aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_preprocessors.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_preprocessors.php')
-rwxr-xr-xconfig/snort/snort_preprocessors.php380
1 files changed, 125 insertions, 255 deletions
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 26b37e81..5cee95df 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -6,7 +6,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -38,9 +38,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortlogdir = SNORTLOGDIR;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -66,6 +68,8 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_clie
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
+
+// Calculate the "next engine ID" to use for the multi-config engine arrays
$frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']);
$stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']);
$http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']);
@@ -73,170 +77,9 @@ $ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']);
$ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']);
$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
+if (isset($id) && isset($a_nat[$id])) {
$pconfig = $a_nat[$id];
- /* Get current values from config for page form fields */
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table'];
- $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
- $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts'];
- $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host'];
- $pconfig['max_paf'] = $a_nat[$id]['max_paf'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type'];
- $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted'];
- $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted'];
- $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize'];
- $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies'];
- $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol'];
- $pconfig['pscan_type'] = $a_nat[$id]['pscan_type'];
- $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level'];
- $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap'];
- $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
- $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
- $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type'];
- $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold'];
- $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output'];
- $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
- $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
- $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
- $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc'];
- $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc'];
- $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc'];
- $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc'];
- $pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc'];
- $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable'];
- $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules'];
-
- // Frag3 global settings
- $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection'];
- $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags'];
- $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap'];
-
- // See if new Frag3 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['frag3_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd",
- "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on",
- "overlap_limit" => 0, "min_frag_len" => 0 );
- $pconfig['frag3_engine']['item'] = array();
- $pconfig['frag3_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['frag3_engine']['item']))
- $a_nat[$id]['frag3_engine']['item'] = array();
- $a_nat[$id]['frag3_engine']['item'][] = $default;
- write_config();
- $frag3_engine_next_id++;
- }
- else
- $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine'];
-
- // Stream5 global settings
- $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
- $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert'];
- $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max'];
- $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
- $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
- $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp'];
- $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
- $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp'];
- $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
- $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
- $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp'];
- $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
-
- // See if new Stream5 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['stream5_tcp_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30,
- "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0,
- "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0,
- "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off",
- "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default",
- "ports_both" => "default", "ports_server" => "none" );
- $pconfig['stream5_tcp_engine']['item'] = array();
- $pconfig['stream5_tcp_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['stream5_tcp_engine']['item']))
- $a_nat[$id]['stream5_tcp_engine']['item'] = array();
- $a_nat[$id]['stream5_tcp_engine']['item'][] = $default;
- write_config();
- $stream5_tcp_engine_next_id++;
- }
- else
- $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine'];
-
- // HTTP_INSPECT global settings
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
- $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert'];
- $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem'];
-
- // See if new HTTP_INSPECT engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['http_inspect_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off",
- "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on",
- "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off",
- "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on",
- "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on",
- "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200,
- "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" );
- $pconfig['http_inspect_engine']['item'] = array();
- $pconfig['http_inspect_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['http_inspect_engine']['item']))
- $a_nat[$id]['http_inspect_engine']['item'] = array();
- $a_nat[$id]['http_inspect_engine']['item'][] = $default;
- write_config();
- $http_inspect_engine_next_id++;
- }
- else
- $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine'];
-
- // See if new FTP client engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_client_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256,
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" );
- $pconfig['ftp_client_engine']['item'] = array();
- $pconfig['ftp_client_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_client_engine']['item']))
- $a_nat[$id]['ftp_client_engine']['item'] = array();
- $a_nat[$id]['ftp_client_engine']['item'][] = $default;
- write_config();
- $ftp_client_engine_next_id++;
- }
- else
- $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine'];
-
- // See if new FTP server engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_server_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "ports" => "default",
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "ignore_data_chan" => "no", "def_max_param_len" => 100 );
- $pconfig['ftp_server_engine']['item'] = array();
- $pconfig['ftp_server_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_server_engine']['item']))
- $a_nat[$id]['ftp_server_engine']['item'] = array();
- $a_nat[$id]['ftp_server_engine']['item'][] = $default;
- write_config();
- $ftp_server_engine_next_id++;
- }
- else
- $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine'];
-
- /* If not using the Snort VRT rules, then disable */
- /* the Sensitive Data (sdf) preprocessor. */
- if ($vrt_enabled == "off")
- $pconfig['sensitive_data'] = "off";
-
/************************************************************/
/* To keep new users from shooting themselves in the foot */
/* enable the most common required preprocessors by default */
@@ -264,12 +107,14 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+
if (empty($pconfig['sdf_alert_data_type']))
$pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
$pconfig['sdf_mask_output'] = 'off';
+
if (empty($pconfig['smtp_preprocessor']))
$pconfig['smtp_preprocessor'] = 'on';
if (empty($pconfig['dce_rpc_2']))
@@ -340,36 +185,56 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['pscan_sense_level'] = 'medium';
}
-/* Define the "disabled_preproc_rules.log" file for this interface */
-$iface = snort_get_friendly_interface($pconfig['interface']);
-$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
-if ($_GET['act'] && isset($_GET['eng_id'])) {
+/* Define the "disabled_preproc_rules.log" file for this interface */
+$disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log";
- $natent = array();
- $natent = $pconfig;
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
- if ($_GET['act'] == "del_frag3")
- unset($natent['frag3_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_stream5_tcp")
- unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_http_inspect")
- unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_ftp_server")
- unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]);
-
- if (isset($id) && $a_nat[$id]) {
- $a_nat[$id] = $natent;
- write_config();
+// Handle deleting of any of the multiple configuration engines
+if ($_POST['del_http_inspect']) {
+ if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) {
+ unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#httpinspect_row");
+ exit;
}
-
- header("Location: snort_preprocessors.php?id=$id");
- exit;
}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+elseif ($_POST['del_frag3']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#frag3_row");
+ exit;
+ }
+}
+elseif ($_POST['del_stream5_tcp']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#stream5_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_client']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_server']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
}
if ($_POST['ResetAll']) {
@@ -434,7 +299,8 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All preprocessor settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -509,9 +375,9 @@ elseif ($_POST['Submit']) {
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}.");
}
/*************************************************/
@@ -524,7 +390,7 @@ elseif ($_POST['Submit']) {
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off')
- @unlink("{$disabled_rules_log}");
+ unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
@@ -543,20 +409,25 @@ elseif ($_POST['Submit']) {
header("Location: snort_preprocessors.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-elseif ($_POST['btn_import']) {
+
+if ($_POST['btn_import']) {
if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) {
$data = file_get_contents($_FILES['host_attribute_file']['tmp_name']);
- if ($data === false)
+ if ($data === false) {
$input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!");
+ $pconfig = $_POST;
+ }
else {
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['host_attribute_data'] = base64_encode($data);
$pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}.");
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -567,15 +438,18 @@ elseif ($_POST['btn_import']) {
exit;
}
}
- else
+ else {
$input_errors[] = gettext("No filename specified for import!");
+ $pconfig = $_POST;
+ }
}
-elseif ($_POST['btn_edit_hat']) {
- if (isset($id) && $a_nat[$id]) {
+
+if ($_POST['btn_edit_hat']) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
header("Location: snort_edit_hat_data.php?id=$id");
exit;
}
@@ -586,26 +460,21 @@ elseif ($_POST['btn_edit_hat']) {
if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data']))
$input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file.");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
+<?php include("fbegin.inc");
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<script type="text/javascript" src="/javascript/autosuggest.js">
@@ -613,8 +482,9 @@ include_once("head.inc");
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<form action="snort_preprocessors.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input name="eng_id" id="eng_id" type="hidden" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -622,23 +492,25 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -694,7 +566,7 @@ include_once("head.inc");
"disabled preprocessors, but can substantially compromise the level of protection by " .
"automatically disabling detection rules."); ?></td>
</tr>
- <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?>
+ <?php if (file_exists("{$snortlogdir}/{$disabled_rules_log}") && filesize("{$snortlogdir}/{$disabled_rules_log}") > 0): ?>
<tr>
<td width="3%">&nbsp;</td>
<td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);">
@@ -718,8 +590,8 @@ include_once("head.inc");
<tr id="host_attrib_table_data_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td>
<td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/>
- <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40">&nbsp;&nbsp;
- <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/>
+ <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"/>&nbsp;&nbsp;
+ <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"/><br/>
<?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/>
<span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span>
<?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank">
@@ -744,7 +616,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") .
"<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("524288") . "</strong>"; ?>.</td>
@@ -761,7 +633,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") .
"<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("65535") . "</strong>"; ?>.</td>
@@ -868,10 +740,10 @@ include_once("head.inc");
<td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
- <?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <input type="image" name="del_http_inspect[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -937,9 +809,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this engine configuration");?>"></a>
+ <input type="image" name="del_frag3[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1094,9 +966,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this TCP engine configuration");?>"></a>
+ <input type="image" name="del_stream5_tcp[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this TCP engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1329,9 +1201,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP client configuration");?>"></a>
+ <input type="image" name="del_ftp_client[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP client configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default client configuration cannot be deleted");?>">
@@ -1371,9 +1243,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP server configuration");?>"></a>
+ <input type="image" name="del_ftp_server[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -1399,7 +1271,7 @@ include_once("head.inc");
<?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?>
<br/>
<span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") .
- "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
+ "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\">" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
</td>
</tr>
<tr id="sdf_alert_data_row">
@@ -1533,9 +1405,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save preprocessor settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -1582,8 +1454,6 @@ include_once("head.inc");
function createAutoSuggest() {
<?php
echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
?>
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 21:02:53 +0000