/* make sure this func on writes to files and does not start snort */ -function sync_snort_package() -{ - global $config, $g; - conf_mount_rw(); - - /* all new files are for the user snort nologin */ - if(!file_exists("/var/log/snort")) - { - exec("/bin/mkdir -p /var/log/snort"); - } - - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); - - - conf_mount_ro(); -} - -/* make sure this func on writes to files and does not start snort */ -function sync_snort_package_all() -{ - global $config, $g, $id, $if_real, $snort_uuid, $interface_fake; - -/* RedDevil suggested code */ -/* TODO: more testing needs to be done */ -exec("/sbin/sysctl net.bpf.bufsize=8388608"); -exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); -exec("/sbin/sysctl net.bpf.maxinsns=512"); -exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); - -# Error checking -if ($id != '' && $if_real != '') //new -{ - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - { - - conf_mount_rw(); - - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); - - /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - - sync_snort_package(); - - conf_mount_ro(); - } - } -} - -/* only be run on new iface create, bootup and ip refresh */ -function sync_snort_package_empty() -{ - global $config, $g; - conf_mount_rw(); - - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - { - if ($id == "") - { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) - { - - if ($id == '') { - $id = 0; - } - - $id += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - if ($if_real != '' && $snort_uuid != '') { - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); - } - } - - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); - - sync_snort_package(); - - } - } -} - -/* Start of main config files */ -/* Start of main config files */ - - -/* open snort.sh for writing" */ -function create_snort_sh() -{ - # Don not add $id or this will break - - global $config, $g; - conf_mount_rw(); - - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - { - if ($id == "") - { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) - { - - $id += 1; - - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); - - /* define snortbarnyardlog_chk */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; - - if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') { - $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"; - } - -/* Get all interface startup commands ready */ - -$snort_sh_text2[] = <<<EOD -###### For Each Iface - - # If Snort proc is NOT running - if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then - - /bin/echo "snort.sh run" > /tmp/snort.sh.pid - - # Start snort and barnyard2 - /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid - /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck - - /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} - $start_barnyard2 - - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..." - - fi -EOD; - -$snort_sh_text3[] = <<<EOE - -###### For Each Iface - - #### Fake start only used on bootup and Pfsense IP changes - #### Only try to restart if snort is running on Iface - if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then - - snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" - - #### Restart Iface - /bin/kill -HUP \${snort_pid} - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..." - - fi - -EOE; - -$snort_sh_text4[] = <<<EOF - - pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'` - sleep 3 - pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'` - - if [ \${pid_s} ] ; then - - /bin/echo "snort.sh run" > /tmp/snort.sh.pid - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..." - - /bin/kill \${pid_s} - sleep 3 - /bin/kill \${pid_b} - - /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck - /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid - - fi - -EOF; - - } - } - } - - -$start_snort_iface_start = implode("\n\n", $snort_sh_text2); - -$start_snort_iface_restart = implode("\n\n", $snort_sh_text3); - -$start_snort_iface_stop = implode("\n\n", $snort_sh_text4); - -/* open snort.sh for writing" */ -conf_mount_rw(); - -$snort_sh_text = <<<EOD -#!/bin/sh -######## -# This file was automatically generated -# by the pfSense service handler. -# Code added to protect from double starts on pfSense bootup -######## Begining of Main snort.sh - -rc_start() { - - #### Check for double starts, Pfsense has problems with that - if /bin/ls /tmp/snort.sh.pid > /dev/null ; then - - /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" - exit 0 - - fi - - /bin/echo "snort.sh run" > /tmp/snort.sh.pid - - #### Remake the configs on boot Important! - /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." - -$start_snort_iface_restart - - /bin/rm /tmp/snort.sh.pid - - #### If on Fake start snort is NOT running DO a real start. - if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then - - rc_start_real - - fi -} - -rc_start_real() { - - #### Check for double starts, Pfsense has problems with that - if /bin/ls /tmp/snort.sh.pid > /dev/null ; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" - exit 0 - fi - -$start_snort_iface_start - - /bin/rm /tmp/snort.sh.pid - -} - -rc_stop() { - - #### Check for double starts, Pfsense has problems with that - if /bin/ls /tmp/snort.sh.pid > /dev/null ; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" - exit 0 - fi - -$start_snort_iface_stop - - /bin/rm /tmp/snort.sh.pid - /bin/rm /var/run/snort* - -} - -case $1 in - start) - rc_start - ;; - start_real) - rc_start_real - ;; - stop) - rc_stop - ;; - restart) - rc_stop - rc_start_real - ;; -esac - -EOD; - - /* write out snort.sh */ - $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); - exit; - } - /* write snort.sh */ - fwrite($bconf, $snort_sh_text); - fclose($bconf); - -} - - -///////////////////////// >>>>>>>>>>>> - -/* if rules exist copy to new interfaces */ -function create_rules_iface($id, $if_real, $snort_uuid) -{ - - global $config, $g; - conf_mount_rw(); - - $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"; - $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full'; - - if ($folder_chk == "empty") - { - exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) - { - exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules"); - } - } - -} - -/* open barnyard2.conf for writing */ -function create_barnyard2_conf($id, $if_real, $snort_uuid) { - global $bconfig, $g; - /* write out barnyard2_conf */ - - if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) - { - exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); - } - - $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); - $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing."); - exit; - } - fwrite($bconf, $barnyard2_conf_text); - fclose($bconf); -} - -/* open barnyard2.conf for writing" */ -function generate_barnyard2_conf($id, $if_real, $snort_uuid) { - - global $config, $g; - conf_mount_rw(); - -/* define snortbarnyardlog */ -/* TODO: add support for the other 5 output plugins */ - -$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; -$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); - -$barnyard2_conf_text = <<<EOD - -# barnyard2.conf -# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php -# -# Copyright (C) 2006 Robert Zelaya -# part of pfSense -# All rights reserved. -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -# set the appropriate paths to the file(s) your Snort process is using - -config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config -config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map -config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map - -config hostname: $snortbarnyardlog_hostname_info_chk -config interface: {$snort_uuid}_{$if_real} - -# Step 2: setup the input plugins -input unified2 - -config logdir: /var/log/snort - -# database: log to a variety of databases -# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx - -$snortbarnyardlog_database_info_chk - -EOD; - - return $barnyard2_conf_text; - -} - -function create_snort_conf($id, $if_real, $snort_uuid) -{ - global $config, $g; - /* write out snort.conf */ - - if ($if_real != '' && $snort_uuid != '') { - - $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); - conf_mount_rw(); - $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); - exit; - } - fwrite($conf, $snort_conf_text); - fclose($conf); - conf_mount_ro(); - } -} - -function snort_deinstall() -{ - - global $config, $g, $id, $if_real; - conf_mount_rw(); - - /* remove custom sysctl */ - remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); - /* decrease bpf buffers back to 4096, from 20480 */ - exec("/sbin/sysctl net.bpf.bufsize=4096"); - exec("/usr/usr/bin/killall snort"); - sleep(2); - exec("/usr/usr/bin/killall -9 snort"); - sleep(2); - exec("/usr/usr/bin/killall barnyard2"); - sleep(2); - exec("/usr/usr/bin/killall -9 barnyard2"); - sleep(2); - exec("/usr/sbin/pw userdel snort"); - exec("/usr/sbin/pw groupdel snort"); - exec("rm -rf /usr/local/etc/snort*"); - //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep snort`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep mysql`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); - - /* Remove snort cron entries Ugly code needs smoothness*/ - -function snort_rm_blocked_deinstall_cron($should_install) -{ - global $config, $g; - conf_mount_rw(); - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) - { - if (strstr($item['command'], "snort2c")) - { - $is_installed = true; - break; - } - - $x++; - - } - if($is_installed == true) - { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - - configure_cron(); - - } - conf_mount_ro(); - -} - - function snort_rules_up_deinstall_cron($should_install) -{ - global $config, $g; - conf_mount_rw(); - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } -} - -snort_rm_blocked_deinstall_cron(""); -snort_rules_up_deinstall_cron(""); - - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); - write_config(); - conf_mount_rw(); - - exec("rm -r /usr/local/www/snort"); - exec("rm -r /usr/local/pkg/snort"); - exec("rm -r /usr/local/lib/snort/"); - exec("rm -r /var/log/snort/"); - - conf_mount_ro(); - -} - -function generate_snort_conf($id, $if_real, $snort_uuid) -{ - - global $config, $g; - - conf_mount_rw(); - - /* obtain external interface */ - /* XXX: make multi wan friendly */ - $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - - /* create basic files */ - if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) - { - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/"); - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); - - if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map")) - { - exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config"); - exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); - exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config"); - exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); - exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map"); - exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf"); - exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); - exec("/bin/cp/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); - } - } - -/* define snortalertlogtype */ -$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype']; -if ($snortalertlogtype == fast) - $snortalertlogtype_type = "output alert_fast: alert"; -else - $snortalertlogtype_type = "output alert_full: alert"; - -/* define alertsystemlog */ -$alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog']; -if ($alertsystemlog_info_chk == on) - $alertsystemlog_type = "output alert_syslog: log_alert"; - -/* define tcpdumplog */ -$tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog']; -if ($tcpdumplog_info_chk == on) - $tcpdumplog_type = "output log_tcpdump: snorttcpd.log"; - -/* define snortunifiedlog */ -$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog']; -if ($snortunifiedlog_info_chk == on) - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; - -/* define spoink (DISABLED)*/ -$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7']; -if ($spoink_info_chk == on) - $spoink_type = "output alert_pf: /var/db/whitelist,snort2c"; - - /* define servers and ports snortdefservers */ - -/* def DNS_SERVSERS */ -$def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers']; -if ($def_dns_servers_info_chk == "") - $def_dns_servers_type = "\$HOME_NET"; -else - $def_dns_servers_type = "$def_dns_servers_info_chk"; - -/* def DNS_PORTS */ -$def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports']; -if ($def_dns_ports_info_chk == "") - $def_dns_ports_type = "53"; -else - $def_dns_ports_type = "$def_dns_ports_info_chk"; - -/* def SMTP_SERVSERS */ -$def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers']; -if ($def_smtp_servers_info_chk == "") - $def_smtp_servers_type = "\$HOME_NET"; -else - $def_smtp_servers_type = "$def_smtp_servers_info_chk"; - -/* def SMTP_PORTS */ -$def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports']; -if ($def_smtp_ports_info_chk == "") - $def_smtp_ports_type = "25"; -else - $def_smtp_ports_type = "$def_smtp_ports_info_chk"; - -/* def MAIL_PORTS */ -$def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports']; -if ($def_mail_ports_info_chk == "") - $def_mail_ports_type = "25,143,465,691"; -else - $def_mail_ports_type = "$def_mail_ports_info_chk"; - -/* def HTTP_SERVSERS */ -$def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers']; -if ($def_http_servers_info_chk == "") - $def_http_servers_type = "\$HOME_NET"; -else - $def_http_servers_type = "$def_http_servers_info_chk"; - -/* def WWW_SERVSERS */ -$def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers']; -if ($def_www_servers_info_chk == "") - $def_www_servers_type = "\$HOME_NET"; -else - $def_www_servers_type = "$def_www_servers_info_chk"; - -/* def HTTP_PORTS */ -$def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports']; -if ($def_http_ports_info_chk == "") - $def_http_ports_type = "80"; -else - $def_http_ports_type = "$def_http_ports_info_chk"; - -/* def SQL_SERVSERS */ -$def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers']; -if ($def_sql_servers_info_chk == "") - $def_sql_servers_type = "\$HOME_NET"; -else - $def_sql_servers_type = "$def_sql_servers_info_chk"; - -/* def ORACLE_PORTS */ -$def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports']; -if ($def_oracle_ports_info_chk == "") - $def_oracle_ports_type = "1521"; -else - $def_oracle_ports_type = "$def_oracle_ports_info_chk"; - -/* def MSSQL_PORTS */ -$def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports']; -if ($def_mssql_ports_info_chk == "") - $def_mssql_ports_type = "1433"; -else - $def_mssql_ports_type = "$def_mssql_ports_info_chk"; - -/* def TELNET_SERVSERS */ -$def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers']; -if ($def_telnet_servers_info_chk == "") - $def_telnet_servers_type = "\$HOME_NET"; -else - $def_telnet_servers_type = "$def_telnet_servers_info_chk"; - -/* def TELNET_PORTS */ -$def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports']; -if ($def_telnet_ports_info_chk == "") - $def_telnet_ports_type = "23"; -else - $def_telnet_ports_type = "$def_telnet_ports_info_chk"; - -/* def SNMP_SERVSERS */ -$def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers']; -if ($def_snmp_servers_info_chk == "") - $def_snmp_servers_type = "\$HOME_NET"; -else - $def_snmp_servers_type = "$def_snmp_servers_info_chk"; - -/* def SNMP_PORTS */ -$def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports']; -if ($def_snmp_ports_info_chk == "") - $def_snmp_ports_type = "161"; -else - $def_snmp_ports_type = "$def_snmp_ports_info_chk"; - -/* def FTP_SERVSERS */ -$def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers']; -if ($def_ftp_servers_info_chk == "") - $def_ftp_servers_type = "\$HOME_NET"; -else - $def_ftp_servers_type = "$def_ftp_servers_info_chk"; - -/* def FTP_PORTS */ -$def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports']; -if ($def_ftp_ports_info_chk == "") - $def_ftp_ports_type = "21"; -else - $def_ftp_ports_type = "$def_ftp_ports_info_chk"; - -/* def SSH_SERVSERS */ -$def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers']; -if ($def_ssh_servers_info_chk == "") - $def_ssh_servers_type = "\$HOME_NET"; -else - $def_ssh_servers_type = "$def_ssh_servers_info_chk"; - -/* if user has defined a custom ssh port, use it */ -if($config['system']['ssh']['port']) - $ssh_port = $config['system']['ssh']['port']; -else - $ssh_port = "22"; - -/* def SSH_PORTS */ -$def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports']; -if ($def_ssh_ports_info_chk == "") - $def_ssh_ports_type = "{$ssh_port}"; -else - $def_ssh_ports_type = "$def_ssh_ports_info_chk"; - -/* def POP_SERVSERS */ -$def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers']; -if ($def_pop_servers_info_chk == "") - $def_pop_servers_type = "\$HOME_NET"; -else - $def_pop_servers_type = "$def_pop_servers_info_chk"; - -/* def POP2_PORTS */ -$def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports']; -if ($def_pop2_ports_info_chk == "") - $def_pop2_ports_type = "109"; -else - $def_pop2_ports_type = "$def_pop2_ports_info_chk"; - -/* def POP3_PORTS */ -$def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports']; -if ($def_pop3_ports_info_chk == "") - $def_pop3_ports_type = "110"; -else - $def_pop3_ports_type = "$def_pop3_ports_info_chk"; - -/* def IMAP_SERVSERS */ -$def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers']; -if ($def_imap_servers_info_chk == "") - $def_imap_servers_type = "\$HOME_NET"; -else - $def_imap_servers_type = "$def_imap_servers_info_chk"; - -/* def IMAP_PORTS */ -$def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports']; -if ($def_imap_ports_info_chk == "") - $def_imap_ports_type = "143"; -else - $def_imap_ports_type = "$def_imap_ports_info_chk"; - -/* def SIP_PROXY_IP */ -$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip']; -if ($def_sip_proxy_ip_info_chk == "") - $def_sip_proxy_ip_type = "\$HOME_NET"; -else - $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; - -/* def SIP_PROXY_PORTS */ -$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports']; -if ($def_sip_proxy_ports_info_chk == "") - $def_sip_proxy_ports_type = "5060:5090,16384:32768"; -else - $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; - -/* def AUTH_PORTS */ -$def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports']; -if ($def_auth_ports_info_chk == "") - $def_auth_ports_type = "113"; -else - $def_auth_ports_type = "$def_auth_ports_info_chk"; - -/* def FINGER_PORTS */ -$def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports']; -if ($def_finger_ports_info_chk == "") - $def_finger_ports_type = "79"; -else - $def_finger_ports_type = "$def_finger_ports_info_chk"; - -/* def IRC_PORTS */ -$def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports']; -if ($def_irc_ports_info_chk == "") - $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; -else - $def_irc_ports_type = "$def_irc_ports_info_chk"; - -/* def NNTP_PORTS */ -$def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports']; -if ($def_nntp_ports_info_chk == "") - $def_nntp_ports_type = "119"; -else - $def_nntp_ports_type = "$def_nntp_ports_info_chk"; - -/* def RLOGIN_PORTS */ -$def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports']; -if ($def_rlogin_ports_info_chk == "") - $def_rlogin_ports_type = "513"; -else - $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; - -/* def RSH_PORTS */ -$def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports']; -if ($def_rsh_ports_info_chk == "") - $def_rsh_ports_type = "514"; -else - $def_rsh_ports_type = "$def_rsh_ports_info_chk"; - -/* def SSL_PORTS */ -$def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports']; -if ($def_ssl_ports_info_chk == "") - $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995"; -else - $def_ssl_ports_type = "$def_ssl_ports_info_chk"; - - /* should we install a automatic update crontab entry? */ - $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7']; - - /* if user is on pppoe, we really want to use ng0 interface */ - if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe") - $snort_ext_int = "ng0"; - - /* set the snort performance model */ - if($config['installedpackages']['snortglobal']['rule'][$id]['performance']) - $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance']; - else - $snort_performance = "ac-bnfa"; - - /* open snort's whitelist for writing */ - $whitelist = fopen("/var/db/whitelist", "w"); - if(!$whitelist) { - log_error("Could not open /var/db/whitelist for writing."); - return; - } - - /* build an interface array list */ - $int_array = array('lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(!$config['interfaces']['opt' . $j]['gateway']) - $int_array[] = "opt{$j}"; - - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. - */ - foreach($int_array as $int) { - /* calculate interface subnet information */ - $ifcfg = &$config['interfaces'][$int]; - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe" or $subnet == "dhcp") { - $subnet = find_interface_ip("ng0"); - if($subnet) - $home_net .= "{$subnet} "; - } else { - if ($subnet) - if($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; - } - } - - /* add all WAN ips to the whitelist */ - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if($ip) - $home_net .= "{$ip} "; - - /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name("WAN"); - $gw = get_interface_gateway($int); - if($gw) - $home_net .= "{$gw} "; - - /* Add DNS server for WAN interface to whitelist */ - $dns_servers = get_dns_servers(); - foreach($dns_servers as $dns) { - if($dns) - $home_net .= "{$dns} "; - } - - /* Add loopback to whitelist (ftphelper) */ - $home_net .= "127.0.0.1 "; - - /* iterate all vips and add to whitelist */ - - if($config['virtualip']) - foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) - $home_net .= $vip['subnet'] . " "; - - if($config['installedpackages']['snortglobal']['config']) - foreach($config['installedpackages']['snortglobal']['config'] as $snort) - if($snort['ip']) - $home_net .= $snort['ip'] . " "; - - /* write out whitelist, convert spaces to carriage returns */ - $whitelist_home_net = str_replace(" ", " ", $home_net); - $whitelist_home_net = str_replace(" ", "\n", $home_net); - - /* make $home_net presentable to snort */ - $home_net = trim($home_net); - $home_net = str_replace(" ", ",", $home_net); - $home_net = "[{$home_net}]"; - - /* foreach through whitelist, writing out to file */ - $whitelist_split = split("\n", $whitelist_home_net); - foreach($whitelist_split as $wl) - if(trim($wl)) - fwrite($whitelist, trim($wl) . "\n"); - - /* should we whitelist vpns? */ - $whitelistvpns = $config['installedpackages']['snortglobal']['whitelistvpns']; - - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ - if($whitelistvpns) { - if ($pfsense_stable == 'yes') // chk what pfsense version were on - { - $vpns_list = get_vpns_list(); - } - if ($pfsense_stable == 'no') // chk what pfsense version were on - { - $vpns_list = filter_get_vpns_list(); - } - - $whitelist_vpns = split(" ", $vpns_list); - foreach($whitelist_vpns as $wl) - if(trim($wl)) - fwrite($whitelist, trim($wl) . "\n"); - } - - /* close file */ - fclose($whitelist); - - /* generate rule sections to load */ - $enabled_rulesets = $config['installedpackages']['snortglobal']['rule'][$id]['rulesets']; - if($enabled_rulesets) { - $selected_rules_sections = ""; - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - foreach($enabled_rulesets_array as $enabled_item) - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; - } - - conf_mount_ro(); - -///////////////////////////// - -/* preprocessor code */ - -/* def perform_stat */ -$snort_perform_stat = <<<EOD -########################## - # -# NEW # -# Performance Statistics # - # -########################## - -preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000 - -EOD; - -$def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat']; -if ($def_perform_stat_info_chk == "on") - $def_perform_stat_type = "$snort_perform_stat"; -else - $def_perform_stat_type = ""; - -$def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; -if ($def_flow_depth_info_chk == '') - $def_flow_depth_type = '0'; -else - $def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; - -/* def http_inspect */ -$snort_http_inspect = <<<EOD -################# - # -# HTTP Inspect # - # -################# - -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 - -preprocessor http_inspect_server: server default \ - ports { 80 8080 } \ - non_strict \ - non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ - flow_depth {$def_flow_depth_type} \ - apache_whitespace no \ - directory no \ - iis_backslash no \ - u_encode yes \ - ascii no \ - chunk_length 500000 \ - bare_byte yes \ - double_decode yes \ - iis_unicode no \ - iis_delimiter no \ - multi_slash no - -EOD; - -$def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect']; -if ($def_http_inspect_info_chk == "on") - $def_http_inspect_type = "$snort_http_inspect"; -else - $def_http_inspect_type = ""; - -/* def other_preprocs */ -$snort_other_preprocs = <<<EOD -################## - # -# Other preprocs # - # -################## - -preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 -preprocessor bo - -EOD; - -$def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs']; -if ($def_other_preprocs_info_chk == "on") - $def_other_preprocs_type = "$snort_other_preprocs"; -else - $def_other_preprocs_type = ""; - -/* def ftp_preprocessor */ -$snort_ftp_preprocessor = <<<EOD -##################### - # -# ftp preprocessor # - # -##################### - -preprocessor ftp_telnet: global \ -inspection_type stateless - -preprocessor ftp_telnet_protocol: telnet \ - normalize \ - ayt_attack_thresh 200 - -preprocessor ftp_telnet_protocol: \ - ftp server default \ - def_max_param_len 100 \ - ports { 21 } \ - ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ - ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ - ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ - ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ - ftp_cmds { FEAT CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD } \ - ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ - alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ - alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ - chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ - chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ - chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ - chk_str_fmt { FEAT CEL CMD } \ - chk_str_fmt { MDTM REST SIZE MLST MLSD } \ - chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity STRU < char FRP > \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity PORT < host_port > - -preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 256 \ - bounce yes \ - telnet_cmds yes - -EOD; - -$def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor']; -if ($def_ftp_preprocessor_info_chk == "on") - $def_ftp_preprocessor_type = "$snort_ftp_preprocessor"; -else - $def_ftp_preprocessor_type = ""; - -/* def smtp_preprocessor */ -$snort_smtp_preprocessor = <<<EOD -##################### - # -# SMTP preprocessor # - # -##################### - -preprocessor SMTP: \ - ports { 25 465 691 } \ - inspection_type stateful \ - normalize cmds \ - valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \ -CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \ -PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ - alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ - alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - xlink2state { enable } - -EOD; - -$def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor']; -if ($def_smtp_preprocessor_info_chk == "on") - $def_smtp_preprocessor_type = "$snort_smtp_preprocessor"; -else - $def_smtp_preprocessor_type = ""; - -/* def sf_portscan */ -$snort_sf_portscan = <<<EOD -################ - # -# sf Portscan # - # -################ - -preprocessor sfportscan: scan_type { all } \ - proto { all } \ - memcap { 10000000 } \ - sense_level { medium } \ - ignore_scanners { \$HOME_NET } - -EOD; - -$def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan']; -if ($def_sf_portscan_info_chk == "on") - $def_sf_portscan_type = "$snort_sf_portscan"; -else - $def_sf_portscan_type = ""; - -/* def dce_rpc_2 */ -$snort_dce_rpc_2 = <<<EOD -############### - # -# NEW # -# DCE/RPC 2 # - # -############### - -preprocessor dcerpc2: memcap 102400, events [smb, co, cl] -preprocessor dcerpc2_server: default, policy WinXP, \ - detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ - autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ - smb_max_chain 3 - -EOD; - -$def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2']; -if ($def_dce_rpc_2_info_chk == "on") - $def_dce_rpc_2_type = "$snort_dce_rpc_2"; -else - $def_dce_rpc_2_type = ""; - -/* def dns_preprocessor */ -$snort_dns_preprocessor = <<<EOD -#################### - # -# DNS preprocessor # - # -#################### - -preprocessor dns: \ - ports { 53 } \ - enable_rdata_overflow - -EOD; - -$def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor']; -if ($def_dns_preprocessor_info_chk == "on") - $def_dns_preprocessor_type = "$snort_dns_preprocessor"; -else - $def_dns_preprocessor_type = ""; - -/* def SSL_PORTS IGNORE */ -$def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore']; -if ($def_ssl_ports_ignore_info_chk == "") - $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; -else - $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; - -////////////////////////////////////////////////////////////////// - /* build snort configuration file */ - /* TODO; feed back from pfsense users to reduce false positives */ - $snort_conf_text = <<<EOD - -# snort configuration file -# generated by the pfSense -# package manager system -# see /usr/local/pkg/snort.inc -# for more information -# snort.conf -# Snort can be found at http://www.snort.org/ -# -# Copyright (C) 2009 Robert Zelaya -# part of pfSense -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -######################### - # -# Define Local Network # - # -######################### - -var HOME_NET {$home_net} -var EXTERNAL_NET !\$HOME_NET - -################### - # -# Define Servers # - # -################### - -var DNS_SERVERS [{$def_dns_servers_type}] -var SMTP_SERVERS [{$def_smtp_servers_type}] -var HTTP_SERVERS [{$def_http_servers_type}] -var SQL_SERVERS [{$def_sql_servers_type}] -var TELNET_SERVERS [{$def_telnet_servers_type}] -var SNMP_SERVERS [{$def_snmp_servers_type}] -var FTP_SERVERS [{$def_ftp_servers_type}] -var SSH_SERVERS [{$def_ssh_servers_type}] -var POP_SERVERS [{$def_pop_servers_type}] -var IMAP_SERVERS [{$def_imap_servers_type}] -var RPC_SERVERS \$HOME_NET -var WWW_SERVERS [{$def_www_servers_type}] -var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] -var AIM_SERVERS \ -[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] - -######################## - # -# Define Server Ports # - # -######################## - -portvar HTTP_PORTS [{$def_http_ports_type}] -portvar SHELLCODE_PORTS !80 -portvar ORACLE_PORTS [{$def_oracle_ports_type}] -portvar AUTH_PORTS [{$def_auth_ports_type}] -portvar DNS_PORTS [{$def_dns_ports_type}] -portvar FINGER_PORTS [{$def_finger_ports_type}] -portvar FTP_PORTS [{$def_ftp_ports_type}] -portvar IMAP_PORTS [{$def_imap_ports_type}] -portvar IRC_PORTS [{$def_irc_ports_type}] -portvar MSSQL_PORTS [{$def_mssql_ports_type}] -portvar NNTP_PORTS [{$def_nntp_ports_type}] -portvar POP2_PORTS [{$def_pop2_ports_type}] -portvar POP3_PORTS [{$def_pop3_ports_type}] -portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779] -portvar RLOGIN_PORTS [{$def_rlogin_ports_type}] -portvar RSH_PORTS [{$def_rsh_ports_type}] -portvar SMB_PORTS [139,445] -portvar SMTP_PORTS [{$def_smtp_ports_type}] -portvar SNMP_PORTS [{$def_snmp_ports_type}] -portvar SSH_PORTS [{$def_ssh_ports_type}] -portvar TELNET_PORTS [{$def_telnet_ports_type}] -portvar MAIL_PORTS [{$def_mail_ports_type}] -portvar SSL_PORTS [{$def_ssl_ports_type}] -portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] - -# DCERPC NCACN-IP-TCP -portvar DCERPC_NCACN_IP_TCP [139,445] -portvar DCERPC_NCADG_IP_UDP [138,1024:] -portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] -portvar DCERPC_NCACN_UDP_LONG [135,1024:] -portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] -portvar DCERPC_NCACN_TCP [2103,2105,2107] -portvar DCERPC_BRIGHTSTORE [6503,6504] - -##################### - # -# Define Rule Paths # - # -##################### - -var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules -# var PREPROC_RULE_PATH ./preproc_rules - -################################ - # -# Configure the snort decoder # - # -################################ - -config checksum_mode: all -config disable_decode_alerts -config disable_tcpopt_experimental_alerts -config disable_tcpopt_obsolete_alerts -config disable_ttcp_alerts -config disable_tcpopt_alerts -config disable_ipopt_alerts -config disable_decode_drops - -################################### - # -# Configure the detection engine # -# Use lower memory models # - # -################################### - -config detection: search-method {$snort_performance} max_queue_events 5 -config event_queue: max_queue 8 log 3 order_events content_length - -#Configure dynamic loaded libraries -dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ -dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so -dynamicdetection directory /usr/local/lib/snort/dynamicrules/ - -################### - # -# Flow and stream # - # -################### - -preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy bsd detect_anomalies - -preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ -track_udp yes, track_icmp yes -preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes -preprocessor stream5_udp: -preprocessor stream5_icmp: - -{$def_perform_stat_type} - -{$def_http_inspect_type} - -{$def_other_preprocs_type} - -{$def_ftp_preprocessor_type} - -{$def_smtp_preprocessor_type} - -{$def_sf_portscan_type} - -############################ - # -# OLD # -# preprocessor dcerpc: \ # -# autodetect \ # -# max_frag_size 3000 \ # -# memcap 100000 # - # -############################ - -{$def_dce_rpc_2_type} - -{$def_dns_preprocessor_type} - -############################## - # -# NEW # -# Ignore SSL and Encryption # - # -############################## - -preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted - -##################### - # -# Snort Output Logs # - # -##################### - -$snortalertlogtype_type -$alertsystemlog_type -$tcpdumplog_type -$snortmysqllog_info_chk -$snortunifiedlog_type -$spoink_type - -################# - # -# Misc Includes # - # -################# - -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf - -# Snort user pass through configuration -{$snort_config_pass_thru} - -################### - # -# Rules Selection # - # -################### - -{$selected_rules_sections} - -EOD; - - return $snort_conf_text; -} - -/* check downloaded text from snort.org to make sure that an error did not occur - * for example, if you are not a premium subscriber you can only download rules - * so often, etc. TO BE: Removed unneeded. - */ - -function check_for_common_errors($filename) { - global $snort_filename, $snort_filename_md5, $console_mode; - -// ob_flush(); - $contents = file_get_contents($filename); - if(stristr($contents, "You don't have permission")) { - if(!$console_mode) { - update_all_status("An error occured while downloading {$filename}."); - hide_progress_bar_status(); - } else { - log_error("An error occured. Scroll down to inspect it's contents."); - } - if(!$console_mode) { - update_output_window(strip_tags("$contents")); - } else { - $contents = strip_tags($contents); - log_error("Error downloading snort rules: {$contents}"); - echo "Error downloading snort rules: {$contents}"; - } - scroll_down_to_bottom_of_page(); - exit; - } -} - -/* force browser to scroll all the way down */ -function scroll_down_to_bottom_of_page() { - global $snort_filename, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; -} - -/* ensure downloaded file looks sane */ -function verify_downloaded_file($filename) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(filesize($filename)<9500) { - if(!$console_mode) { - update_all_status("Checking {$filename}..."); - check_for_common_errors($filename); - } - } - update_all_status("Verifying {$filename}..."); - if(!file_exists($filename)) { - if(!$console_mode) { - update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - hide_progress_bar_status(); - } else { - log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."); - echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again."; - } - exit; - } - update_all_status("Verified {$filename}."); -} - -/* extract rules */ -function extract_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) { - $static_output = gettext("Extracting snort rules..."); - update_all_status($static_output); - } - if(!is_dir("/usr/local/etc/snort/rules/")) - mkdir("/usr/local/etc/snort/rules/"); - $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/"; - $handle = popen("{$cmd} 2>&1", 'r'); - while(!feof($handle)) { - $buffer = fgets($handle); - update_output_window($buffer); - } - pclose($handle); - - if(!$console_mode) { - $static_output = gettext("Snort rules extracted."); - update_all_status($static_output); - } else { - log_error("Snort rules extracted."); - echo "Snort rules extracted."; - } -} - -/* verify MD5 against downloaded item */ -function verify_snort_rules_md5($tmpfname) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) { - $static_output = gettext("Verifying md5 signature..."); - update_all_status($static_output); - } - - $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; - $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if($md5 == $file_md5_ondisk) { - if(!$console_mode) { - $static_output = gettext("snort rules: md5 signature of rules mismatch."); - update_all_status($static_output); - hide_progress_bar_status(); - } else { - log_error("snort rules: md5 signature of rules mismatch."); - echo "snort rules: md5 signature of rules mismatch."; - } - exit; - } -} - -/* hide progress bar */ -function hide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; -} - -/* unhide progress bar */ -function unhide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; -} - -/* update both top and bottom text box during an operation */ -function update_all_status($status) { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) { - update_status($status); - update_output_window($status); - } -} - -/* obtain alert description for an ip address */ -function get_snort_alert($ip) { - global $snort_alert_file_split, $snort_config; - if(!file_exists("/var/log/snort/alert")) - return; - if(!$snort_config) - $snort_config = read_snort_config_cache(); - if($snort_config[$ip]) - return $snort_config[$ip]; - if(!$snort_alert_file_split) - $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")); - foreach($snort_alert_file_split as $fileline) { - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_title = $matches[2]; - if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) - $alert_ip = $matches[$id]; - if($alert_ip == $ip) { - if(!$snort_config[$ip]) - $snort_config[$ip] = $alert_title; - return $alert_title; - } - } - return "n/a"; -} - -function make_clickable($buffer) { - global $config, $g; - /* if clickable urls is disabled, simply return buffer back to caller */ - $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode']; - if(!$clickablalerteurls) - return $buffer; - $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer); - - return $buffer; -} - -function read_snort_config_cache() { - global $g, $config, $snort_config; - if($snort_config) - return $snort_config; - if(file_exists($g['tmp_path'] . '/snort_config.cache')) { - $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache')); - return $snort_config; - } - return; -} - -function write_snort_config_cache($snort_config) { - global $g, $config; - conf_mount_rw(); - $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w"); - if(!$configcache) { - log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing."); - return false; - } - fwrite($configcache, serialize($snort_config)); - fclose($configcache); - conf_mount_ro(); - return true; -} - -function snort_advanced() { - global $g, $config; - sync_package_snort(); -} - -function snort_define_servers() { - global $g, $config; - sync_package_snort(); -} - -?> diff --git a/config/snort-dev/snort.sh b/config/snort-dev/snort.sh deleted file mode 100644 index 5b725cfe..00000000 --- a/config/snort-dev/snort.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/sh -# $FreeBSD: ports/security/snort/files/snort.sh.in,v 1.4 2009/10/29 01:27:53 clsung Exp $ - -# PROVIDE: snort -# REQUIRE: DAEMON -# BEFORE: LOGIN -# KEYWORD: shutdown - -. /etc/rc.subr -. /var/etc/rc.snort - -name="snort" -rcvar=`set_rcvar` -start_cmd="snort_start" -stop_cmd="snort_stop" - -snort_bin="/usr/local/bin/snort" -barnyard_bin="/usr/local/bin/barnyard2" - -[ -z "$snort_enable" ] && snort_enable="YES" -[ -z "$snort_flags" ] && snort_flags="-u snort -g snort -D -q -l /var/log/snort" -[ -z "$barnyard_flags" ] && barnyard_flags="-u snort -g snort -d /var/log/snort" - -snort_start() -{ - echo -n 'Starting snort:' - for _s in ${snort_list} - do - echo -n " ${_s}" - - eval _conf=\"\$snort_${_s}_conf\" - eval _name=\"\$snort_${_s}_name\" - eval _id=\"\$snort_${_s}_id\" - eval _iface=\"\$snort_${_s}_interface\" - eval _enable=\"\$snort_${_s}_enable\" - eval _barnyard=\"\$snort_${_s}_barnyard\" - _confdir=${_conf%/*} - - _enable="${_enable:-YES}" - if ! checkyesno _enable; then - continue; - fi - - if [ -f /var/run/snort_${_iface}${_name}.pid ]; then - if pgrep -F /var/run/snort_${_iface}${_name}.pid snort; then - echo -n " [snort ${_s} already running]" - continue; - fi - fi - ${snort_bin} ${snort_flags} -G ${_id} -R ${_name} -c ${_conf} -i ${_iface} - - _barnyard="${_barnyard:-NO}" - if checkyesno _barnyard; then - ${barnyard_bin} ${snort_flags} -R ${_name} -c ${_confdir}/barnyard2.conf \ - -f snort.u2_${_name} -w ${_confdir}/barnyard2.waldo - fi - done - echo -} - -snort_stop() -{ - echo -n 'Stopping snort:' - _pidlist='' - for _s in ${snort_list} - do - echo -n " ${_s}" - - eval _conf=\"\$snort_${_s}_conf\" - eval _name=\"\$snort_${_s}_name\" - eval _iface=\"\$snort_${_s}_interface\" - - if [ -f /var/run/snort_${_iface}${_name}.pid ]; then - _pid=$(pgrep -F /var/run/snort_${_iface}${_name}.pid snort) - if [ -n "${_pid}" ]; then - kill ${_pid} - _pidlist="${_pidlist} ${_pid}" - fi - fi - if [ -f /var/run/barnyard_${_iface}${_name}.pid ]; then - _pid=$(pgrep -F /var/run/barnyard_${_iface}${_name}.pid barnyard2) - if [ -n "${_pid}" ]; then - kill ${_pid} - _pidlist="${_pidlist} ${_pid}" - fi - fi - done - echo - wait_for_pids ${_pidlist} -} - -cmd="$1" -if [ $# -gt 0 ]; then - shift -fi -if [ -n "$*" ]; then - snort_list="$*" -fi -run_rc_command "${cmd}" diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml deleted file mode 100644 index 37ce9967..00000000 --- a/config/snort-dev/snort.xml +++ /dev/null @@ -1,199 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfsense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Snort</name> - <version>2.8.5.3</version> - <title>Services: Snort 2.8.5.2 pkg v. 1.18</title> - <include_file>/usr/local/pkg/snort/snort.inc</include_file> - <menu> - <name>Snort</name> - <tooltiptext>Setup snort specific settings</tooltiptext> - <section>Services</section> - <url>/snort/snort_interfaces.php</url> - </menu> - <service> - <name>snort</name> - <rcfile></rcfile> - <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> - </service> - <tabs> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_fbegin.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/create-sidmap.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/bin/oinkmaster_contrib/snort_rename.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_dynamic_ip_reload.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_whitelist.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_check_for_rule_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/help_and_info.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/etc/rc.d/</prefix> - <chmod>755</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort.sh</item> - </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_snort_package(); - </custom_php_resync_config_command> - <custom_php_install_command> - snort_postinstall(); - </custom_php_install_command> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php deleted file mode 100644 index 4f0ddb03..00000000 --- a/config/snort-dev/snort_alerts.php +++ /dev/null @@ -1,630 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_alerts.php - part of pfSense - - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; -$snort_logfile = '/var/log/snort/alert'; - -$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; -$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; - -if ($pconfig['alertnumber'] == '' || $pconfig['alertnumber'] == '0') -{ - $anentries = '250'; -}else{ - $anentries = $pconfig['alertnumber']; -} - -if ($_POST['save']) -{ - - //unset($input_errors); - //$pconfig = $_POST; - - /* input validation */ - if ($_POST['save']) - { - - // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; - // } - - } - - /* no errors */ - if (!$input_errors) - { - - $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off; - $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - - conf_mount_rw(); - write_config(); - //conf_mount_ro(); - sleep(2); - - header("Location: /snort/snort_alerts.php"); - - } - -} - - -if ($_POST['delete']) -{ - - exec("killall syslogd"); - conf_mount_rw(); - if(file_exists("/var/log/snort/alert")) - { - exec('/bin/rm /var/log/snort/*'); - exec('/usr/bin/touch /var/log/snort/alert'); - } - conf_mount_ro(); - system_syslogd_start(); - //exec("/usr/bin/killall -HUP snort"); - -} - -if ($_POST['download']) -{ - - ob_start(); //importanr or other post will fail - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_logs_{$save_date}.tar.gz"; - exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort"); - - if(file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) - { - $file = "/tmp/snort_logs_{$save_date}.tar.gz"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz"); - od_end_clean(); //importanr or other post will fail - }else{ - echo 'Error no saved file.'; - } - -} - - -/* WARNING: took me forever to figure reg expression, dont lose */ -// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50'; - -function get_snort_alert_date($fileline) -{ - /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ - if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) - { - $alert_date = "$matches1[0]"; - } - -return $alert_date; - -} - -function get_snort_alert_disc($fileline) -{ - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - { - $alert_disc = "$matches[2]"; - } - -return $alert_disc; - -} - -function get_snort_alert_class($fileline) -{ - /* class */ - if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) - { - $alert_class = "$matches2[0]"; - } - -return $alert_class; - -} - -function get_snort_alert_priority($fileline) -{ - /* Priority */ - if (preg_match('/Priority:\s\d/', $fileline, $matches3)) - { - $alert_priority = "$matches3[0]"; - } - -return $alert_priority; - -} - -function get_snort_alert_proto($fileline) -{ - /* Priority */ - if (preg_match('/\{.+\}/', $fileline, $matches3)) - { - $alert_proto = "$matches3[0]"; - } - -return $alert_proto; - -} - -function get_snort_alert_proto_full($fileline) -{ - /* Protocal full */ - if (preg_match('/.+\sTTL/', $fileline, $matches2)) - { - $alert_proto_full = "$matches2[0]"; - } - -return $alert_proto_full; - -} - -function get_snort_alert_ip_src($fileline) -{ - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - { - $alert_ip_src = $matches4[1][0]; - } - -return $alert_ip_src; - -} - -function get_snort_alert_src_p($fileline) -{ - /* source port */ - if (preg_match('/:\d+\s-/', $fileline, $matches5)) - { - $alert_src_p = "$matches5[0]"; - } - -return $alert_src_p; - -} - -function get_snort_alert_flow($fileline) -{ - /* source port */ - if (preg_match('/(->|<-)/', $fileline, $matches5)) - { - $alert_flow = "$matches5[0]"; - } - -return $alert_flow; - -} - -function get_snort_alert_ip_dst($fileline) -{ - /* DST IP */ - $re1dp='.*?'; # Non-greedy match on filler - $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress - $re3dp='.*?'; # Non-greedy match on filler - $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) - { - $alert_ip_dst = $matches6[1][0]; - } - -return $alert_ip_dst; - -} - -function get_snort_alert_dst_p($fileline) -{ - /* dst port */ - if (preg_match('/:\d+$/', $fileline, $matches7)) - { - $alert_dst_p = "$matches7[0]"; - } - -return $alert_dst_p; - -} - -function get_snort_alert_dst_p_full($fileline) -{ - /* dst port full */ - if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) - { - $alert_dst_p = "$matches7[0]"; - } - -return $alert_dst_p; - -} - -function get_snort_alert_sid($fileline) -{ - /* SID */ - if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) - { - $alert_sid = "$matches8[0]"; - } - -return $alert_sid; - -} - -// - -$pgtitle = "Services: Snort: Snort Alerts"; -include("head.inc"); - -?> - -<link rel="stylesheet" href="/snort/css/style.css" type="text/css" media="all"> -<script type="text/javascript" src="/snort/javascript/mootools.js"></script> -<script type="text/javascript" src="/snort/javascript/sortableTable.js"></script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php - -include("./snort_fbegin.inc"); - -echo "<p class=\"pgtitle\">"; -if($pfsense_stable == 'yes'){echo $pgtitle;} -echo "</p>\n"; - -/* refresh every 60 secs */ -if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') -{ - echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n"; -} -?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", true, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> -</td> -</tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0"> - <tr> - <td width="22%" colspan="0" class="listtopic"> - Last <?=$anentries;?> Alert Entries. - </td> - <td width="78%" class="listtopic"> - Latest Alert Entries Are Listed First. - </td> - </tr> - <tr> - <td width="22%" class="vncell">Save or Remove Logs</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_alerts.php" method="post"> - <input name="download" type="submit" class="formbtn" value="Download"> - All log files will be saved. - <input name="delete" type="submit" class="formbtn" value="Clear"> - <span class="red"><strong>Warning:</strong></span> all log files will be deleted. - </form> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_alerts.php" method="post"> - <input name="save" type="submit" class="formbtn" value="Save"> - Refresh - <input name="arefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. - <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> - Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>. - </form> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"> - <br> - <div class="tableFilter"> - <form id="tableFilter" onsubmit="myTable.filter(this.id); return false;">Filter: - <select id="column"> - <option value="1">PRIORITY</option> - <option value="2">PROTO</option> - <option value="3">DESCRIPTION</option> - <option value="4">CLASS</option> - <option value="5">SRC</option> - <option value="6">SRC PORT</option> - <option value="7">FLOW</option> - <option value="8">DST</option> - <option value="9">DST PORT</option> - <option value="10">SID</option> - <option value="11">Date</option> - </select> - <input type="text" id="keyword" /> - <input type="submit" value="Submit" /> - <input type="reset" value="Clear" /> - </form> - </div> -<table class="allRow" id="myTable" width="100%" border="2" cellpadding="1" cellspacing="1"> - <thead> - <th axis="number">#</th> - <th axis="string">PRI</th> - <th axis="string">PROTO</th> - <th axis="string">DESCRIPTION</th> - <th axis="string">CLASS</th> - <th axis="string">SRC</th> - <th axis="string">SPORT</th> - <th axis="string">FLOW</th> - <th axis="string">DST</th> - <th axis="string">DPORT</th> - <th axis="string">SID</th> - <th axis="date">Date</th> - </thead> - <tbody> -<?php - - /* make sure alert file exists */ - if(!file_exists('/var/log/snort/alert')) - { - conf_mount_rw(); - exec('/usr/bin/touch /var/log/snort/alert'); - conf_mount_ro(); - } - - $logent = $anentries; - - /* detect the alert file type */ - if ($snortalertlogt == 'full') - { - $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); - }else{ - $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert')))); - } - - - -if (is_array($alerts_array)) -{ - - $counter = 0; - foreach($alerts_array as $fileline) - { - - if($logent <= $counter) - continue; - - $counter++; - - /* Date */ - $alert_date_str = get_snort_alert_date($fileline); - - if($alert_date_str != '') - { - $alert_date = $alert_date_str; - }else{ - $alert_date = 'empty'; - } - - /* Discription */ - $alert_disc_str = get_snort_alert_disc($fileline); - - if($alert_disc_str != '') - { - $alert_disc = $alert_disc_str; - }else{ - $alert_disc = 'empty'; - } - - /* Classification */ - $alert_class_str = get_snort_alert_class($fileline); - - if($alert_class_str != '') - { - - $alert_class_match = array('[Classification:',']'); - $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); - }else{ - $alert_class = 'Prep'; - } - - /* Priority */ - $alert_priority_str = get_snort_alert_priority($fileline); - - if($alert_priority_str != '') - { - $alert_priority_match = array('Priority: ',']'); - $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); - }else{ - $alert_priority = 'empty'; - } - - /* Protocol */ - /* Detect alert file type */ - if ($snortalertlogt == 'full') - { - $alert_proto_str = get_snort_alert_proto_full($fileline); - }else{ - $alert_proto_str = get_snort_alert_proto($fileline); - } - - if($alert_proto_str != '') - { - $alert_proto_match = array(" TTL",'{','}'); - $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); - }else{ - $alert_proto = 'empty'; - } - - /* IP SRC */ - $alert_ip_src_str = get_snort_alert_ip_src($fileline); - - if($alert_ip_src_str != '') - { - $alert_ip_src = $alert_ip_src_str; - }else{ - $alert_ip_src = 'empty'; - } - - /* IP SRC Port */ - $alert_src_p_str = get_snort_alert_src_p($fileline); - - if($alert_src_p_str != '') - { - $alert_src_p_match = array(' -',':'); - $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); - }else{ - $alert_src_p = 'empty'; - } - - /* Flow */ - $alert_flow_str = get_snort_alert_flow($fileline); - - if($alert_flow_str != '') - { - $alert_flow = $alert_flow_str; - }else{ - $alert_flow = 'empty'; - } - - /* IP Destination */ - $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); - - if($alert_ip_dst_str != '') - { - $alert_ip_dst = $alert_ip_dst_str; - }else{ - $alert_ip_dst = 'empty'; - } - - /* IP DST Port */ - if ($snortalertlogt == 'full') - { - $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); - }else{ - $alert_dst_p_str = get_snort_alert_dst_p($fileline); - } - - if($alert_dst_p_str != '') - { - $alert_dst_p_match = array(':',"\n"," TTL"); - $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); - $alert_dst_p_match2 = array('/[A-Z]/'); - $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); - }else{ - $alert_dst_p = 'empty'; - } - - /* SID */ - $alert_sid_str = get_snort_alert_sid($fileline); - - if($alert_sid_str != '') - { - $alert_sid_match = array('[',']'); - $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); - }else{ - $alert_sid_str = 'empty'; - } - - /* NOTE: using one echo improves performance by 2x */ - if ($alert_disc != 'empty') - { - echo "<tr id=\"{$counter}\"> - <td class=\"centerAlign\">{$counter}</td> - <td class=\"centerAlign\">{$alert_priority}</td> - <td class=\"centerAlign\">{$alert_proto}</td> - <td>{$alert_disc}</td> - <td class=\"centerAlign\">{$alert_class}</td> - <td>{$alert_ip_src}</td> - <td class=\"centerAlign\">{$alert_src_p}</td> - <td class=\"centerAlign\">{$alert_flow}</td> - <td>{$alert_ip_dst}</td> - <td class=\"centerAlign\">{$alert_dst_p}</td> - <td class=\"centerAlign\">{$alert_sid}</td> - <td>{$alert_date}</td> - </tr>\n"; - } - -// <script type="text/javascript"> -// var myTable = {}; -// window.addEvent('domready', function(){ -// myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); -// }); -// </script> - - } -} - -?> - </tbody> - </table> - </td> -</table> - -<?php include("fend.inc"); ?> - - <script type="text/javascript"> - var myTable = {}; - window.addEvent('domready', function(){ - myTable = new sortableTable('myTable', {overCls: 'over'}); - }); - </script> - -</body> -</html> diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php deleted file mode 100644 index b8f05c47..00000000 --- a/config/snort-dev/snort_barnyard.php +++ /dev/null @@ -1,441 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - -require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['uuid'] = $a_nat[$id]['uuid']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; -} else { - $pconfig['interface'] = "wan"; -} - -if (isset($_GET['dup'])) - unset($id); - -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); -$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - - /* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { - - write_config(); - - sync_snort_package_all(); - sync_snort_package(); - - unlink($d_snortconfdirty_path); - - } - - } - - - if ($_POST["Submit"]) { - - /* check for overlaps */ - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - -/* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - /* repost the options already in conf */ - - if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } - if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } - if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } - if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } - if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } - if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - /* post new options */ - $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; - $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; - if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; } - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - /* after click go to this page */ - touch($d_snortconfdirty_path); - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: snort_barnyard.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("./snort_fbegin.inc"); -?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<style type="text/css"> -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} -</style> -<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> -<script language="JavaScript"> -<!-- - -function enable_change(enable_change) { - endis = !(document.iform.barnyard_enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.barnyard_enable); - -<?php -/* make shure all the settings exist or function hide will not work */ -/* if $id is emty allow if and discr to be open */ -if($id != "") -{ -echo " - document.iform.interface.disabled = endis2;\n"; -} -?> - document.iform.barnyard_mysql.disabled = endis; -} -//--> -</script> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php - - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if($id != "") -{ - - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", true, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - -} -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " - <style type=\"text/css\"> - .noid { - position:absolute; - top:10px; - left:0px; - width:94%; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; - } - </style> - <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['barnyard_enable'] == "on") - $checked = checked; - if($id != "") - { - $onclick_enable = "onClick=\"enable_change(false)\">"; - } - echo " - <input name=\"barnyard_enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable - <strong>Enable Barnyard2 on this Interface</strong><br> - This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>\n\n"; - ?> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log to a Mysql Database</td> - <td width="78%" class="vtable"> - <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="40" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> - <br> <span class="vexpl">Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"><input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings befor you click start. </td> - </tr> - </table> - </table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php deleted file mode 100644 index 293679d9..00000000 --- a/config/snort-dev/snort_blocked.php +++ /dev/null @@ -1,445 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_blocked.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; -$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; - -if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0') -{ - $bnentries = '500'; -}else{ - $bnentries = $pconfig['blertnumber']; -} - -if($_POST['todelete'] or $_GET['todelete']) { - if($_POST['todelete']) - $ip = $_POST['todelete']; - if($_GET['todelete']) - $ip = $_GET['todelete']; - exec("/sbin/pfctl -t snort2c -T delete {$ip}"); -} - -if ($_POST['remove']) { - -exec("/sbin/pfctl -t snort2c -T flush"); -sleep(1); -header("Location: /snort/snort_blocked.php"); - -} - -/* TODO: build a file with block ip and disc */ -if ($_POST['download']) -{ - - ob_start(); //important or other posts will fail - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir /tmp/snort_blocked'); - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); - - $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); - - if ($blocked_ips_array_save[0] != '') - { - - /* build the list */ - $counter = 0; - foreach($blocked_ips_array_save as $fileline3) - { - - $counter++; - - exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); - - } - } - - exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); - - if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) - { - $file = "/tmp/snort_blocked_{$save_date}.tar.gz"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz"); - exec("/bin/rm /tmp/snort_block.pf"); - exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); - od_end_clean(); //importanr or other post will fail - }else{ - echo 'Error no saved file.'; - } - -} - -if ($_POST['save']) -{ - - /* input validation */ - if ($_POST['save']) - { - - - } - - /* no errors */ - if (!$input_errors) - { - - $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off; - $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - - conf_mount_rw(); - write_config(); - //conf_mount_ro(); - sleep(2); - - header("Location: /snort/snort_blocked.php"); - - } - -} - -/* build filter funcs */ -function get_snort_alert_ip_src($fileline) -{ - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - { - $alert_ip_src = $matches4[1][0]; - } - -return $alert_ip_src; - -} - -function get_snort_alert_disc($fileline) -{ - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - { - $alert_disc = "$matches[2]"; - } - -return $alert_disc; - -} - -/* build sec filters */ -function get_snort_block_ip($fileline) -{ - /* ip */ - if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) - { - $alert_block_ip = "$matches[0]"; - } - -return $alert_block_ip; - -} - -function get_snort_block_disc($fileline) -{ - /* disc */ - if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) - { - $alert_block_disc = "$matches[0]"; - } - -return $alert_block_disc; - -} - -/* tell the user what settings they have */ -$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($blockedtab_msg_chk == "1h_b") { - $blocked_msg = "hour"; - } - if ($blockedtab_msg_chk == "3h_b") { - $blocked_msg = "3 hours"; - } - if ($blockedtab_msg_chk == "6h_b") { - $blocked_msg = "6 hours"; - } - if ($blockedtab_msg_chk == "12h_b") { - $blocked_msg = "12 hours"; - } - if ($blockedtab_msg_chk == "1d_b") { - $blocked_msg = "day"; - } - if ($blockedtab_msg_chk == "4d_b") { - $blocked_msg = "4 days"; - } - if ($blockedtab_msg_chk == "7d_b") { - $blocked_msg = "7 days"; - } - if ($blockedtab_msg_chk == "28d_b") { - $blocked_msg = "28 days"; - } - -if ($blockedtab_msg_chk != "never_b") -{ -$blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; -}else{ -$blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; -} - -$pgtitle = "Services: Snort Blocked Hosts"; -include("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php - -include("./snort_fbegin.inc"); - -echo "<p class=\"pgtitle\">"; -if($pfsense_stable == 'yes'){echo $pgtitle;} -echo "</p>\n"; - -/* refresh every 60 secs */ -if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '') -{ - echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; -} -?> - -<script src="/row_toggle.js" type="text/javascript"></script> -<script src="/javascript/sorttable.js" type="text/javascript"></script> -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", true, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="22%" colspan="0" class="listtopic"> - Last <?=$bnentries;?> Blocked. - </td> - <td width="78%" class="listtopic"> - This page lists hosts that have been blocked by Snort. <?=$blocked_msg_txt;?> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Save or Remove Hosts</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"> - <input name="download" type="submit" class="formbtn" value="Download"> - All blocked hosts will be saved. - <input name="remove" type="submit" class="formbtn" value="Clear"> - <span class="red"><strong>Warning:</strong></span> all hosts will be removed. - </form> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"> - <input name="save" type="submit" class="formbtn" value="Save"> - Refresh - <input name="brefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. - <input name="blertnumber" type="text" class="formfld" id="blertnumber" size="5" value="<?=htmlspecialchars($bnentries);?>"> - Enter the number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. - </form> - </td> - </tr> - </table> - - </div> - </td> - </tr> - - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Remove</td> - <td class="listhdrr">#</td> - <td class="listhdrr">IP</td> - <td class="listhdrr">Alert Description</td> - </tr> -<?php - -/* set the arrays */ -exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); -$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); -$blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); - -$logent = $bnentries; - -if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') -{ - - /* build the list and compare blocks to alerts */ - $counter = 0; - foreach($alerts_array as $fileline) - { - - $counter++; - - $alert_ip_src = get_snort_alert_ip_src($fileline); - $alert_ip_disc = get_snort_alert_disc($fileline); - $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); - - if (in_array("$alert_ip_src", $blocked_ips_array)) - { - $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; - } - } - - foreach($blocked_ips_array as $alert_block_ip) - { - - if (!in_array($alert_block_ip, $alert_ip_src_array)) - { - $input[] = "[$alert_block_ip] " . "[N\A]\n"; - } - } - - /* reduce double occurrences */ - $result = array_unique($input); - - /* buil final list, preg_match, buld html */ - $counter2 = 0; - - foreach($result as $fileline2) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_ip_str = get_snort_block_ip($fileline2); - - if($alert_block_ip_str != '') - { - $alert_block_ip_match = array('[',']'); - $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); - }else{ - $alert_block_ip = 'empty'; - } - - $alert_block_disc_str = get_snort_block_disc($fileline2); - - if($alert_block_disc_str != '') - { - $alert_block_disc_match = array('] [',']'); - $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); - }else{ - $alert_block_disc = 'empty'; - } - - /* use one echo to do the magic*/ - echo "<tr> - <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> - <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> - <td> {$counter2}</td> - <td> {$alert_block_ip}</td> - <td> {$alert_block_disc}</td> - </tr>\n"; - - } - -}else{ - - /* if alerts file is empty and blocked table is not empty */ - $counter2 = 0; - - foreach($blocked_ips_array as $alert_block_ip) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_disc = 'N/A'; - - /* use one echo to do the magic*/ - echo "<tr> - <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> - <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> - <td> {$counter2}</td> - <td> {$alert_block_ip}</td> - <td> {$alert_block_disc}</td> - </tr>\n"; - } -} - -if ($blocked_ips_array[0] == '') -{ - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; -}else{ - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; -} - -?> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_check_for_rule_updates.php b/config/snort-dev/snort_check_for_rule_updates.php deleted file mode 100644 index 6f95b101..00000000 --- a/config/snort-dev/snort_check_for_rule_updates.php +++ /dev/null @@ -1,769 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* Setup enviroment */ -$tmpfname = "/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -$emergingthreats_filename_md5 = "version.txt"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($oinkid == "" && $snortdownload != "off") -{ - echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); - exit; -} - -if ($snortdownload != "on" && $emergingthreats != "on") -{ - echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n'; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'"); - exit; -} - -conf_mount_rw(); - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; - -$up_date_time = date('l jS \of F Y h:i:s A'); -echo "\n"; -echo "#########################\n"; -echo "$up_date_time\n"; -echo "#########################\n"; -echo "\n\n"; - -exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'"); - -/* Begin main code */ -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","125M"); - -/* mark the time update started */ -$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); - -/* send current buffer */ -ob_flush(); -conf_mount_rw(); - -/* premium_subscriber check */ -//unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); // Will cause switch back to read-only on nanobsd -//conf_mount_rw(); // Uncomment this if the previous line is uncommented - -$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; - -if ($premium_subscriber_chk == "premium") { - $premium_subscriber = "_s"; -}else{ - $premium_subscriber = ""; -} - -$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload']; -if ($premium_url_chk == "premium") { - $premium_url = "sub-rules"; -}else{ - $premium_url = "reg-rules"; -} - -/* send current buffer */ -ob_flush(); -conf_mount_rw(); - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - echo "Removing old tmp files...\n"; - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); - -/* send current buffer */ -ob_flush(); -conf_mount_rw(); - -/* If tmp dir does not exist create it */ -if (file_exists($tmpfname)) { - echo "The directory tmp exists...\n"; -} else { - mkdir("{$tmpfname}", 700); -} - -/* download md5 sig from snort.org */ -if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - echo "md5 temp file exists...\n"; -} else { - echo "Downloading md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; -} - -/* download md5 sig from emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats']; -if ($emergingthreats_url_chk == on) { - echo "Downloading md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - echo "md5 temp file exists...\n"; -} else { - echo "Downloading pfsense md5 file...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done. downloading md5\n"; -} - -/* If md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ - echo "Please wait... You may only check for New Rules every 15 minutes...\n"; - echo "Rules are released every month from snort.org. You may download the Rules at any time.\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Rules every 15 minutes...'"); - exit(0); -} - -/* If emergingthreats md5 file is empty wait 15min exit not needed */ - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n"; - echo "Rules are released to support Pfsense packages.\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Pfsense Rules every 15 minutes...'"); - exit(0); -} - -/* Check if were up to date snort.org */ -if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){ -$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($md5_check_new == $md5_check_old) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; - $snort_md5_check_ok = on; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your snort rules are up to date...'"); - } -} - -/* Check if were up to date emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats']; -if ($emergingthreats_url_chk == on) { -if (file_exists("{$snortdir}/version.txt")){ -$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); -$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); -$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($emerg_md5_check_new == $emerg_md5_check_old) { - echo "Your emergingthreats rules are up to date...\n"; - echo "You may start Snort now, check update.\n"; - $emerg_md5_check_chk_ok = on; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'"); - } - } -} - -/* Check if were up to date pfsense.org */ -if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){ -$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -if ($pfsense_md5_check_new == $pfsense_md5_check_old) { - $pfsense_md5_check_ok = on; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'"); - } -} - -/* Make Clean Snort Directory emergingthreats not checked */ -if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) { - update_status(gettext("Cleaning the snort Directory...")); - update_output_window(gettext("removing...")); - exec("/bin/rm {$snortdir}/rules/emerging*"); - exec("/bin/rm {$snortdir}/version.txt"); - exec("/bin/rm {$snortdir_wan}/rules/emerging*"); - exec("/bin/rm {$snortdir_wan}/version.txt"); - echo "Done making cleaning emrg direcory.\n"; -} - -/* Check if were up to date exits */ -if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) { - echo "Your emergingthreats rules are up to date...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'"); - exit(0); -} - -if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) { - echo "Your pfsense rules are up to date...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'"); - exit(0); -} - -/* You are Not Up to date, always stop snort when updating rules for low end machines */; -echo "You are NOT up to date...\n"; -echo "Stopping All Snort Package services...\n"; -exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF DATE, UPDATING...'"); -exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'"); -$chk_if_snort_up = exec("pgrep -x snort"); -if ($chk_if_snort_up != "") { - - - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - - /* dont flood the syslog code */ - exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); - sleep(3); - - exec("/usr/bin/killall snort"); - exec("/bin/rm /var/run/snort*"); - sleep(2); - exec("/usr/bin/killall barnyard2"); - exec("/bin/rm /var/run/barnyard2*"); - - /* stop syslog flood code */ - exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log"); - exec("/usr/bin/killall syslogd"); - exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); - sleep(2); - exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); - $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after snort STOP {$after_mem}'"); - -} - -/* download snortrules file */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Snortrule tar file exists...\n"; -} else { - echo "There is a new set of Snort rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading rules file.\n"; - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - echo "Error with the snort rules download...\n"; - echo "Snort rules file downloaded failed...\n"; - exit(0); - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Emergingthreats tar file exists...\n"; -} else { - echo "There is a new set of Emergingthreats rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz"); -// $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz"); - $f = fopen("{$tmpfname}/emerging.rules.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading Emergingthreats rules file.\n"; - } - } - } - -/* download pfsense rules file */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo "Snortrule tar file exists...\n"; -} else { - - echo "There is a new set of Pfsense rules posted. Downloading...\n"; - echo "May take 4 to 10 min...\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz", 'w'); - fwrite($f, $image); - fclose($f); - echo "Done downloading rules file.\n"; - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// exit(0); -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// exit(0); -// } -//} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/" . - " etc/" . - " so_rules/precompiled/FreeBSD-7.0/i386/2.8.4" . - " so_rules/bad-traffic.rules/" . - " so_rules/chat.rules/" . - " so_rules/dos.rules/" . - " so_rules/exploit.rules/" . - " so_rules/imap.rules/" . - " so_rules/misc.rules/" . - " so_rules/multimedia.rules/" . - " so_rules/netbios.rules/" . - " so_rules/nntp.rules/" . - " so_rules/p2p.rules/" . - " so_rules/smtp.rules/" . - " so_rules/sql.rules/" . - " so_rules/web-client.rules/" . - " so_rules/web-misc.rules/"); - echo "Done extracting Rules.\n"; -} else { - echo "The Download rules file missing...\n"; - echo "Error rules extracting failed...\n"; - exit(0); - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - echo "Extracting rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo "Extracting Pfsense rules...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; -if ($premium_url_chk == on) { - echo "Extracting Signatures...\n"; - echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - echo "Done extracting Signatures.\n"; - } - } -} - -/* Make Clean Snort Directory */ -//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { -//if (file_exists("{$snortdir}/rules")) { -// update_status(gettext("Cleaning the snort Directory...")); -// update_output_window(gettext("removing...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/mkdir -p {$snortdir}/signatures"); -// exec("/bin/rm {$snortdir}/*"); -// exec("/bin/rm {$snortdir}/rules/*"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); - -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); -//} else { -// update_status(gettext("Making Snort Directory...")); -// update_output_window(gettext("should be fast...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*"); -// update_status(gettext("Done making snort direcory.")); -// } -//} - -/* Copy so_rules dir to snort lib dir */ -/* Disabled untill I figure out why there is a segment falut core dump on 2.8.5.3 */ -//if ($snort_md5_check_ok != on) { -//if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { -// echo "Copying so_rules...\n"; -// echo "May take a while...\n"; -// exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); -// exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); -// exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules"); -// exec("/bin/rm -r {$snortdir}/so_rules"); -// echo "Done copying so_rules.\n"; -//} else { -// echo "Directory so_rules does not exist...\n"; -// echo "Error copying so_rules...\n"; -// exit(0); -// } -//} - -/* Copy configs to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/etc/Makefile.am")) { - echo "Copying configs to snort directory...\n"; - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - -} else { - echo "The snort config does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } -} - -/* Copy md5 sig to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$snort_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); -} else { - echo "The md5 file does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - echo "Copying md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); -} else { - echo "The emergingthreats md5 file does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - echo "Copying Pfsense md5 sig to snort directory...\n"; - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - echo "The Pfsense md5 file does not exist...\n"; - echo "Error copying config...\n"; - exit(0); - } -} - -/* Copy signatures dir to snort dir */ -if ($snort_md5_check_ok != on) { -$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; -if ($premium_url_chk == on) { -if (file_exists("{$snortdir}/doc/signatures")) { - echo "Copying signatures...\n"; - echo "May take a while...\n"; - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - echo "Done copying signatures.\n"; -} else { - echo "Directory signatures exist...\n"; - echo "Error copying signature...\n"; - exit(0); - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* make shure default rules are in the right format */ -exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - -/* create a msg-map for snort */ -echo "Updating Alert Messages...\n"; -echo "Please Wait...\n"; -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - - -////////////////// - -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ - -if (!empty($config['installedpackages']['snortglobal']['rule'])) { - -$rule_array = $config['installedpackages']['snortglobal']['rule']; -$id = -1; -foreach ($rule_array as $value) { - -$id += 1; - -$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; -$if_real = convert_friendly_interface_to_real_interface_name($result_lan); - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf(); - - /* run oinkmaster for each interface rule */ - oinkmaster_run(); - - } -} - -/* open oinkmaster_conf for writing" function */ -function oinkmaster_conf() { - - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok; - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } - -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } - -$snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w"); - - fwrite($oinkmasterlist, "$snort_sid_text"); - - /* close snort's oinkmaster.conf file */ - fclose($oinkmasterlist); - - } -} - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -function oinkmaster_run() { - - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok; - -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - - if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { - echo "Your first set of rules are being copied...\n"; - echo "May take a while...\n"; - exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); - -} else { - echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; - echo "May take a while...\n"; - exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); - - /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log"); - - } - } -} - -////////////// - -/* mark the time update finnished */ -$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - echo "Cleaning up...\n"; - exec("/bin/rm -r /tmp/snort_rules_up"); -// apc_clear_cache(); -} - -/* php code to flush out cache some people are reportting missing files this might help */ -sleep(2); -apc_clear_cache(); -exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - - /* make snort the owner */ - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); - -/* if snort is running hardrestart, if snort is not running do nothing */ -if (file_exists("/tmp/snort_download_halt.pid")) { - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - echo "The Rules update finished...\n"; - echo "Snort has restarted with your new set of rules...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'"); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} else { - echo "The Rules update finished...\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'"); -} - -conf_mount_ro(); - -?> diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php deleted file mode 100644 index dfda630b..00000000 --- a/config/snort-dev/snort_define_servers.php +++ /dev/null @@ -1,581 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - -TODO: Nov 12 09 -Clean this code up its ugly -Important add error checking - -*/ - -require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} - -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['uuid'] = $a_nat[$id]['uuid']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - -if (isset($_GET['dup'])) - unset($id); -} - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); - - - if ($_POST["Submit"]) { - - /* check for overlaps */ - -/* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - /* repost the options already in conf */ - if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } - if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } - if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } - if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } - if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } - if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - /* post new options */ - if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } - if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } - if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } - if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } - if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } - if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } - if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } - if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } - if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } - if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } - if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } - if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } - if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } - if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } - if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } - if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } - if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } - if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } - if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } - if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } - if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } - if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } - if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } - if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } - if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } - if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } - if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } - if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } - if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } - if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } - if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } - if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } - if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } - - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - /* after click go to this page */ - - touch($d_snortconfdirty_path); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - - header("Location: snort_define_servers.php?id=$id"); - - exit; - } -} - - - /* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { - - write_config(); - - sync_snort_package_all(); - sync_snort_package(); - - unlink($d_snortconfdirty_path); - - } - - } - -$pgtitle = "Snort: Interface $id$if_real Define Servers"; -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("./snort_fbegin.inc"); -?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<style type="text/css"> -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} -</style> -<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<form action="snort_define_servers.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php - - /* Display message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if($id != "") -{ - - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", true, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - -} -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " - <style type=\"text/css\"> - .noid { - position:absolute; - top:10px; - left:0px; - width:94%; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; - } - </style> - <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> - Please save your settings before you click start.<br> - Please make sure there are <strong>no spaces</strong> in your definitions. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define DNS_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define DNS_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SMTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SMTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define Mail_Ports</td> - <td width="78%" class="vtable"> - <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define HTTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define WWW_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define HTTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SQL_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define ORACLE_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define MSSQL_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define TELNET_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define TELNET_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SNMP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SNMP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define FTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define FTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SSH_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SSH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define POP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define POP2_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define POP3_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define IMAP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define IMAP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SIP_PROXY_IP</td> - <td width="78%" class="vtable"> - <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SIP_PROXY_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define AUTH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define FINGER_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define IRC_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define NNTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define RLOGIN_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define RSH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SSL_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - </table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php deleted file mode 100644 index b2bcb748..00000000 --- a/config/snort-dev/snort_download_rules.php +++ /dev/null @@ -1,1211 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* Setup enviroment */ - -/* TODO: review if include files are needed */ -require_once("guiconfig.inc"); -require_once("functions.inc"); -require_once("service-utils.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$tmpfname = "/tmp/snort_rules_up"; -$snortdir = "/usr/local/etc/snort"; -$snortdir_wan = "/usr/local/etc/snort"; -$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; -$snort_filename = "snortrules-snapshot-2.8.tar.gz"; -$emergingthreats_filename_md5 = "version.txt"; -$emergingthreats_filename = "emerging.rules.tar.gz"; -$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; -$pfsense_rules_filename = "pfsense_rules.tar.gz"; - -$id_d = $_GET['id_d']; -if (isset($_POST['id_d'])) - $id_d = $_POST['id_d']; - -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - - - if ($snortdownload == "off" && $emergingthreats != "on") - { - $snort_emrging_info = "stop"; - } - - if ($oinkid == "" && $snortdownload != "off") - { - $snort_oinkid_info = "stop"; - } - - - /* check if main rule directory is empty */ - $if_mrule_dir = "/usr/local/etc/snort/rules"; - $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - - -if (file_exists('/var/run/snort.conf.dirty')) { - $snort_dirty_d = 'stop'; -} - - - -/* If no id show the user a button */ -if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') { - -$pgtitle = "Services: Snort: Rule Updates"; - -include("head.inc"); -include("./snort_fbegin.inc"); -echo "<p class=\"pgtitle\">"; -if($pfsense_stable == 'yes'){echo $pgtitle;} -echo "</p>\n"; - - echo "<table height=\"32\" width=\"100%\">\n"; - echo " <tr>\n"; - echo " <td>\n"; - echo " <div style='background-color:#E0E0E0' id='redbox'>\n"; - echo " <table width='100%'><tr><td width='8%'>\n"; - echo " <img style='vertical-align:middle' src=\"/snort/images/icon_excli.png\" width=\"40\" height=\"32\">\n"; - echo " </td>\n"; - echo " <td width='70%'><font color='#FF850A'><b>NOTE:</b></font><font color='#000000'> Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>\n"; - echo " </td>"; - echo " </tr></table>\n"; - echo " </div>\n"; - echo " </td>\n"; - echo "</table>\n"; - echo "<script type=\"text/javascript\">\n"; - echo "NiftyCheck();\n"; - echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#E0E0E0\",\"smooth\");\n"; - echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; - echo "</script>\n"; - echo "\n<br>\n"; - -/* make sure user has javascript on */ -echo "<style type=\"text/css\"> -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} -</style> -<noscript><div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>\n"; -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">\n"; - -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n -<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n -<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); - -if ($snort_emrging_info == "stop" && $snort_oinkid_info == "stop") { -$disable_enable_button = 'onclick="this.disabled=true"'; -}else{ -$disable_enable_button = "onClick=\"parent.location='/snort/snort_download_rules.php?id_d=up'\""; -} -echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n -<input name=\"Submit\" type=\"submit\" class=\"formbtn\" $disable_enable_button value=\"Update Rules\" $disable_button> <br><br> \n"; - -if ($mfolder_chk == "empty") -{ -echo "<span class=\"red\"><strong>WARNING:</strong></span> The main rules <strong>directory</strong> is <strong>empty</strong>. /usr/local/etc/snort/rules <br><br>\n"; -} - -if ($snort_emrging_info == "stop") { -echo "<span class=\"red\"><strong>WARNING:</strong></span> Click on the <strong>\"Global Settings\"</strong> tab and select ether snort.org or enmergingthreats.net rules to download. <br><br> \n"; -} - -if ($snort_oinkid_info == "stop") { -echo "<span class=\"red\"><strong>WARNING:</strong></span> Click on the <strong>\"Global Settings\"</strong> tab and enter a <strong>oinkmaster</strong> code. <br><br> \n"; -} - -if ($snort_dirty_d == "stop") { -echo "<span class=\"red\"><strong>WARNING:</span> CHANGES HAVE NOT BEEN APPLIED</strong> Click on the <strong>\"Apply Settings\"</strong> button at the main interface tab.<br><br> \n"; -} - -echo " </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n -</table>\n -\n -</form>\n -\n -<p>\n\n"; - -if ($id_d == "") -echo "Click on the <strong>\"Update Rules\"</strong> button to start the updates. <br><br> \n"; - -if ($config['installedpackages']['snortglobal']['last_md5_download'] != "") -echo "The last time the updates were started <strong>$last_md5_download</strong>. <br><br> \n"; - -if ($config['installedpackages']['snortglobal']['last_rules_install'] != "") -echo "The last time the updates were installed <strong>$last_rules_install</strong>. <br><br> \n"; - -include("fend.inc"); - -echo "</body>"; -echo "</html>"; - -exit(0); - -} - -$pgtitle = "Services: Snort: Update Rules"; - -include("/usr/local/www/head.inc"); - -?> -<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> -<script type="text/javascript" src="/snort/javascript/jquery-1.3.2.js"></script> -<script type="text/javascript" src="/snort/javascript/jquery.blockUI.js?v2.28"></script> - -<script type="text/javascript"> -<!-- - -function displaymessage() -{ - - $.blockUI.defaults.message = "Please be patient...."; - - $.blockUI({ - - css: { - border: 'none', - padding: '15px', - backgroundColor: '#000', - '-webkit-border-radius': '10px', - '-moz-border-radius': '10px', - opacity: .5, - color: '#fff', - } - }); - -} - -function displaymessagestop() -{ - -setTimeout($.unblockUI, 2000); - -} - -// --> -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> - -<form action="snort_download_rules.php" method="post"> -<div id="inputerrors"></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> - -<script type="text/javascript"> -<!-- - displaymessage(); -// --> -</script> - -</td> -</tr> - <br> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td align="center" valign="top"> - <!-- progress bar --> - <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'> - <tr> - <td> - <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' /> - </td> - </tr> - </table> - <br /> - <!-- status box --> - <textarea cols="60" rows="2" name="status" id="status" wrap="hard"> - <?=gettext("Initializing...");?> - </textarea> - <!-- command output box --> - <textarea cols="60" rows="2" name="output" id="output" wrap="hard"> - </textarea> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> -</form> -<?php include("fend.inc");?> - -<?php - -conf_mount_rw(); - -/* Begin main code */ -/* Set user agent to Mozilla */ -ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); -ini_set("memory_limit","125M"); - -/* mark the time update started */ -$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); - -/* send current buffer */ -ob_flush(); -conf_mount_rw(); - -$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; - -if ($premium_subscriber_chk == "premium") { - $premium_subscriber = "_s"; -}else{ - $premium_subscriber = ""; -} - -$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload']; -if ($premium_url_chk == "premium") { - $premium_url = "sub-rules"; -}else{ - $premium_url = "reg-rules"; -} - -/* hide progress bar */ -hide_progress_bar_status(); - -/* send current buffer */ -ob_flush(); -conf_mount_rw(); - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); - apc_clear_cache(); -} - -/* Make shure snortdir exits */ -exec("/bin/mkdir -p {$snortdir}"); -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); - -/* send current buffer */ -ob_flush(); -conf_mount_rw(); - -/* If tmp dir does not exist create it */ -if (file_exists($tmpfname)) { - update_status(gettext("The directory tmp exists...")); -} else { - mkdir("{$tmpfname}", 700); -} - -/* unhide progress bar and lets end this party */ -unhide_progress_bar_status(); - -/* download md5 sig from snort.org */ -if ($snortdownload == "basic" || $snortdownload == "premium") -{ - if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { - update_status(gettext("snort.org md5 temp file exists...")); - } else { - update_status(gettext("Downloading snort.org md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done downloading snort.org md5")); - } -} - -/* download md5 sig from emergingthreats.net */ -if ($emergingthreats == "on") -{ - update_status(gettext("Downloading emergingthreats md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done downloading emergingthreats md5")); -} - -/* download md5 sig from pfsense.org */ -if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("pfsense md5 temp file exists...")); -} else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done downloading pfsense md5.")); -} - -/* If md5 file is empty wait 15min exit */ -if ($snortdownload != "off") -{ - if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")) - { - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - hide_progress_bar_status(); - /* Display last time of sucsessful md5 check from cache */ - echo "\n\n</body>\n</html>\n"; - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } -} - -/* If emergingthreats md5 file is empty wait 15min exit not needed */ - -/* If pfsense md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - hide_progress_bar_status(); - /* Display last time of sucsessful md5 check from cache */ - echo "\n\n</body>\n</html>\n"; - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); -} - -/* Check if were up to date snort.org */ -if ($snortdownload != "off") -{ - if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")) - { - $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); - $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - /* Write out time of last sucsessful md5 to cache */ - write_config(); // Will cause switch back to read-only on nanobsd - conf_mount_rw(); - if ($md5_check_new == $md5_check_old) - { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - hide_progress_bar_status(); - echo "\n\n</body>\n</html>\n"; - $snort_md5_check_ok = on; - } - } -} - -/* Check if were up to date emergingthreats.net */ -if ($emergingthreats == "on") -{ - if (file_exists("{$snortdir}/version.txt")) - { - $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); - $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); - $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - /* Write out time of last sucsessful md5 to cache */ - // Will cause switch back to read-only on nanobsd - write_config(); - conf_mount_rw(); - if ($emerg_md5_check_new == $emerg_md5_check_old) - { - hide_progress_bar_status(); - $emerg_md5_check_ok = on; - } - } -} - -/* Check if were up to date pfsense.org */ - if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) - { - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - /* Write out time of last sucsessful md5 to cache */ - // Will cause switch back to read-only on nanobsd - write_config(); - conf_mount_rw(); - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - hide_progress_bar_status(); - $pfsense_md5_check_ok = on; - } - } - -/* Check if were up to date is so, exit */ -/* WARNING This code needs constant checks */ -if ($snortdownload != "off" && $emergingthreats != "off") -{ - if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on") - { - update_status(gettext("All your rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - echo ' - <script type="text/javascript"> - <!-- - displaymessagestop(); - // --> - </script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } -} - -if ($snortdownload == "on" && $emergingthreats == "off") -{ - if ($snort_md5_check_ok == "on") - { - update_status(gettext("Your snort.org rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - echo ' - <script type="text/javascript"> - <!-- - displaymessagestop(); - // --> - </script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } -} - -if ($snortdownload == "off" && $emergingthreats == "on") -{ - if ($emerg_md5_check_ok == "on") - { - update_status(gettext("Your Emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - echo ' - <script type="text/javascript"> - <!-- - displaymessagestop(); - // --> - </script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } -} - -/* You are Not Up to date, always stop snort when updating rules for low end machines */; -update_status(gettext("You are NOT up to date...")); -update_output_window(gettext("Stopping Snort service...")); -$chk_if_snort_up = exec("pgrep -x snort"); -if ($chk_if_snort_up != "") { - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop"); - sleep(2); -} - -/* download snortrules file */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - update_output_window(gettext("Snort rules file downloaded failed...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } - } - } -} - -/* download emergingthreats rules file */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != on) - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Emergingthreats tar file exists...")); - }else{ - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading Emergingthreats rules file.")); - } - } -} - -/* download pfsense rules file */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); -} else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); -// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } -} - -/* Compair md5 sig to file sig */ - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk == on) { -//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md5 == $file_md5_ondisk) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); -// update_output_window(gettext("Error md5 Mismatch...")); -// exit(0); -// } -//} - -//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -//if ($premium_url_chk != on) { -//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; -// if ($md55 == $file_md5_ondisk2) { -// update_status(gettext("Valid md5 checksum pass...")); -//} else { -// update_status(gettext("The downloaded file does not match the md5 file...Not P")); -// update_output_window(gettext("Error md5 Mismatch...")); -// exit(0); -// } -//} - -/* Untar snort rules file individually to help people with low system specs */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mkdir -p {$snortdir}/rules_bk/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/rules_bk rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/" . - " so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/" . - " so_rules/bad-traffic.rules/" . - " so_rules/chat.rules/" . - " so_rules/dos.rules/" . - " so_rules/exploit.rules/" . - " so_rules/imap.rules/" . - " so_rules/misc.rules/" . - " so_rules/multimedia.rules/" . - " so_rules/netbios.rules/" . - " so_rules/nntp.rules/" . - " so_rules/p2p.rules/" . - " so_rules/smtp.rules/" . - " so_rules/sql.rules/" . - " so_rules/web-client.rules/" . - " so_rules/web-misc.rules/"); - /* add prefix to all snort.org files */ - /* remove this part and make it all php with the simplst code posible */ - chdir ("/usr/local/etc/snort/rules_bk/rules"); - sleep(2); - exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - update_status(gettext("Done extracting Rules.")); - }else{ - update_status(gettext("The Download rules file missing...")); - update_output_window(gettext("Error rules extracting failed...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } - } -} - -/* Untar emergingthreats rules to tmp */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != on) - { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } -} - -/* Untar Pfsense rules to tmp */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } -} - -/* Untar snort signatures */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; -if ($premium_url_chk == on) { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } -} - -/* Copy so_rules dir to snort lib dir */ -/* Disabed untill I find out why there is a segment failt coredump when using these rules on 2.8.5.3 */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) { - if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1")) { - update_status(gettext("Copying so_rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/* /usr/local/lib/snort/dynamicrules/"); - exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - update_status(gettext("Done copying so_rules.")); - }else{ - update_status(gettext("Directory so_rules does not exist...")); - update_output_window(gettext("Error copying so_rules...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy renamed snort.org rules to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am")) - { - update_status(gettext("Copying renamed snort.org rules to snort directory...")); - exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/"); - }else{ - update_status(gettext("The renamed snort.org rules do not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy configs to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - if (file_exists("{$snortdir}/etc/Makefile.am")) { - update_status(gettext("Copying configs to snort directory...")); - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - }else{ - update_status(gettext("The snort config does not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } - } -} - - -/* Copy md5 sig to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats == "on") -{ - if ($emerg_md5_check_ok != on) - { - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) - { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); - }else{ - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } - } -} - -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); - } -} - -/* Copy signatures dir to snort dir */ -if ($snortdownload != "off") -{ - if ($snort_md5_check_ok != on) - { - $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; - if ($premium_url_chk == on) - { - if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); - }else{ - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } - } - } -} - -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); -} - -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} - -/* make shure default rules are in the right format */ -exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); -exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); - - -////////////////// - -/* open oinkmaster_conf for writing" function */ -function oinkmaster_conf($id, $if_real, $iface_uuid) -{ - - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - conf_mount_rw(); - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } - -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } - -$snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); - - fwrite($oinkmasterlist, "$snort_sid_text"); - - /* close snort's oinkmaster.conf file */ - fclose($oinkmasterlist); - - } -} - -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -function oinkmaster_run($id, $if_real, $iface_uuid) -{ - - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - conf_mount_rw(); - - if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) - { - - if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') - { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - }else{ - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); - } - } -} - -/* Start the proccess for every interface rule */ -/* TODO: try to make the code smother */ - -if (!empty($config['installedpackages']['snortglobal']['rule'])) -{ - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) { - - $id += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); - $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); - - } -} - -////////////// - -/* mark the time update finnished */ -$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); - -/* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) -{ - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /tmp/snort_rules_up"); - sleep(2); - exec("/bin/rm -r {$snortdir}/rules_bk/rules/"); - apc_clear_cache(); -} - -/* php code to flush out cache some people are reportting missing files this might help */ -sleep(2); -apc_clear_cache(); -exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); - -/* make all dirs snorts */ -exec("/usr/sbin/chown -R snort:snort /var/log/snort"); -exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); -exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); -exec("/bin/chmod -R 755 /var/log/snort"); -exec("/bin/chmod -R 755 /usr/local/etc/snort"); -exec("/bin/chmod -R 755 /usr/local/lib/snort"); - - -/* if snort is running hardrestart, if snort is not running do nothing */ -if (file_exists("/tmp/snort_download_halt.pid")) { - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("Snort has restarted with your new set of rules...")); - exec("/bin/rm /tmp/snort_download_halt.pid"); -} else { - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("You may start snort now...")); -} - -echo ' -<script type="text/javascript"> -<!-- - displaymessagestop(); -// --> -</script>'; - -/* hide progress bar and lets end this party */ -hide_progress_bar_status(); -conf_mount_ro(); -?> - -<?php - -function read_body_firmware($ch, $string) { - global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $a = $file_size; - $b = $downloaded; - $c = $downloadProgress; - $text = " Snort download in progress\\n"; - $text .= "----------------------------------------------------\\n"; - $text .= " Downloaded : {$b}\\n"; - $text .= "----------------------------------------------------\\n"; - $counter++; - if($counter > 150) { - update_output_window($text); - update_progress_bar($downloadProgress); - flush(); - $counter = 0; - } - conf_mount_rw(); - fwrite($fout, $string); - conf_mount_ro(); - return $length; -} - -?> - -</body> -</html> diff --git a/config/snort-dev/snort_dynamic_ip_reload.php b/config/snort-dev/snort_dynamic_ip_reload.php deleted file mode 100644 index 98d9bcce..00000000 --- a/config/snort-dev/snort_dynamic_ip_reload.php +++ /dev/null @@ -1,50 +0,0 @@ -<?php - -/* $Id$ */ -/* - snort_dynamic_ip_reload.php - Copyright (C) 2009 Robert Zeleya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ -/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ - -require_once("/usr/local/pkg/snort/snort.inc"); - -/* get the varibles from the command line */ -/* Note: snort.sh sould only be using this */ -//$id = $_SERVER["argv"][1]; -//$if_real = $_SERVER["argv"][2]; - -//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - -//if ($id == "" || $if_real == "" || $test_iface == "") { -// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\""); -// exit; -// } - -sync_snort_package_empty(); - -?>
\ No newline at end of file diff --git a/config/snort-dev/snort_fbegin.inc b/config/snort-dev/snort_fbegin.inc deleted file mode 100644 index b8faff09..00000000 --- a/config/snort-dev/snort_fbegin.inc +++ /dev/null @@ -1,288 +0,0 @@ -<?php - -require_once("globals.inc"); -require_once("notices.inc"); -/* $Id$ */ - function return_ext_menu($section) { - global $config; - $htmltext = ""; - if($config['installedpackages']['menu'] <> "") { - foreach($config['installedpackages']['menu'] as $menuitem) { - if($menuitem['section'] != $section) continue; - if($menuitem['url'] <> "") { - $addresswithport = getenv("HTTP_HOST"); - $colonpos = strpos($addresswithport, ":"); - if ($colonpos !== False){ - //my url is actually just the IP address of the pfsense box - $myurl = substr($addresswithport, 0, $colonpos); - } - else - { - $myurl = $addresswithport; - } - - $description = str_replace('$myurl', $myurl, $menuitem['url']); - } else { - $description = '/pkg.php?xml=' . $menuitem['configfile']; - } - $htmltext .= '<li><a href="' . $description . ' "class="navlnk">' . $menuitem['name'] . '</a></li>' . "\n"; - } - } - return $htmltext; - } - - - - - /* NOTICE ACKNOWLEDGE CODE by Erik Kristensen */ - if ($_REQUEST['noticeaction'] == 'acknowledge') { - $notice_id = $_REQUEST['noticeid']; - close_notice($notice_id); - } - /**********************************************/ -?> - -<div id="wrapper"> - - <div id="header"> - <div id="header-left"><a href="../index.php" id="status-link"><img src="/themes/<?= $g['theme']; ?>/images/transparent.gif" border="0"></img></a></div> - <div id="header-right"> - <div class="container"> - <div class="left">webConfigurator</div> - <div class="right"> -<? - if (are_notices_pending()) { - $notices = get_notices(); - - $requests=array(); - - ## Get Query Arguments from URL ### - foreach ($_REQUEST as $key => $value) { - if ($key != "PHPSESSID") - $requests[] = $key.'='.$value; - } - if(is_array($requests)) - $request_string = implode("&", $requests); - - if(is_array($notices)) { - foreach ($notices as $key => $value) { - $date = date("m-d-y H:i:s", $key); - $noticemsg = str_replace("'", "", $value['notice']); - $noticemsg = str_replace('"', "", $noticemsg); - $noticemsg = str_replace("\n", "", $noticemsg); - $noticemsg = str_replace("<p>", "", $noticemsg); - $noticemsg = str_replace("<pre>", "", $noticemsg); - $noticemsg = str_replace("</pre>", "", $noticemsg); - $noticemsg = str_replace("</p>", "", $noticemsg); - $noticemsg = str_replace("<br>", "", $noticemsg); - $extra_args = ""; - if($_GET['xml']) - $extraargs="&xml=" . $_GET['xml']; - if($_POST['xml']) - $extraargs="&xml=" . $_POST['xml']; - if($_GET['id']) - $extraargs="&xml=" . $_GET['id']; - if($_POST['id']) - $extraargs="&xml=" . $_POST['id']; - $notice_msgs = '<a href="?noticeaction=acknowledge¬iceid=all' . $extraargs . '">Acknowledge All</a> .:. '; - if ($value['url']) { - $notice_msgs .= $date.' - <a href="'.$url.'?'.$request_string.'¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; - } else { - $notice_msgs .= $date.' - <a href="?'.$request_string.'¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>'; - } - $notice_msgs .= " .:. "; - } - } -?> - <div id="alerts"> - <script type="text/javascript"> - var content='<div id="marquee-text"><?= $notice_msgs; ?></div>' - </script> - <script type="text/javascript" src="/ticker.js"></script> - </div> -<? - } else { -?> - <div id="hostname"> - <? print $config['system']['hostname'] . "." . $config['system']['domain']; ?> - </div> -<? - } -?> - </div> - </div> - </div> - </div> <!-- Header DIV --> - <div id="content"> - <div id="left"> - <div id="navigation" style="z-index:1000"> - <ul id="menu"> - <li class="firstdrop"> - <div>System</div> - <ul class="subdrop"> - <li><a href="/system_advanced.php" class="navlnk">Advanced</a></li> - <li><a href="/system_firmware.php" class="navlnk">Firmware</a></li> - <li><a href="/system.php" class="navlnk">General Setup</a></li> - <?php if($g['platform'] == "pfSense" or $g['platform'] == "nanobsd"): ?> - <li><a href="/pkg_mgr.php" class="navlnk">Packages</a></li> - <?php endif; ?> - <li><a href="/wizard.php?xml=setup_wizard.xml" class="navlnk">Setup wizard</a></li> - <li><a href="/system_routes.php" class="navlnk">Static routes</a></li> - </ul> - </li> - <li class="drop"> - <div>Interfaces</div> - <ul class="subdrop"> - <?php if (!isset($config['system']['webgui']['noassigninterfaces'])): ?><li><a href="/interfaces_assign.php" class="navlnks">(assign)</a></li><?php endif; ?> - <li><a href="/interfaces_wan.php" class="navlnk">WAN</a></li> - <li><a href="/interfaces_lan.php" class="navlnk">LAN</a></li> - <?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): if (!isset($config['interfaces']['opt' . $i]['ovpn'])): ?> - <li><a href="/interfaces_opt.php?index=<?=$i;?>" class="navlnk"><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?></a></li> - <?php endif; endfor; ?> - <?php echo return_ext_menu("Interfaces"); ?> - </ul> - </li> -<?php - if($config['system']['shapertype'] <> "m0n0") - $shaper = "firewall_shaper.php"; - else - $shaper = "m0n0/firewall_shaper.php"; -?> - <li class="drop"> - <div>Firewall</div> - <ul class="subdrop"> - <li><a href="/firewall_aliases.php" class="navlnk">Aliases</a></li> - <li><a href="/firewall_nat.php" class="navlnk">NAT</a></li> - <li><a href="/firewall_rules.php" class="navlnk">Rules</a></li> - <li><a href="/firewall_schedule.php" class="navlnk">Schedules</a></li> - <li><a href="<?=$shaper?>" class="navlnk">Traffic Shaper</a></li> - <li><a href="/firewall_virtual_ip.php" class="navlnk">Virtual IPs</a></li> - <?php echo return_ext_menu("Firewall"); ?> - </ul> - </li> - <li class="drop"> - <div>Services</div> - <ul class="subdrop"> - <li><a href="/services_captiveportal.php" class="navlnk">Captive portal</a></li> - <li><a href="/services_dnsmasq.php" class="navlnk">DNS forwarder</a></li> - <li><a href="/services_dhcp_relay.php" class="navlnk">DHCP relay</a></li> - <li><a href="/services_dhcp.php" class="navlnk">DHCP server</a></li> - <li><a href="/services_dyndns.php" class="navlnk">Dynamic DNS</a></li> - <li><a href="/load_balancer_pool.php" class="navlnk">Load Balancer</a></li> - <li><a href="/pkg_edit.php?xml=olsrd.xml&id=0" class="navlnk">OLSR</a></li> - <li><a href="/vpn_pppoe.php" class="navlnk">PPPoE Server</a></li> - <li><a href="/pkg_edit.php?xml=routed/routed.xml&id=0" class="navlnk">RIP</a></li> - <li><a href="/services_snmp.php" class="navlnk">SNMP</a></li> - <li><a href="/pkg_edit.php?xml=miniupnpd.xml&id=0" class="navlnk">UPnP</a></li> - <li><a href="/pkg_edit.php?xml=openntpd.xml&id=0" class="navlnk">OpenNTPD</a></li> - <li><a href="/services_wol.php" class="navlnk">Wake on LAN</a></li> - <?php echo return_ext_menu("Services"); ?> - </ul> - </li> - <li class="drop"> - <div>VPN</div> - <ul class="subdrop"> - <li><a href="/vpn_ipsec.php" class="navlnk">IPsec</a></li> - <li><a href="/pkg.php?xml=openvpn.xml" class="navlnk">OpenVPN</a></li> - <li><a href="/vpn_pptp.php" class="navlnk">PPTP</a></li> - <?php echo return_ext_menu("VPN"); ?> - </ul> - </li> - <li class="drop"> - <div>Status</div> - <ul class="subdrop"> - <?php if (isset($config['captiveportal']['enable'])): ?> - <li><a href="/status_captiveportal.php" class="navlnk">Captive portal</a></li> - <?php endif; ?> - <li><a href="/carp_status.php" class="navlnk">CARP (failover)</a></li> - <li><a href="/diag_dhcp_leases.php" class="navlnk">DHCP leases</a></li> - <li><a href="/status_filter_reload.php" class="navlnk">Filter Reload Status</a></li> - <li><a href="/status_interfaces.php" class="navlnk">Interfaces</a></li> - <li><a href="/diag_ipsec.php" class="navlnk">IPsec</a></li> - <li><a href="/status_slbd_pool.php" class="navlnk">Load Balancer</a></li> - <?php if($g['platform'] == "pfSense"): ?> - <li><a href="/diag_pkglogs.php" class="navlnk">Package logs</a></li> - <?php endif; ?> - <li><a href="/status_queues.php" class="navlnk">Queues</a></li> - <li><a href="/status_rrd_graph.php" class="navlnk">RRD Graphs</a></li> - <li><a href="/status_services.php" class="navlnk">Services</a></li> - <li><a href="/index.php" class="navlnk">System</a></li> - <li><a href="/diag_logs.php" class="navlnk">System logs</a></li> - <li><a href="/status_graph.php?if=wan" class="navlnk">Traffic graph</a></li> - <li><a href="/status_upnp.php" class="navlnk">UPnP</a></li> - <?php $i = 0; $ifdescrs = array(); - if (is_array($config['interfaces']['wan']['wireless']) && - preg_match($g['wireless_regex'], $config['interfaces']['wan']['if'])) - $ifdescrs['wan'] = 'WAN'; - if (is_array($config['interfaces']['lan']['wireless']) && - preg_match($g['wireless_regex'], $config['interfaces']['lan']['if'])) - $ifdescrs['lan'] = 'LAN'; - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - if (is_array($config['interfaces']['opt' . $j]['wireless']) && - isset($config['interfaces']['opt' . $j]['enable']) && - preg_match($g['wireless_regex'], $config['interfaces']['opt' . $j]['if'])) - $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; - } - if (count($ifdescrs) > 0): ?> - <li><a href="/status_wireless.php" class="navlnk">Wireless</a></li> - <?php endif; ?> - <?php echo return_ext_menu("Status"); ?> - </ul> - </li> - <li class="lastdrop"> - <div>Diagnostics</div> - <ul id="diag" class="subdrop"> - <li><a href="/diag_arp.php" class="navlnk">ARP Tables</a></li> - <li><a href="/diag_backup.php" class="navlnk">Backup/Restore</a></li> - <li><a href="/exec.php" class="navlnk">Command Prompt</a></li> - <li><a href="/edit.php" class="navlnk">Edit File</a></li> - <li><a href="/diag_defaults.php" class="navlnk">Factory defaults </a></li> - <li><a href="/halt.php" class="navlnk">Halt system</a></li> -<?php if($g['platform']=="nanobsd"): ?> - <li><a href="/diag_nanobsd.php" class="navlnk">NanoBSD</a></li> -<?php endif; ?> - <li><a href="/diag_ping.php" class="navlnk">Ping</a></li> - <li><a href="/reboot.php" class="navlnk">Reboot system</a></li> - <li><a href="/diag_routes.php" class="navlnk">Routes</a></li> - <li><a href="/diag_dump_states.php" class="navlnk">States</a></li> - <li><a href="/diag_traceroute.php" class="navlnk">Traceroute</a></li> - <li><a href="/diag_packet_capture.php" class="navlnk">Packet Capture</a></li> - <?php echo return_ext_menu("Diagnostics"); ?> - <?php if(isset($config['system']['developer'])): ?> - <li><hr width="80%"/></li> - <li><a href="/restart_httpd.php" class="navlnk">Restart HTTPD</a></li> - <?php endif; ?> - </ul> - </li> - </ul> - </div> - - </div> <!-- Left DIV --> - - <div id="right"> - - -<?php - /* display a top alert bar if need be */ - $need_alert_display = false; - $found_notices = are_notices_pending(); - if($found_notices == true) { - $notices = get_notices(); - if(!$notices) { - $need_alert_display = true; - $display_text = print_notices() . "<br>"; - } - } - if($need_alert_display == true) { - echo "<div style=\"background-color:#000000\" id=\"roundalert\">"; - echo "<table>"; - echo "<tr><td><font color=\"#ffffff\">"; - echo " <img align=\"middle\" src=\"/top_notification.gif\"> "; - echo $display_text; - echo "</td>"; - echo "</tr>"; - echo "</table>"; - echo "</div>"; - } - -?>
\ No newline at end of file diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc deleted file mode 100644 index 95a0e597..00000000 --- a/config/snort-dev/snort_gui.inc +++ /dev/null @@ -1,66 +0,0 @@ -<?php -/* $Id$ */ -/* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2006 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -include_once("/usr/local/pkg/snort/snort.inc"); - -function print_info_box_np2($msg) { - global $config, $g; - - echo "<table height=\"32\" width=\"100%\">\n"; - echo " <tr>\n"; - echo " <td>\n"; - echo " <div style='background-color:#990000' id='redbox'>\n"; - echo " <table width='100%'><tr><td width='8%'>\n"; - echo " <img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n"; - echo " </td>\n"; - echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n"; - echo " </td>"; - if(stristr($msg, "apply") == true) { - echo " <td>"; - echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n"; - echo " </td>"; - } - echo " </tr></table>\n"; - echo " </div>\n"; - echo " </td>\n"; - echo "</table>\n"; - echo "<script type=\"text/javascript\">\n"; - echo "NiftyCheck();\n"; - echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n"; - echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; - echo "</script>\n"; - echo "\n<br>\n"; - - -} - - -?> diff --git a/config/snort-dev/snort_help_info.php b/config/snort-dev/snort_help_info.php deleted file mode 100644 index 5355ec77..00000000 --- a/config/snort-dev/snort_help_info.php +++ /dev/null @@ -1,191 +0,0 @@ -<?php -/* $Id$ */ -/* - halt.php - part of pfSense - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - part of m0n0wall as reboot.php (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -header("snort_help_info.php"); -header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); -header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); -header( "Cache-Control: no-cache, must-revalidate" ); -header( "Pragma: no-cache" ); - -$pgtitle = "Snort: Services: Help and Info"; -include('head.inc'); -?> -<style type="text/css"> -iframe -{ - border: 0; -} - -#footer2 -{ - -top: 135px; -position: relative; -background-color: #FFFFFF; -background-image: url("./images/footer.jpg"); -background-repeat: no-repeat; -background-attachment: scroll; -background-position: 0px 0px; -bottom: 0px; -width: 780px; -height: 63px; -color: #000000; -text-align: center; -font-size: 0.8em; -padding-top:64px; -padding-left: 0px; -clear: both; - -} - -</style> -<body> -<?php include("./snort_fbegin.inc"); ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", true, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> - </td> -</tr> -</table> - -<?php -/* TODO: remove when 2.0 stable */ -if ($pfsense_stable == 'yes') { - -$footer2 = " - -<style type=\"text/css\"> - -#footer2 -{ - position: relative; - top: 27px; - background-color: #cccccc; - background-image: none; - background-repeat: repeat; - background-attachment: scroll; - background-position: 0% 0%; - width: 810px; - right: 15px; - font-size: 0.8em; - text-align: center; - padding-top: 0px; - padding-right: 0px; - padding-bottom: 0px; - padding-left: 0px; - clear: both; -} - -</style> - - <div id=\"footer2\"> - <IMG SRC=\"./images/footer2.jpg\" width=\"800px\" height=\"35\" ALT=\"Apps\"> - Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com - </div>\n"; -} - -if ($pfsense_stable != 'yes') { -$footer3 = " - -<style type=\"text/css\"> - -#footer3 -{ - -top: 105px; -position: relative; -background-color: #FFFFFF; -background-image: url(\"./images/footer2.jpg\"); -background-repeat: no-repeat; -background-attachment: scroll; -background-position: 0px 0px; -bottom: 0px; -width: 770px; -height: 35px; -color: #000000; -text-align: center; -font-size: 0.8em; -padding-top: 35px; -padding-left: 0px; -clear: both; - -} - -</style> - - <div id=\"footer3\"> - Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com - </div>\n"; -} -?> - - -<div> - <iframe style="width: 780px; height: 600px; overflow-x: hidden;" src='/snort/help_and_info.php'></iframe> -</div> - -<?php echo $footer2;?> - -</div> -</div> - -<?php //echo $footer3;?> - - <div id="footer"> - <a target="_blank" href="http://www.pfsense.org/?gui12" class="redlnk">pfSense</a> is © - 2004 - 2009 by <a href="http://www.bsdperimeter.com" class="tblnk">BSD Perimeter LLC</a>. All Rights Reserved. - <a href="/license.php" class="tblnk">view license</a>] - <br/> - - <a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a> - </div> <!-- Footer DIV --> -</body> -</html> diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php deleted file mode 100644 index b2f72aad..00000000 --- a/config/snort-dev/snort_interfaces.php +++ /dev/null @@ -1,581 +0,0 @@ -<?php -/* $Id$ */ -/* - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); - -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -if (isset($config['installedpackages']['snortglobal']['rule'])) { -$id_gen = count($config['installedpackages']['snortglobal']['rule']); -}else{ -$id_gen = '0'; -} - - -/* alert file */ -$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if ($d_snortconfdirty_path_ls != '') { - - write_config(); - - sync_snort_package_empty(); - sync_snort_package(); - - exec('/bin/rm /var/run/snort_conf_*.dirty'); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - - exit; - - } - - } - - - -if (isset($_POST['del_x'])) { - /* delete selected rules */ - if (is_array($_POST['rule']) && count($_POST['rule'])) { - foreach ($_POST['rule'] as $rulei) { - - /* convert fake interfaces to real */ - $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']); - $snort_uuid = $a_nat[$rulei]['uuid']; - - /* cool code to check if any snort is up */ - $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); - - if ($snort_up_ck != "") - { - - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); - $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - - $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); - $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - - - if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") - { - - /* dont flood the syslog code */ - //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); - //sleep(3); - - - /* remove only running instances */ - if ($start_up_s != "") - { - exec("/bin/kill {$start_up_s}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != "") - { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - if ($start_up_r != "") - { - exec("/bin/kill {$start_up_r}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != "") - { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - /* stop syslog flood code */ - //$if_real_wan_rulei = $a_nat[$rulei]['interface']; - //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); - //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); - //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); - //exec("/usr/bin/killall syslogd"); - //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); - //sleep(2); - //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); - //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); - //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); - //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); - - } - - } - - unset($a_nat[$rulei]); - } - - conf_mount_rw(); - exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); - exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - conf_mount_ro(); - - write_config(); - - touch("/var/run/snort_conf_delete.dirty"); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - exit; - } - -} - - -/* start/stop snort */ -if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -{ - - $if_real = convert_friendly_interface_to_real_interface_name($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'yes') { - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - - }else{ - - sync_snort_package_all($id, $if_real); - sync_snort_package(); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - } -} - - - -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.18 RC Final"; -include("head.inc"); - -?> -<body link="#000000" vlink="#000000" alink="#000000"> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<style type="text/css"> - -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 50% 50px; -} -.listbg2 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #090; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} -.listbg3 { - border-right: 1px solid #999999; - border-bottom: 1px solid #999999; - font-size: 11px; - background-color: #777777; - color: #000; - padding-right: 16px; - padding-left: 6px; - padding-top: 4px; - padding-bottom: 4px; -} - -</style> - - - -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> -<form action="/snort/snort_interfaces.php" method="post" name="iform"> - -<?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if ($d_snortconfdirty_path_ls != '') { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed for one or more interfaces.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", true, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="list"> </td> - <td width="1%" class="list"> </td> - <td width="10%" class="listhdrr">If</td> - <td width="10%" class="listhdrr">Snort</td> - <td width="10%" class="listhdrr">Performance</td> - <td width="10%" class="listhdrr">Block</td> - <td width="10%" class="listhdrr">Barnyard2</td> - <td width="50%" class="listhdr">Description</td> - <td width="3%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> - <tr valign="top" id="fr<?=$nnats;?>"> - <?php - - /* convert fake interfaces to real and check if iface is up */ - /* There has to be a smarter way to do this */ - $if_real = convert_friendly_interface_to_real_interface_name($natent['interface']); - $snort_uuid = $natent['uuid']; - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'no') - { - $iconfn = 'pass'; - $class_color_up = 'listbg'; - }else{ - $class_color_up = 'listbg2'; - $iconfn = 'block'; - } - - ?> - <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> - <td class="listt" align="center"></td> - <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - if (!$natent['interface'] || ($natent['interface'] == "wan")) - echo "WAN"; - else if(strtolower($natent['interface']) == "lan") - echo "LAN"; - else if(strtolower($natent['interface']) == "pppoe") - echo "PPPoE"; - else if(strtolower($natent['interface']) == "pptp") - echo "PPTP"; - else - echo strtoupper($natent['interface']); - ?> - </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; - if ($check_snort_info == "on") - { - $check_snort = enabled; - } else { - $check_snort = disabled; - } - ?> - <?=strtoupper($check_snort);?> - </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance']; - if ($check_performance_info != "") { - $check_performance = $check_performance_info; - }else{ - $check_performance = "lowmem"; - } - ?> - <?=strtoupper($check_performance);?> - </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7']; - if ($check_blockoffenders_info == "on") - { - $check_blockoffenders = enabled; - } else { - $check_blockoffenders = disabled; - } - ?> - <?=strtoupper($check_blockoffenders);?> - </td> - <?php - - $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id); - - if ($color2_upb == 'yes') { - $class_color_upb = 'listbg2'; - }else{ - $class_color_upb = 'listbg'; - } - - ?> - <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <?php - $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; - if ($check_snortbarnyardlog_info == "on") - { - $check_snortbarnyardlog = strtoupper(enabled); - }else{ - $check_snortbarnyardlog = strtoupper(disabled); - } - ?> - <?php echo "$check_snortbarnyardlog";?> - </td> - <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> - <font color="#ffffff"> - <?=htmlspecialchars($natent['descr']);?> - </td> - <td valign="middle" class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td> - </tr> - </table> - </tr> - <?php $i++; $nnats++; endforeach; ?> - <tr> - <td class="list" colspan="8"></td> - <td class="list" valign="middle" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><?php if ($nnats == 0): ?><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -<br> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings. - <br> - Please edit the <strong>Global Settings</strong> tab before adding an interface. - <br><br> - <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard. - <br> - <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard. - <br> - <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings. -</td> - </table> - -<?php -if ($pkg['tabs'] <> "") { - echo "</td></tr></table>"; -} -?> - -</form> - -<?php -/* TODO: remove when 2.0 stable */ -if ($pfsense_stable == 'yes') { - -$footer2 = " - -<style type=\"text/css\"> - -#footer2 -{ - position: relative; - top: -17px; - background-color: #cccccc; - background-image: none; - background-repeat: repeat; - background-attachment: scroll; - background-position: 0% 0%; - font-size: 0.8em; - text-align: center; - padding-top: 0px; - padding-right: 0px; - padding-bottom: 0px; - padding-left: 10px; - clear: both; -} - -</style> - - <div id=\"footer2\"> - <IMG SRC=\"./images/footer2.jpg\" width=\"780px\" height=\"35\" ALT=\"Apps\"> - Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com - </div>\n"; -} - -if ($pfsense_stable != 'yes') { -$footer3 = " - -<style type=\"text/css\"> - -#footer2 -{ - -top: 105px; -position: relative; -background-color: #FFFFFF; -background-image: url(\"./images/footer2.jpg\"); -background-repeat: no-repeat; -background-attachment: scroll; -background-position: 0px 0px; -bottom: 0px; -width: 770px; -height: 35px; -color: #000000; -text-align: center; -font-size: 0.8em; -padding-top: 35px; -padding-left: 0px; -clear: both; - -} - -</style> - - <div id=\"footer2\"> - Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com - </div>\n"; -} -?> - -<?php echo $footer3;?> - -</div> <!-- Right DIV --> -</div> <!-- Content DIV --> - -<?php echo $footer2;?> - - <div id="footer"> - <a target="_blank" href="http://www.pfsense.org/?gui12" class="redlnk">pfSense</a> is © - 2004 - 2009 by <a href="http://www.bsdperimeter.com" class="tblnk">BSD Perimeter LLC</a>. All Rights Reserved. - [<a href="/license.php" class="tblnk">view license</a>] - <br/> - [<a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a>] - </div> <!-- Footer DIV --> - -</div> <!-- Wrapper Div --> -<script type="text/javascript" src="/themes/nervecenter/bottom-loader.js"></script> -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php deleted file mode 100644 index 164f154a..00000000 --- a/config/snort-dev/snort_interfaces_edit.php +++ /dev/null @@ -1,607 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - - -/* always have a limit of (65535) numbers only or snort will not start do to id limits */ -/* TODO: When inline gets added make the uuid the port number lisstening */ -//function gen_snort_uuid($fileline) -//{ - /* return the first 5 */ - //if (preg_match("/...../", $fileline, $matches1)) - //{ - //$uuid_final = "$matches1[0]"; - //} -//return $uuid_final; -//} - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$snort_uuid = 0; -while ($snort_uuid > 65535 || $snort_uuid == 0) { - $snort_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $snort_uuid; - } -} - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); - -if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; -} - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['uuid'] = $a_nat[$id]['uuid']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - - if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; -} else { - $pconfig['interface'] = "wan"; -} - -if (isset($_GET['dup'])) - unset($id); - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - - write_config(); - - sync_snort_package_empty(); - sync_snort_package(); - - unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); - - } - - if (file_exists($d_snortconfdirty_path)) { - - write_config(); - - sync_snort_package_all(); - sync_snort_package(); - - unlink($d_snortconfdirty_path); - - } - - } - -if ($_POST["Submit"]) { - - - - // if ($config['installedpackages']['snortglobal']['rule']) { - if ($_POST['descr'] == '' && $pconfig['descr'] == '') { - $input_errors[] = "Please enter a description for your reference."; - } - - if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id_c = -1; - foreach ($rule_array as $value) { - - $id_c += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name($result_lan); - - if ($_POST['interface'] == $result_lan) { - $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } - } - } - - /* check for overlaps */ - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - - /* write to conf for 1st time or rewrite the answer */ - $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; - /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? on : off; - $natent['uuid'] = $pconfig['uuid']; - $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; - $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; - /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - /* if optiion = 0 then the old descr way will not work */ - - /* rewrite the options that are not in post */ - /* make shure values are set befor repost or conf.xml will be broken */ - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - touch("$d_snortconfdirty_path"); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - - exit; - } -} - - if ($_POST["Submit2"]) { - - sync_snort_package_all(); - sync_snort_package(); - sleep(1); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - } - - if ($_POST["Submit3"]) - { - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - - } - - /* This code needs to be below headers */ - if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) - { - - $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - - if ($snort_up_ck2_info == 'no') { - $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; - }else{ - $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; - } - - }else{ - $snort_up_ck = ''; - } - - -$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("./snort_fbegin.inc"); -?> -<style type="text/css"> -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} -</style> -<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript> -<script language="JavaScript"> -<!-- - -function enable_change(enable_change) { - endis = !(document.iform.enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.enable); - -<?php -/* make shure all the settings exist or function hide will not work */ -/* if $id is emty allow if and discr to be open */ -if($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') -{ -echo " - document.iform.interface.disabled = endis2; - document.iform.descr.disabled = endis;\n"; -} -?> - document.iform.performance.disabled = endis; - document.iform.blockoffenders7.disabled = endis; - document.iform.alertsystemlog.disabled = endis; - document.iform.tcpdumplog.disabled = endis; - document.iform.snortunifiedlog.disabled = endis; -} -//--> -</script> -<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if ($a_nat[$id]['interface'] != '') { - /* get the interface name */ - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface2) { - $if2 = convert_friendly_interface_to_real_interface_name($iface2); - - if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { - $if2 = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if2){ - array_push($snortInterfaces, $if2); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - -} - $tab_array = array(); - if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - } - $tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}"); - /* hide user tabs when no settings have be saved */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { - if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - //$tab_array[] = array("upload", false, "/snort/snort_conf_upload.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - } - } - display_top_tabs($tab_array); - -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['enable'] == "on") - $checked = checked; - - $onclick_enable = "onClick=\"enable_change(false)\">"; - - echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable - <strong>Enable Interface</strong></td>\n\n"; - ?> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Memory Performance</td> - <td width="78%" class="vtable"> - <select name="performance" class="formfld" id="performance"> - <?php - $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); - foreach ($interfaces2 as $iface2 => $ifacename2): ?> - <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename2);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br> - </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Block offenders</td> - <td width="78%" class="vtable"> - <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Checking this option will automatically block hosts that generate a Snort alert.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> - <td width="78%" class="vtable"> - <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will send Alerts to the Pfsense system logs.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> - <td width="78%" class="vtable"> - <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td> - <td width="78%" class="vtable"> - <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - </table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php deleted file mode 100644 index ff3620a3..00000000 --- a/config/snort-dev/snort_interfaces_global.php +++ /dev/null @@ -1,380 +0,0 @@ -<?php -/* - snort_interfaces_global.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Copyright (C) 2008-2009 Robert Zelaya - Modified for the Pfsense snort package. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = "Services: Snort: Global Settings"; -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -/* make things short */ -$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; -$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; -$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; -$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; -$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; -$pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whitelistvpns']; -$pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls']; -$pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip']; -$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable']) - { - -/* TODO:a dd check user input code. */ - - } - - if (!$input_errors) { - - if ($_POST["Submit"]) { - - $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; - $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; - $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? on : off; - $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; - $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; - $config['installedpackages']['snortglobal']['whitelistvpns'] = $_POST['whitelistvpns'] ? on : off; - $config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off; - $config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off; - $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; - - write_config(); - sleep(2); - - $retval = 0; - - /* set the snort block hosts time IMPORTANT */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = ""; - else - $snort_rm_blocked_false = "true"; - - if ($snort_rm_blocked_info_ck != "") - { - snort_rm_blocked_install_cron(""); - snort_rm_blocked_install_cron($snort_rm_blocked_false); - } - - /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = ""; - else - $snort_rules_up_false = "true"; - - if ($snort_rules_up_info_ck != "") - { - snort_rules_up_install_cron(""); - snort_rules_up_install_cron($snort_rules_up_false); - } - - - - $savemsg = get_std_save_message($retval); - - } - - sync_snort_package_all(); - sync_snort_package(); - -} - - - if ($_POST["Reset"]) { - -//////>>>>>>>>> - - function snort_deinstall_settings() -{ - - global $config, $g, $id, $if_real; - conf_mount_rw(); - - - exec("/usr/usr/bin/killall snort"); - sleep(2); - exec("/usr/usr/bin/killall -9 snort"); - sleep(2); - exec("/usr/usr/bin/killall barnyard2"); - sleep(2); - exec("/usr/usr/bin/killall -9 barnyard2"); - sleep(2); - - /* Remove snort cron entries Ugly code needs smoothness*/ -function snort_rm_blocked_deinstall_cron($should_install) -{ - global $config, $g; - conf_mount_rw(); - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) - { - if (strstr($item['command'], "snort2c")) - { - $is_installed = true; - break; - } - - $x++; - - } - if($is_installed == true) - { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - - configure_cron(); - - } - conf_mount_ro(); - -} - - function snort_rules_up_deinstall_cron($should_install) -{ - global $config, $g; - conf_mount_rw(); - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } -} - -snort_rm_blocked_deinstall_cron(""); -snort_rules_up_deinstall_cron(""); - - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); - write_config(); - conf_mount_rw(); - - /* remove all snort iface dir */ - exec('rm -r /usr/local/etc/snort/snort_*'); - exec('rm /var/log/snort/*'); - - conf_mount_ro(); - -} - - snort_deinstall_settings(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_global.php"); - - exit; - -//////>>>>>>>>> - } -} - -include("head.inc"); -?> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> -<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("Global Settings", true, "/snort/snort_interfaces_global.php"); - $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); - $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); - $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); - display_top_tabs($tab_array); -?> </td></tr> -<tr> -<td class="tabcont"> -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncell">Install Snort.org rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="off" onClick="enable_change(false)" <?php if($pconfig['snortdownload']!="premium" && $pconfig['snortdownload']!="basic") echo "checked"; ?>> - Do <strong>NOT</strong> install</td> - </tr> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="premium" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=="premium") echo "checked"; ?>> - Premium rules <a href="http://forum.pfsense.org/index.php/topic,16847.0.html" target="_blank">HIGHLY RECOMMENDED</a></td> - </tr> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="basic" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=="basic") echo "checked"; ?>> - Basic Rules</td> - </tr> - <tr> - <td> </td> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> - </tr> - <tr> - <td class="vncell" valign="top">Code</td> - <td class="vtable"><input name="oinkmastercode" type="text" class="formfld" id="oinkmastercode" size="52" value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> - Obtain a snort.org Oinkmaster code and paste here.</td> - </table> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Install <strong>Emergingthreats</strong> rules</td> - <td width="78%" class="vtable"> - <input name="emergingthreats" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Remove blocked hosts every</td> - <td width="78%" class="vtable"> - <select name="rm_blocked" class="formfld" id="rm_blocked"> - <?php - $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the amount of time you would like hosts to be blocked for.<br> - Hint: in most cases, 1 hour is a good choice.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Update rules automatically</td> - <td width="78%" class="vtable"> - <select name="autorulesupdate7" class="formfld" id="autorulesupdate7"> - <?php - $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the update times for rules.<br> - Hint: in most cases, every 12 hours is a good choice.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Whitelist VPNs automatically</td> - <td width="78%" class="vtable"> - <input name="whitelistvpns" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['whitelistvpns'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Checking this option will install whitelists for all VPNs.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Alerts file description type</td> - <td width="78%" class="vtable"> - <select name="snortalertlogtype" class="formfld" id="snortalertlogtype"> - <?php - $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> - Hint: Best pratice is to chose full logging.</span> <span class="red"><strong>WARNING:</strong></span> <strong>On change, alert file will be cleared.</strong></td> - </tr> - <tr> - <td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to delete all global and interface settings?')"><span class="red"><strong> WARNING:</strong><br> - This will reset all global and interface settings.</span> - </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br></strong></span> - Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span></td> - </tr> - </table> - </td> - </tr> - </table> -</form> -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php deleted file mode 100644 index c522a643..00000000 --- a/config/snort-dev/snort_preprocessors.php +++ /dev/null @@ -1,438 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - -if (isset($id) && $a_nat[$id]) { - - /* new options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - - /* old options */ - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['uuid'] = $a_nat[$id]['uuid']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - -if (isset($_GET['dup'])) - unset($id); -} - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); - - - - /* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$pconfig['uuid']}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { - - write_config(); - - sync_snort_package_all(); - sync_snort_package(); - - unlink($d_snortconfdirty_path); - - } - - } - - - if ($_POST["Submit"]) { - - /* check for overlaps */ - -/* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - /* repost the options already in conf */ - if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } - if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } - if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } - if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } - if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } - if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - /* post new options */ - $natent['perform_stat'] = $_POST['perform_stat']; - if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } - if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } - $natent['perform_stat'] = $_POST['perform_stat'] ? on : off; - $natent['http_inspect'] = $_POST['http_inspect'] ? on : off; - $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off; - $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? on : off; - $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off; - $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off; - $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off; - $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - /* after click go to this page */ - touch($d_snortconfdirty_path); - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: snort_preprocessors.php?id=$id"); - exit; - } -} - -$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("./snort_fbegin.inc"); -?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<style type="text/css"> -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} -</style> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if($id != "") -{ - - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", true, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - -} -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " - <style type=\"text/css\"> - .noid { - position:absolute; - top:10px; - left:0px; - width:94%; - background:#FCE9C0; - background-position: 15px; - border-top:2px solid #DBAC48; - border-bottom:2px solid #DBAC48; - padding: 15px 10px 85% 50px; - } - </style> - <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br> - Rules may be dependent on preprocessors!<br> - Please save your settings before you click start.<br> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>Performance Statistics</td> - <td width="78%" class="vtable"> - <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Performance Statistics for this interface.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>HTTP Inspect</td> - <td width="78%" class="vtable"> - <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> - </tr> - <tr> - <td valign="top" class="vncell">HTTP server flow depth</td> - <td class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td> - </tr> - </table> - Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.<br> - Setting this value too low may cause false negatives. Values above 0 are specified in bytes.<br> - <strong>Default value is 0</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>RPC Decode and Back Orifice detector</td> - <td width="78%" class="vtable"> - <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>FTP and Telnet Normalizer</td> - <td width="78%" class="vtable"> - <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>SMTP Normalizer</td> - <td width="78%" class="vtable"> - <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>Portscan Detection</td> - <td width="78%" class="vtable"> - <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Detects various types of portscans and portsweeps.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>DCE/RPC2 Detection</td> - <td width="78%" class="vtable"> - <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable <br>DNS Detection</td> - <td width="78%" class="vtable"> - <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td> - <td width="78%" class="vtable"> - <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> - <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br> - Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click Start. </td> - </tr> - </table> - </table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php deleted file mode 100644 index c95d76ca..00000000 --- a/config/snort-dev/snort_rules.php +++ /dev/null @@ -1,687 +0,0 @@ -<?php -/* $Id$ */ -/* - edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2008, 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} - -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($id) && $a_nat[$id]) { - - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); - -$iface_uuid = $a_nat[$id]['uuid']; - -// if(!is_dir("/usr/local/etc/snort/rules")) -// exec('mkdir /usr/local/etc/snort/rules/'); - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - -include("head.inc"); -include("./snort_fbegin.inc"); - -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n -<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n -<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - -echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n -# The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n -</table>\n -\n -</form>\n -\n -<p>\n\n"; - -echo "Please click on the Update Rules tab to install your selected rule sets."; -include("fend.inc"); - -echo "</body>"; -echo "</html>"; - -exit(0); - -} - -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; -} - -function write_rule_file($content_changed, $received_file) -{ - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); - - //write data to file - fwrite($filehandle, $fullfile); - - //close file handle - fclose($filehandle); - -} - -function load_rule_file($incoming_file) -{ - - //read snort file - $filehandle = fopen($incoming_file, "r"); - - //read file into string, and get filesize - $contents = fread($filehandle, filesize($incoming_file)); - - //close handler - fclose ($filehandle); - - - //string for populating category select - $currentruleset = basename($rulefile); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //split the contents of the string file into an array using the delimiter - $splitcontents = explode($delimiter, $contents); - - return $splitcontents; - -} - -$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; -$dh = opendir($ruledir); - -if ($_GET['openruleset'] != '' && $_GET['ids'] != '') -{ - header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes"); -} - -while (false !== ($filename = readdir($dh))) -{ - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - { - $files[] = $filename; - } -} - -sort($files); - -if ($_GET['openruleset']) -{ - $rulefile = $_GET['openruleset']; -} -else -{ - $rulefile = $ruledir.$files[0]; - -} - -//Load the rule file -$splitcontents = load_rule_file($rulefile); - -if ($_POST) -{ - - conf_mount_rw(); - - if (!$_POST['apply']) { - //retrieve POST data - $post_lineid = $_POST['lineid']; - $post_enabled = $_POST['enabled']; - $post_src = $_POST['src']; - $post_srcport = $_POST['srcport']; - $post_dest = $_POST['dest']; - $post_destport = $_POST['destport']; - - //clean up any white spaces insert by accident - $post_src = str_replace(" ", "", $post_src); - $post_srcport = str_replace(" ", "", $post_srcport); - $post_dest = str_replace(" ", "", $post_dest); - $post_destport = str_replace(" ", "", $post_destport); - - //copy rule contents from array into string - $tempstring = $splitcontents[$post_lineid]; - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //has rule been enabled - if ($post_enabled == "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - $counter2 = 1; - } - else - { - //rule is staying disabled - $counter2 = 2; - } - } - else - { - //has rule been disabled - if ($post_enabled != "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - $counter2 = 2; - } - else - { - //rule is staying enabled - $counter2 = 1; - } - } - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - //insert new values - $counter2++; - $rule_content[$counter2] = $post_src;//source location - $counter2++; - $rule_content[$counter2] = $post_srcport;//source port location - $counter2 = $counter2+2; - $rule_content[$counter2] = $post_dest;//destination location - $counter2++; - $rule_content[$counter2] = $post_destport;//destination port location - - //implode the array back into string - $tempstring = implode(' ', $rule_content); - - //copy string into file array for writing - $splitcontents[$post_lineid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $rulefile); - - //once file has been written, reload file - $splitcontents = load_rule_file($rulefile); - - $stopMsg = true; - } -} -else if ($_GET['act'] == "toggle") -{ - - conf_mount_rw(); - - $toggleid = $_GET['ids']; - - //copy rule contents from array into string - $tempstring = $splitcontents[$toggleid]; - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //rule has been enabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - - } - else - { - //has rule been disabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - - } - - //copy string into array for writing - $splitcontents[$toggleid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $rulefile); - - //once file has been written, reload file - $splitcontents = load_rule_file($rulefile); - - $stopMsg = true; - - //write disable/enable sid to config.xml - if ($disabled == false) { - $string_sid = strstr($tempstring, 'sid:'); - $sid_pieces = explode(";", $string_sid); - $sid_off_cut = $sid_pieces[0]; - // sid being turned off - $sid_off = str_replace("sid:", "", $sid_off_cut); - // rule_sid_on registers - $sid_on_pieces = $a_nat[$id]['rule_sid_on']; - // if off sid is the same as on sid remove it - $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_on'] = $sid_on_old; - // rule sid off registers - $sid_off_pieces = $a_nat[$id]['rule_sid_off']; - // if off sid is the same as off sid remove it - $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_off'] = $sid_off_old; - // add sid off registers to new off sid - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; - write_config(); - conf_mount_rw(); - - } - else - { - $string_sid = strstr($tempstring, 'sid:'); - $sid_pieces = explode(";", $string_sid); - $sid_on_cut = $sid_pieces[0]; - // sid being turned off - $sid_on = str_replace("sid:", "", $sid_on_cut); - // rule_sid_off registers - $sid_off_pieces = $a_nat[$id]['rule_sid_off']; - // if off sid is the same as on sid remove it - $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_off'] = $sid_off_old; - // rule sid on registers - $sid_on_pieces = $a_nat[$id]['rule_sid_on']; - // if on sid is the same as on sid remove it - $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_on'] = $sid_on_old; - // add sid on registers to new on sid - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; - write_config(); - conf_mount_rw(); - } - -} - -if ($_GET['saved'] == 'yes') -{ - $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect."; - -// stop_service("snort"); -// sleep(2); -// start_service("snort"); -// $savemsg = ""; -// $stopMsg = false; -} - -$currentruleset = basename($rulefile); - -$ifname = strtoupper($pconfig['interface']); - -require("guiconfig.inc"); -include("head.inc"); - -$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> - -<?php -echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; -?> -<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?> -</form> -<script type="text/javascript" language="javascript" src="row_toggle.js"> - <script src="/javascript/sorttable.js" type="text/javascript"> -</script> - -<script language="javascript" type="text/javascript"> -<!-- -function go() -{ - var agt=navigator.userAgent.toLowerCase(); - if (agt.indexOf("msie") != -1) { - box = document.forms.selectbox; - } else { - box = document.forms[1].selectbox; - } - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; -} -// --> -</script> -<script type="text/javascript"> -<!-- -function popup(url) -{ - params = 'width='+screen.width; - params += ', height='+screen.height; - params += ', top=0, left=0' - params += ', fullscreen=yes'; - - newwin=window.open(url,'windowname4', params); - if (window.focus) {newwin.focus()} - return false; -} -// --> -</script> - -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - - </tr> - <tr> - <?php - - echo "<br>Category: "; - - //string for populating category select - $currentruleset = basename($rulefile); - - ?> - <form name="forms"> - <select name="selectbox" class="formfld" onChange="go()"> - <?php - $i=0; - foreach ($files as $value) - { - $selectedruleset = ""; - if ($files[$i] === $currentruleset) - $selectedruleset = "selected"; - ?> - <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" - <?php - $i++; - - } - ?> - </select> - </form> - </tr> - <?php - - $counter = 0; - $printcounter = 0; - - foreach ( $splitcontents as $value ) - { - - $counter++; - $disabled = "False"; - $comments = "False"; - - $tempstring = $splitcontents[$counter]; - $findme = "# alert"; //find string for disabled alerts - - //find alert - $disabled_pos = strstr($tempstring, $findme); - - - //do soemthing, this rule is enabled - $counter2 = 1; - - //retrieve sid value - $sid = get_middle($tempstring, 'sid:', ';', 0); - - //check to see if the sid is numberical - $is_sid_num = is_numeric($sid); - - //if SID is numerical, proceed - if ($is_sid_num) - { - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - } - else - { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - } - - if ($disabled_pos !== false){ - $ischecked = ""; - }else{ - $ischecked = "checked"; - } - - $rule_content = explode(' ', $tempstring); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = $rule_content[$counter2];//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = $rule_content[$counter2];//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($tempstring, 'msg: "')) - $message = get_middle($tempstring, 'msg: "', '";', 0); - if (strstr($tempstring, 'msg:"')) - $message = get_middle($tempstring, 'msg:"', '";', 0); - - echo "<tr> - <td class=\"listt\"> - $textss\n"; - ?> - <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a> - <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> - <!-- TODO: add checkbox and save so that that disabling is nicer --> - <?php - echo "$textse - </td> - <td class=\"listlr\"> - $textss - $sid - $textse - </td> - <td class=\"listlr\"> - $textss - $protocol"; - ?> - <?php - $printcounter++; - echo "$textse - </td> - <td class=\"listlr\"> - $textss - $source - $textse - </td> - <td class=\"listlr\"> - $textss - $source_port - $textse - </td> - <td class=\"listlr\"> - $textss - $destination - $textse - </td> - <td class=\"listlr\"> - $textss - $destination_port - $textse - </td>"; - ?> - <td class="listbg"><font color="white"> - <?php - echo "$textss - $message - $textse - </td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="javascript: void(0)"onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> - <!-- Codes by Quackit.com --> - </tr> - </table> - </td> - <?php - } - } - echo " There are $printcounter rules in this category. <br><br>"; - ?> - </table> - </td> - </tr> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - </tr> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <!-- TODO: add save and cancel for checkbox options --> - <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> - </tr> - </table> - <tr> - <td colspan="10"> - <p> - <!--<strong><span class="red">Warning:<br> - </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </table> - </td> - </tr> - -</table> - -<?php include("fend.inc"); ?> -</div></body> -</html> diff --git a/config/snort-dev/snort_rules_edit.php b/config/snort-dev/snort_rules_edit.php deleted file mode 100644 index b770867f..00000000 --- a/config/snort-dev/snort_rules_edit.php +++ /dev/null @@ -1,243 +0,0 @@ -#!/usr/local/bin/php -<?php -/* - system_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. - - Adapted for FreeNAS by Volker Theile (votdev@gmx.de) - Copyright (C) 2006-2009 Volker Theile - - Adapted for Pfsense Snort package by Robert Zelaya - Copyright (C) 2008-2009 Robert Zelaya - - Using dp.SyntaxHighlighter for syntax highlighting - http://www.dreamprojections.com/SyntaxHighlighter - Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("config.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} - -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -$ids = $_GET['ids']; -if (isset($_POST['ids'])) - $ids = $_POST['ids']; - - -if (isset($id) && $a_nat[$id]) { - - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); - - -$file = $_GET['openruleset']; - -//read snort file -$filehandle = fopen($file, "r"); - -//get rule id -$lineid = $_GET['ids']; - -//read file into string, and get filesize -$contents2 = fread($filehandle, filesize($file)); - -//close handler -fclose ($filehandle); - -//delimiter for each new rule is a new line -$delimiter = "\n"; - -//split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents2); - -//copy rule contents from array into string -$tempstring = $splitcontents[$lineid]; - -function write_rule_file($content_changed, $received_file) -{ - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); - - //write data to file - fwrite($filehandle, $fullfile); - - //close file handle - fclose($filehandle); - -} - - - -if($_POST['highlight'] <> "") { - if($_POST['highlight'] == "yes" or - $_POST['highlight'] == "enabled") { - $highlight = "yes"; - } else { - $highlight = "no"; - } -} else { - $highlight = "no"; -} - -if($_POST['rows'] <> "") - $rows = $_POST['rows']; -else - $rows = 1; - -if($_POST['cols'] <> "") - $cols = $_POST['cols']; -else - $cols = 66; - -if ($_POST) -{ - if ($_POST['save']) { - - /* get the changes */ - $rule_content2 = $_POST['code']; - - //copy string into file array for writing - $splitcontents[$lineid] = $rule_content2; - - //write the new .rules file - write_rule_file($splitcontents, $file); - - header("Location: /snort/snort_rules_edit.php?id=$id&openruleset=$file&ids=$ids"); - - } -} - -$pgtitle = array(gettext("Advanced"), gettext("File Editor")); - -// -?> - -<?php include("head.inc");?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont"> - <form action="snort_rules_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post"> - <?php if ($savemsg) print_info_box($savemsg);?> - <table width="100%" cellpadding='9' cellspacing='9' bgcolor='#eeeeee'> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <hr noshade="noshade" /> - <?=gettext("Disable original rule"); ?>: - <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> /> - <label for="highlighting_enabled"><?=gettext("Enabled"); ?></label> - <input id="highlighting_disabled" name="highlight2" type="radio" value="no"<?php if($highlight == "no") echo " checked=\"checked\""; ?> /> - <label for="highlighting_disabled"><?=gettext("Disabled"); ?></label> - </td> - </tr> - </table> - <table width='100%'> - <tr> - <td valign="top" class="label"> - <div style="background: #eeeeee;" id="textareaitem"> - <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="<?php echo $rows; ?>" cols="<?php echo $cols; ?>" name="code"><?php echo $tempstring;?></textarea> - </div> - </td> - </tr> - </table> - <table width='100%'> - <tr> - <td valign="top" class="label"> - <div style="background: #eeeeee;" id="textareaitem"> - <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea disabled wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea> - </div> - </td> - </tr> - </table> - <?php // include("formend.inc");?> - </form> - </td> - </tr> -</table> -<script class="javascript" src="/snort/syntaxhighlighter/shCore.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushCSharp.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushPhp.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushJScript.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushJava.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushVb.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushSql.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushXml.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushDelphi.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushPython.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushRuby.js"></script> -<script class="javascript" src="/snort/syntaxhighlighter/shBrushCss.js"></script> -<script class="javascript"> -<!-- - // Set focus. - document.forms[0].savetopath.focus(); - - // Append css for syntax highlighter. - var head = document.getElementsByTagName("head")[0]; - var linkObj = document.createElement("link"); - linkObj.setAttribute("type","text/css"); - linkObj.setAttribute("rel","stylesheet"); - linkObj.setAttribute("href","/snort/syntaxhighlighter/SyntaxHighlighter.css"); - head.appendChild(linkObj); - - // Activate dp.SyntaxHighlighter? - <?php - if($_POST['highlight'] == "yes") { - echo "dp.SyntaxHighlighter.HighlightAll('code', true, true);\n"; - // Disable 'Save' button. - echo "document.forms[0].Save.disabled = 1;\n"; - } -?> -//--> -</script> -<?php //include("fend.inc");?> - -</body> -</html> diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php deleted file mode 100644 index ece409e1..00000000 --- a/config/snort-dev/snort_rulesets.php +++ /dev/null @@ -1,307 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -//require_once("filter.inc"); -//require_once("service-utils.inc"); -include_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} - -//nat_rules_sort(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - - -if (isset($id) && $a_nat[$id]) { - - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; -} - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); - - -$iface_uuid = $a_nat[$id]['uuid']; - -$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; - - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - -include("head.inc"); -include("./snort_fbegin.inc"); - -echo "<p class=\"pgtitle\">"; -if($pfsense_stable == 'yes'){echo $pgtitle;} -echo "</p>\n"; - -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - -echo " -<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - -echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n -# The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n -</table>\n -\n -</form>\n -\n -<p>\n\n"; - -echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; -include("fend.inc"); - -echo "</body>"; -echo "</html>"; - -exit(0); - -} - - /* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { - - write_config(); - - sync_snort_package_all(); - sync_snort_package(); - - unlink($d_snortconfdirty_path); - - } - - } - - if ($_POST["Submit"]) { - $enabled_items = ""; - $isfirst = true; - if (is_array($_POST['toenable'])) { - foreach($_POST['toenable'] as $toenable) { - if(!$isfirst) - $enabled_items .= "||"; - $enabled_items .= "{$toenable}"; - $isfirst = false; - } - }else{ - $enabled_items = $_POST['toenable']; - } - $a_nat[$id]['rulesets'] = $enabled_items; - - write_config(); - - touch($d_snortconfdirty_path); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - sync_snort_package_all(); - header("Location: /snort/snort_rulesets.php?id=$id"); - -} - -$enabled_rulesets = $a_nat[$id]['rulesets']; -if($enabled_rulesets) - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); - -include("head.inc"); - -?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php include("./snort_fbegin.inc"); ?> -<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<?php - -echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; - -?> - -<?php - - /* Display message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td> - <!-- <td class="listhdrr">Description</td> --> - </tr> -<?php - $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) { - $files[] = $filename; - } - sort($files); - foreach($files as $file) { - if(!stristr($file, ".rules")) - continue; - echo "<tr>"; - echo "<td align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) - if(in_array($file, $enabled_rulesets_array)) { - $CHECKED = " checked=\"checked\""; - } else { - $CHECKED = ""; - } - else - $CHECKED = ""; - echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />"; - echo "</td>"; - echo "<td>"; - echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>"; - echo "</td>"; - //echo "<td>"; - //echo "description"; - //echo "</td>"; - } - -?> - </table> - </td> - </tr> - <tr><td> </td></tr> - <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> - <tr><td> </td></tr> - <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr> - </table> - </div> - </td> - </tr> -</table> - -</form> - -<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset. - -<?php include("fend.inc"); ?> - -</body> -</html> - -<?php - - function get_snort_rule_file_description($filename) { - $filetext = file_get_contents($filename); - - } - -?> diff --git a/config/snort-dev/snort_whitelist.xml b/config/snort-dev/snort_whitelist.xml deleted file mode 100644 index d98f83fa..00000000 --- a/config/snort-dev/snort_whitelist.xml +++ /dev/null @@ -1,117 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>snortglobal</name> - <version>0.1.0</version> - <title>Snort: Whitelist</title> - <include_file>/usr/local/pkg/snort/snort.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <tabs> - <tab> - <text>Snort Interfaces</text> - <url>/snort/snort_interfaces.php</url> - </tab> - <tab> - <text>Global Settings</text> - <url>/snort/snort_interfaces_global.php</url> - </tab> - <tab> - <text>Rule Updates</text> - <url>/snort/snort_download_rules.php</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort/snort_alerts.php</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=/snort/snort_whitelist.xml</url> - <active/> - </tab> - <tab> - <text>Help Info</text> - <url>/snort/snort_help_info.php</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Whitelisted IP</fielddescr> - <fieldname>ip</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Whitelisted IP</fielddescr> - <fieldname>ip</fieldname> - <description>Enter the IP or network to whitelist from snort blocking. Network items should be expressed in CIDR notation. Example: 0.0.0.0/24 or 0.0.0.0/32</description> - <type>input</type> - <size>40</size> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this item</description> - <type>input</type> - <size>60</size> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_php_resync_config_command> - sync_snort_package_empty(); - </custom_php_resync_config_command> -</packagegui> |