aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_preprocessors.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_preprocessors.php')
-rw-r--r--config/snort/snort_preprocessors.php570
1 files changed, 311 insertions, 259 deletions
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 363b9f85..c56f00e9 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -1,34 +1,34 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2008-2009 Robert Zelaya.
+ All rights reserved.
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
@@ -43,11 +43,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_nat[$id]) {
@@ -65,7 +65,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
-
+
/* old options */
$pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
$pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
@@ -74,7 +74,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
$pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
$pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
$pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
$pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
$pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
@@ -122,8 +122,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
-if (isset($_GET['dup']))
- unset($id);
+ if (isset($_GET['dup']))
+ unset($id);
}
/* convert fake interfaces to real */
@@ -131,88 +131,88 @@ $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interfac
$snort_uuid = $pconfig['uuid'];
- /* alert file */
+/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if (file_exists($d_snortconfdirty_path)) {
- write_config();
+ write_config();
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
+ sync_snort_package_all($id, $if_real, $snort_uuid);
+ sync_snort_package();
- unlink($d_snortconfdirty_path);
+ unlink($d_snortconfdirty_path);
- }
-
}
+}
+
- if ($_POST["Submit"]) {
+if ($_POST["Submit"]) {
/* check for overlaps */
-/* if no errors write to conf */
+ /* if no errors write to conf */
if (!$input_errors) {
$natent = array();
/* repost the options already in conf */
- if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
- if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
- if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
- if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
- if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
- if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
- if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
- if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
- if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
- if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
- if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
- if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
- if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
- if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
- if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
- if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
- if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
- if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
- if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
- if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
- if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
- if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
- if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
- if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
- if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
- if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
- if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
- if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
- if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
- if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
- if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
- if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
- if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
- if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
- if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
- if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
- if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
- if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
- if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
- if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
- if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
- if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
- if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
- if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
- if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
- if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
- if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
- if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
- if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
- if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
- if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
- if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
- if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
-
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; }
+ if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
+ if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
+ if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
+ if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
+ if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; }
+ if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; }
+ if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; }
+ if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; }
+
/* post new options */
$natent['perform_stat'] = $_POST['perform_stat'];
@@ -220,7 +220,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; }
if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
-
+
$natent['perform_stat'] = $_POST['perform_stat'] ? on : off;
$natent['http_inspect'] = $_POST['http_inspect'] ? on : off;
$natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off;
@@ -228,19 +228,19 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
$natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off;
$natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off;
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off;
- $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
+ $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ if (isset($id) && $a_nat[$id])
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ array_splice($a_nat, $after+1, 0, array($natent));
else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
-
+
write_config();
-
+
/* after click go to this page */
touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -258,7 +258,8 @@ $pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow";
include("/usr/local/pkg/snort/snort_head.inc");
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<body
+ link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
@@ -268,29 +269,34 @@ echo "{$snort_general_css}\n";
?>
<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<div class="body2">
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
-
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
-<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
+<form action="snort_preprocessors.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
if (file_exists($d_snortconfdirty_path)) {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -302,39 +308,38 @@ echo "{$snort_general_css}\n";
}
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
-if($id != "")
-{
-
-echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
-echo '<!-- Tabbed bar code -->' . "\n";
-echo '<ul class="snorttabs">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
-echo '</ul>' . "\n";
-echo '</div>' . "\n";
+ <tr>
+ <td class="tabnavtbl"><?php
+ if($id != "")
+ {
+
+ echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n";
+ echo '<!-- Tabbed bar code -->' . "\n";
+ echo '<ul class="snorttabs">' . "\n";
+ echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
+ echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
+ echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
+ echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
+ echo '</ul>' . "\n";
+ echo '</div>' . "\n";
-}
-?>
-</td>
-</tr>
- <tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <?php
- /* display error code if there is no id */
- if($id == "")
- {
- echo "
+ }
+ ?></td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <?php
+ /* display error code if there is no id */
+ if($id == "")
+ {
+ echo "
<style type=\"text/css\">
.noid {
position:absolute;
@@ -349,138 +354,185 @@ echo '</div>' . "\n";
}
</style>
<div class=\"alert\" ALIGN=CENTER><img src=\"../themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n";
-
- }
- ?>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br>
- Rules may be dependent on preprocessors!<br>
- Defaults will be used when there is no user input.<br>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Performance Statistics</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable</td>
- <td width="78%" class="vtable">
- <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)">
- Performance Statistics for this interface.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable</td>
- <td width="78%" class="vtable">
- <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)">
- Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
- </tr>
- <tr>
+
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:
+ </strong></span><br>
+ Rules may be dependent on preprocessors!<br>
+ Defaults will be used when there is no user input.<br></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Performance
+ Statistics</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="perform_stat"
+ type="checkbox" value="on"
+ <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Performance Statistics for this
+ interface.</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable</td>
+ <td width="78%" class="vtable"><input name="http_inspect"
+ type="checkbox" value="on"
+ <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"> Use HTTP Inspect to
+ Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
<td valign="top" class="vncell2">HTTP server flow depth</td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
+ <table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td>
+ <td><input name="flow_depth" type="text" class="formfld"
+ id="flow_depth" size="5"
+ value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong>
+ to <strong>1460</strong> (<strong>-1</strong> disables HTTP
+ inspect, <strong>0</strong> enables all HTTP inspect)</td>
</tr>
- </table>
- Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.<br>
- Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is <strong>0</strong><br>
+ </table>
+ Amount of HTTP server response payload to inspect. Snort's
+ performance may increase by adjusting this value.<br>
+ Setting this value too low may cause false negatives. Values above 0
+ are specified in bytes. Default value is <strong>0</strong><br>
</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
- </tr>
- <tr>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td>
+ </tr>
+ <tr>
<td valign="top" class="vncell2">Max Queued Bytes</td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
+ <table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="max_queued_bytes" type="text" class="formfld" id="max_queued_bytes" size="5" value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>1048576</strong>, <strong>0</strong> means Maximum )</td>
+ <td><input name="max_queued_bytes" type="text" class="formfld"
+ id="max_queued_bytes" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
+ Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>1048576</strong>, <strong>0</strong>
+ means Maximum )</td>
</tr>
- </table>
- The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is <strong>1048576</strong><br>
+ </table>
+ The number of bytes to be queued for reassembly for TCP sessions in
+ memory. Default value is <strong>1048576</strong><br>
</td>
- </tr>
- <tr>
+ </tr>
+ <tr>
<td valign="top" class="vncell2">Max Queued Segs</td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
+ <table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="max_queued_segs" type="text" class="formfld" id="max_queued_segs" size="5" value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>2621</strong>, <strong>0</strong> means Maximum )</td>
+ <td><input name="max_queued_segs" type="text" class="formfld"
+ id="max_queued_segs" size="5"
+ value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
+ Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong>
+ ( default value is <strong>2621</strong>, <strong>0</strong> means
+ Maximum )</td>
</tr>
- </table>
- The number of segments to be queued for reassembly for TCP sessions in memory. Default value is <strong>2621</strong><br>
+ </table>
+ The number of segments to be queued for reassembly for TCP sessions
+ in memory. Default value is <strong>2621</strong><br>
</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">General Preprocessor Settings</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>RPC Decode and Back Orifice detector</td>
- <td width="78%" class="vtable">
- <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>FTP and Telnet Normalizer</td>
- <td width="78%" class="vtable">
- <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>SMTP Normalizer</td>
- <td width="78%" class="vtable">
- <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>Portscan Detection</td>
- <td width="78%" class="vtable">
- <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Detects various types of portscans and portsweeps.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>DCE/RPC2 Detection</td>
- <td width="78%" class="vtable">
- <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Enable <br>DNS Detection</td>
- <td width="78%" class="vtable">
- <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
- <td width="78%" class="vtable">
- <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>">
- <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br>
- Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
- <?php endif; ?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <br>
- Please save your settings before you click Start. </td>
- </tr>
- </table>
- </table>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">General Preprocessor
+ Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ RPC Decode and Back Orifice detector</td>
+ <td width="78%" class="vtable"><input name="other_preprocs"
+ type="checkbox" value="on"
+ <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode RPC traffic and detects Back Orifice traffic on the
+ network.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ FTP and Telnet Normalizer</td>
+ <td width="78%" class="vtable"><input name="ftp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ SMTP Normalizer</td>
+ <td width="78%" class="vtable"><input name="smtp_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ Portscan Detection</td>
+ <td width="78%" class="vtable"><input name="sf_portscan"
+ type="checkbox" value="on"
+ <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ Detects various types of portscans and portsweeps.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DCE/RPC2 Detection</td>
+ <td width="78%" class="vtable"><input name="dce_rpc_2"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC
+ traffic.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Enable <br>
+ DNS Detection</td>
+ <td width="78%" class="vtable"><input name="dns_preprocessor"
+ type="checkbox" value="on"
+ <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>
+ onClick="enable_change(false)"><br>
+ The DNS preprocessor decodes DNS Response traffic and detects some
+ vulnerabilities.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td>
+ <td width="78%" class="vtable"><input name="def_ssl_ports_ignore"
+ type="text" class="formfld" id="def_ssl_ports_ignore" size="40"
+ value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br>
+ <span class="vexpl"> Encrypted traffic should be ignored by Snort
+ for both performance reasons and to reduce false positives.<br>
+ Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please
+ use spaces and not commas.</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn"
+ value="Save"> <input type="button" class="formbtn" value="Cancel"
+ onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <br>
+ Please save your settings before you click Start. </td>
+ </tr>
+ </table>
+
+</table>
</form>
</div>
-<?php include("fend.inc"); ?>
+ <?php include("fend.inc"); ?>
</body>
</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 19:50:38 +0000