diff options
Diffstat (limited to 'config/snort/snort_interfaces.php')
| -rwxr-xr-x | config/snort/snort_interfaces.php | 321 |
1 files changed, 188 insertions, 133 deletions
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index e96be262..ad492df2 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -28,12 +28,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ -// Turn on buffering to speed up rendering -ini_set('output_buffering','true'); - -// Start buffering with a cache size of 100000 -ob_start(null, "1000"); - $nocsrf = true; require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); @@ -63,6 +57,18 @@ if (isset($_POST['del_x'])) { exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); + // If interface had auto-generated Suppress List, then + // delete that along with the interface + $autolist = "{$a_nat[$rulei]['interface']}" . "suppress"; + $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + foreach ($a_suppress as $k => $i) { + if ($i['name'] == $autolist) { + unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]); + break; + } + } + + // Finally delete the interface's config entry entirely unset($a_nat[$rulei]); } conf_mount_ro(); @@ -188,23 +194,26 @@ if ($pfsense_stable == 'yes') ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - display_top_tabs($tab_array); -?> -</td></tr> <tr> <td> - <div id="mainarea2"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array); + ?> + </td> +</tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> <td width="3%" class="list"> </td> <td width="10%" class="listhdrr"><?php echo gettext("If"); ?></td> @@ -218,62 +227,82 @@ if ($pfsense_stable == 'yes') <tr> <td></td> <td align="center" valign="middle"><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext('add interface');?>"></a></td> + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Snort interface mapping');?>"></a></td> </tr> </table> </td> </tr> -<?php $nnats = $i = 0; -/* If no interfaces are defined, then turn off the "no rules" warning */ -$no_rules_footnote = false; -if ($id_gen == 0) - $no_rules = false; -else - $no_rules = true; - -foreach ($a_nat as $natent): ?> - <tr valign="top" id="fr<?=$nnats;?>"> -<?php + <?php $nnats = $i = 0; -/* convert fake interfaces to real and check if iface is up */ -/* There has to be a smarter way to do this */ - $if_real = snort_get_real_interface($natent['interface']); - $snort_uuid = $natent['uuid']; - if (snort_is_running($snort_uuid, $if_real) == 'no') - $iconfn = 'pass'; - else - $iconfn = 'block'; - if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no') - $biconfn = 'pass'; - else - $biconfn = 'block'; - - /* See if interface has any rules defined and set boolean flag */ - $no_rules = true; - if (isset($natent['customrules']) && !empty($natent['customrules'])) - $no_rules = false; - if (isset($natent['rulesets']) && !empty($natent['rulesets'])) - $no_rules = false; - if (isset($natent['ips_policy']) && !empty($natent['ips_policy'])) - $no_rules = false; - /* Do not display the "no rules" warning if interface disabled */ - if ($natent['enable'] == "off") - $no_rules = false; - if ($no_rules) - $no_rules_footnote = true; -?> - <td class="listt"> + // Turn on buffering to speed up rendering + ini_set('output_buffering','true'); + + // Start buffering to fix display lag issues in IE9 and IE10 + ob_start(null, 0); + + /* If no interfaces are defined, then turn off the "no rules" warning */ + $no_rules_footnote = false; + if ($id_gen == 0) + $no_rules = false; + else + $no_rules = true; + + foreach ($a_nat as $natent): ?> + <tr valign="top" id="fr<?=$nnats;?>"> + <?php + + /* convert fake interfaces to real and check if iface is up */ + /* There has to be a smarter way to do this */ + $if_real = snort_get_real_interface($natent['interface']); + $natend_friendly= snort_get_friendly_interface($natent['interface']); + $snort_uuid = $natent['uuid']; + if (snort_is_running($snort_uuid, $if_real) == 'no'){ + $iconfn = 'block'; + $iconfn_msg1 = 'Snort is not running on '; + $iconfn_msg2 = '. Click to start.'; + } + else{ + $iconfn = 'pass'; + $iconfn_msg1 = 'Snort is running on '; + $iconfn_msg2 = '. Click to stop.'; + } + if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no'){ + $biconfn = 'block'; + $biconfn_msg1 = 'Barnyard2 is not running on '; + $biconfn_msg2 = '. Click to start.'; + } + else{ + $biconfn = 'pass'; + $biconfn_msg1 = 'Barnyard2 is running on '; + $biconfn_msg2 = '. Click to stop.'; + } + + /* See if interface has any rules defined and set boolean flag */ + $no_rules = true; + if (isset($natent['customrules']) && !empty($natent['customrules'])) + $no_rules = false; + if (isset($natent['rulesets']) && !empty($natent['rulesets'])) + $no_rules = false; + if (isset($natent['ips_policy']) && !empty($natent['ips_policy'])) + $no_rules = false; + /* Do not display the "no rules" warning if interface disabled */ + if ($natent['enable'] == "off") + $no_rules = false; + if ($no_rules) + $no_rules_footnote = true; + ?> + <td class="listt"> <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"> </td> - <td class="listr" + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php - echo snort_get_friendly_interface($natent['interface']); + echo $natend_friendly; ?> - </td> - <td class="listr" + </td> + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -283,13 +312,13 @@ foreach ($a_nat as $natent): ?> echo "<a href='?act=toggle&id={$i}'> <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' - title='" . gettext('click to toggle start/stop snort') . "'></a>"; + title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>"; echo ($no_rules) ? " <img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : ""; } else echo strtoupper("disabled"); ?> - </td> - <td class="listr" + </td> + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -300,8 +329,8 @@ foreach ($a_nat as $natent): ?> $check_performance = "lowmem"; } ?> <?=strtoupper($check_performance);?> - </td> - <td class="listr" + </td> + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -313,8 +342,8 @@ foreach ($a_nat as $natent): ?> $check_blockoffenders = disabled; } ?> <?=strtoupper($check_blockoffenders);?> - </td> - <td class="listr" + </td> + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -324,114 +353,140 @@ foreach ($a_nat as $natent): ?> echo "<a href='?act=bartoggle&id={$i}'> <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' - title='" . gettext('click to toggle start/stop barnyard') . "'></a>"; + title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>"; } else echo strtoupper("disabled"); ?> - </td> - <td class="listbg" + </td> + <td class="listbg" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> - </td> - <td valign="middle" class="list" nowrap> + </td> + <td valign="middle" class="list" nowrap> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext('edit interface'); ?>"></a> + width="17" height="17" border="0" title="<?php echo gettext('Edit Snort interface mapping'); ?>"></a> </td> </tr> </table> - </td> + </td> </tr> - <?php $i++; $nnats++; endforeach; ?> - <tr> - <td class="list"></td> - <td class="list" colspan="6"> - <?php if ($no_rules_footnote): ?><br><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_frmfld_imp.png" width="15" height="15" border="0"> - <span class="red">   <?php echo gettext("WARNING: Marked interface currently has no rules defined for Snort"); ?></span> - <?php else: ?> - <?php endif; ?> - </td> - <td class="list" valign="middle" nowrap> - <table border="0" cellspacing="0" cellpadding="0"> - <tr> - <td><?php if ($nnats == 0): ?><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" - width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" border="0"><?php else: ?> - <input name="del" type="image" - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" title="<?php echo gettext("delete selected interface"); ?>" - onclick="return confirm('Do you really want to delete the selected Snort mapping?')"><?php endif; ?></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> - -<br> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="1"> + <?php $i++; $nnats++; endforeach; ob_end_flush(); ?> + <tr> + <td class="list"></td> + <td class="list" colspan="6"> + <?php if ($no_rules_footnote): ?><br><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_frmfld_imp.png" width="15" height="15" border="0"> + <span class="red">   <?php echo gettext("WARNING: Marked interface currently has no rules defined for Snort"); ?></span> + <?php else: ?> + <?php endif; ?> + </td> + <td class="list" valign="middle" nowrap> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td><?php if ($nnats == 0): ?><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" + width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?></td> + </tr> + </table> + </td> + </tr> + <tr> + <td colspan="8"> </td> + </tr> + <tr> + <td> </td> + <td colspan="6"> + <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="0"> <tr> - <td colspan="3"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br> - <?php echo gettext('This is the <strong>Snort Menu</strong> where you can see an over ' . - 'view of all your interface settings. ' . - 'Please visit the <strong>Global Settings</strong> tab before adding ' . 'an interface.'); ?> + <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br> + <?php echo gettext("This is the ") . "<strong>" . gettext("Snort Menu ") . + "</strong>" . gettext("where you can see an overview of all your interface settings."); + if (empty($a_nat)) { + echo gettext("Please visit the ") . "<strong>" . gettext("Global Settings") . + "</strong>" . gettext(" tab before adding an interface."); + }?> </td> </tr> <tr> - <td colspan="3"><br> + <td colspan="3" class="vexpl"><br> </td> </tr> <tr> - <td colspan="3"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br> + <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br> <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong> </td> </tr> <tr> - <td colspan="3"><br> + <td colspan="3" class="vexpl"><br> </td> </tr> <tr> - <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + <td class="vexpl"><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?php echo gettext("Add Icon"); ?>"> icon to add an interface. </td> - <td width="3%"> + <td width="3%" class="vexpl"> </td> - <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" - width="13" height="13" border="0" title="<?php echo gettext("Start Icon"); ?>"> icon to <strong>start</strong> - snort and barnyard2. + <td class="vexpl"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" + width="13" height="13" border="0" title="<?php echo gettext("Running"); ?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="13" height="13" border="0" title="<?php echo gettext("Not Running"); ?>"> icons will show current + snort and barnyard2 status. </td> </tr> <tr> - <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + <td class="vexpl"><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit Icon"); ?>"> icon to edit an interface and settings. <td width="3%"> </td> - <td><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="13" height="13" border="0" title="<?php echo gettext("Stop Icon"); ?>"> icon to <strong>stop</strong> - snort and barnyard2. + <td class="vexpl"><strong>Click</strong> on the status icons to <strong>toggle</strong> snort and barnyard2 status. </td> </tr> <tr> - <td colspan="3"><strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + <td colspan="3" class="vexpl"><strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete Icon"); ?>"> icon to delete an interface and settings. </td> </tr> </table> - </td> - </tr> + </td> + <td> </td> + </tr> + </table> + </div> + </td> +</tr> </table> </form> + +<script type="text/javascript"> + +function intf_del() { + var isSelected = false; + var inputs = document.iform.elements; + for (var i = 0; i < inputs.length; i++) { + if (inputs[i].type == "checkbox") { + if (inputs[i].checked) + isSelected = true; + } + } + if (isSelected) + return confirm('Do you really want to delete the selected Snort mapping?'); + else + alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete."); +} + +</script> + <?php include("fend.inc"); ?> |