aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_preprocessors.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_preprocessors.php')
-rwxr-xr-xconfig/snort/snort_preprocessors.php1556
1 files changed, 989 insertions, 567 deletions
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 95d5a10e..289a3941 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -6,6 +6,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,16 +38,6 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortlogdir = SNORTLOGDIR;
-if (!is_array($config['installedpackages']['snortglobal'])) {
- $config['installedpackages']['snortglobal'] = array();
-}
-$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
-
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
@@ -55,6 +46,32 @@ if (is_null($id)) {
exit;
}
+if (!is_array($config['installedpackages']['snortglobal']))
+ $config['installedpackages']['snortglobal'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+
+// Initialize multiple config engine arrays for supported preprocessors if necessary
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item']))
+ $config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['stream5_tcp_engine']['item']))
+ $config['installedpackages']['snortglobal']['rule'][$id]['stream5_tcp_engine']['item'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['http_inspect_engine']['item']))
+ $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect_engine']['item'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_server_engine']['item']))
+ $config['installedpackages']['snortglobal']['rule'][$id]['ftp_server_engine']['item'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item']))
+ $config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'] = array();
+
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
+$frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']);
+$stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']);
+$http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']);
+$ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']);
+$ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']);
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
$pconfig = $a_nat[$id];
@@ -66,32 +83,14 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts'];
$pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host'];
$pconfig['max_paf'] = $a_nat[$id]['max_paf'];
- $pconfig['server_flow_depth'] = $a_nat[$id]['server_flow_depth'];
- $pconfig['http_server_profile'] = $a_nat[$id]['http_server_profile'];
- $pconfig['client_flow_depth'] = $a_nat[$id]['client_flow_depth'];
- $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
- $pconfig['stream5_require_3whs'] = $a_nat[$id]['stream5_require_3whs'];
- $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
- $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
- $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
- $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes'];
- $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs'];
- $pconfig['stream5_overlap_limit'] = $a_nat[$id]['stream5_overlap_limit'];
- $pconfig['stream5_policy'] = $a_nat[$id]['stream5_policy'];
- $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
- $pconfig['stream5_tcp_timeout'] = $a_nat[$id]['stream5_tcp_timeout'];
- $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
- $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
- $pconfig['stream5_no_reassemble_async'] = $a_nat[$id]['stream5_no_reassemble_async'];
- $pconfig['stream5_dont_store_lg_pkts'] = $a_nat[$id]['stream5_dont_store_lg_pkts'];
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
- $pconfig['http_inspect_enable_xff'] = $a_nat[$id]['http_inspect_enable_xff'];
- $pconfig['http_inspect_log_uri'] = $a_nat[$id]['http_inspect_log_uri'];
- $pconfig['http_inspect_log_hostname'] = $a_nat[$id]['http_inspect_log_hostname'];
- $pconfig['noalert_http_inspect'] = $a_nat[$id]['noalert_http_inspect'];
$pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
$pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type'];
+ $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted'];
+ $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted'];
+ $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize'];
+ $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies'];
+ $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold'];
$pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
$pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
$pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol'];
@@ -102,6 +101,9 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
$pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
$pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
+ $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type'];
+ $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold'];
+ $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output'];
$pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
$pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
$pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
@@ -112,13 +114,123 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc'];
$pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable'];
$pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules'];
+
+ // Frag3 global settings
$pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection'];
- $pconfig['frag3_overlap_limit'] = $a_nat[$id]['frag3_overlap_limit'];
- $pconfig['frag3_min_frag_len'] = $a_nat[$id]['frag3_min_frag_len'];
- $pconfig['frag3_policy'] = $a_nat[$id]['frag3_policy'];
$pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags'];
$pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap'];
- $pconfig['frag3_timeout'] = $a_nat[$id]['frag3_timeout'];
+
+ // See if new Frag3 engine array is configured and use it;
+ // otherwise create a default engine configuration.
+ if (empty($pconfig['frag3_engine']['item'])) {
+ $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd",
+ "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on",
+ "overlap_limit" => 0, "min_frag_len" => 0 );
+ $pconfig['frag3_engine']['item'] = array();
+ $pconfig['frag3_engine']['item'][] = $default;
+ if (!is_array($a_nat[$id]['frag3_engine']['item']))
+ $a_nat[$id]['frag3_engine']['item'] = array();
+ $a_nat[$id]['frag3_engine']['item'][] = $default;
+ write_config();
+ $frag3_engine_next_id++;
+ }
+ else
+ $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine'];
+
+ // Stream5 global settings
+ $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
+ $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert'];
+ $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max'];
+ $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
+ $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
+ $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp'];
+ $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
+ $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp'];
+ $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
+ $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
+ $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp'];
+ $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
+
+ // See if new Stream5 engine array is configured and use it;
+ // otherwise create a default engine configuration.
+ if (empty($pconfig['stream5_tcp_engine']['item'])) {
+ $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30,
+ "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0,
+ "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0,
+ "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off",
+ "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default",
+ "ports_both" => "default", "ports_server" => "none" );
+ $pconfig['stream5_tcp_engine']['item'] = array();
+ $pconfig['stream5_tcp_engine']['item'][] = $default;
+ if (!is_array($a_nat[$id]['stream5_tcp_engine']['item']))
+ $a_nat[$id]['stream5_tcp_engine']['item'] = array();
+ $a_nat[$id]['stream5_tcp_engine']['item'][] = $default;
+ write_config();
+ $stream5_tcp_engine_next_id++;
+ }
+ else
+ $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine'];
+
+ // HTTP_INSPECT global settings
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
+ $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert'];
+ $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem'];
+
+ // See if new HTTP_INSPECT engine array is configured and use it;
+ // otherwise create a default engine configuration.
+ if (empty($pconfig['http_inspect_engine']['item'])) {
+ $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off",
+ "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on",
+ "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off",
+ "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on",
+ "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on",
+ "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200,
+ "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" );
+ $pconfig['http_inspect_engine']['item'] = array();
+ $pconfig['http_inspect_engine']['item'][] = $default;
+ if (!is_array($a_nat[$id]['http_inspect_engine']['item']))
+ $a_nat[$id]['http_inspect_engine']['item'] = array();
+ $a_nat[$id]['http_inspect_engine']['item'][] = $default;
+ write_config();
+ $http_inspect_engine_next_id++;
+ }
+ else
+ $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine'];
+
+ // See if new FTP client engine array is configured and use it;
+ // otherwise create a default engine configuration..
+ if (empty($pconfig['ftp_client_engine']['item'])) {
+ $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256,
+ "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
+ "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" );
+ $pconfig['ftp_client_engine']['item'] = array();
+ $pconfig['ftp_client_engine']['item'][] = $default;
+ if (!is_array($a_nat[$id]['ftp_client_engine']['item']))
+ $a_nat[$id]['ftp_client_engine']['item'] = array();
+ $a_nat[$id]['ftp_client_engine']['item'][] = $default;
+ write_config();
+ $ftp_client_engine_next_id++;
+ }
+ else
+ $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine'];
+
+ // See if new FTP server engine array is configured and use it;
+ // otherwise create a default engine configuration..
+ if (empty($pconfig['ftp_server_engine']['item'])) {
+ $default = array( "name" => "default", "bind_to" => "all", "ports" => "default",
+ "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
+ "ignore_data_chan" => "no", "def_max_param_len" => 100 );
+ $pconfig['ftp_server_engine']['item'] = array();
+ $pconfig['ftp_server_engine']['item'][] = $default;
+ if (!is_array($a_nat[$id]['ftp_server_engine']['item']))
+ $a_nat[$id]['ftp_server_engine']['item'] = array();
+ $a_nat[$id]['ftp_server_engine']['item'][] = $default;
+ write_config();
+ $ftp_server_engine_next_id++;
+ }
+ else
+ $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine'];
/* If not using the Snort VRT rules, then disable */
/* the Sensitive Data (sdf) preprocessor. */
@@ -134,10 +246,30 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['max_attribute_hosts'] = '10000';
if (empty($pconfig['max_attribute_services_per_host']))
$pconfig['max_attribute_services_per_host'] = '10';
- if (empty($pconfig['max_paf']))
+
+ if (empty($pconfig['max_paf']) && $pconfig['max_paf'] <> 0)
$pconfig['max_paf'] = '16000';
+
if (empty($pconfig['ftp_preprocessor']))
$pconfig['ftp_preprocessor'] = 'on';
+ if (empty($pconfig['ftp_telnet_inspection_type']))
+ $pconfig['ftp_telnet_inspection_type'] = 'stateful';
+ if (empty($pconfig['ftp_telnet_alert_encrypted']))
+ $pconfig['ftp_telnet_alert_encrypted'] = 'off';
+ if (empty($pconfig['ftp_telnet_check_encrypted']))
+ $pconfig['ftp_telnet_check_encrypted'] = 'on';
+ if (empty($pconfig['ftp_telnet_normalize']))
+ $pconfig['ftp_telnet_normalize'] = 'on';
+ if (empty($pconfig['ftp_telnet_detect_anomalies']))
+ $pconfig['ftp_telnet_detect_anomalies'] = 'on';
+ if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
+ $pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+ if (empty($pconfig['sdf_alert_data_type']))
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
+ if (empty($pconfig['sdf_alert_threshold']))
+ $pconfig['sdf_alert_threshold'] = '25';
+ if (empty($pconfig['sdf_mask_output']))
+ $pconfig['sdf_mask_output'] = 'off';
if (empty($pconfig['smtp_preprocessor']))
$pconfig['smtp_preprocessor'] = 'on';
if (empty($pconfig['dce_rpc_2']))
@@ -156,46 +288,48 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['other_preprocs'] = 'on';
if (empty($pconfig['ssh_preproc']))
$pconfig['ssh_preproc'] = 'on';
+
+ if (empty($pconfig['http_inspect']))
+ $pconfig['http_inspect'] = "on";
+ if (empty($pconfig['http_inspect_proxy_alert']))
+ $pconfig['http_inspect_proxy_alert'] = "off";
if (empty($pconfig['http_inspect_memcap']))
$pconfig['http_inspect_memcap'] = "150994944";
- if (empty($pconfig['frag3_overlap_limit']))
- $pconfig['frag3_overlap_limit'] = '0';
- if (empty($pconfig['frag3_min_frag_len']))
- $pconfig['frag3_min_frag_len'] = '0';
+ if (empty($pconfig['http_inspect_max_gzip_mem']))
+ $pconfig['http_inspect_max_gzip_mem'] = "838860";
+
if (empty($pconfig['frag3_max_frags']))
$pconfig['frag3_max_frags'] = '8192';
- if (empty($pconfig['frag3_policy']))
- $pconfig['frag3_policy'] = 'bsd';
if (empty($pconfig['frag3_memcap']))
$pconfig['frag3_memcap'] = '4194304';
- if (empty($pconfig['frag3_timeout']))
- $pconfig['frag3_timeout'] = '60';
if (empty($pconfig['frag3_detection']))
$pconfig['frag3_detection'] = 'on';
+
if (empty($pconfig['stream5_reassembly']))
$pconfig['stream5_reassembly'] = 'on';
+ if (empty($pconfig['stream5_flush_on_alert']))
+ $pconfig['stream5_flush_on_alert'] = 'off';
+ if (empty($pconfig['stream5_prune_log_max']) && $pconfig['stream5_prune_log_max'] <> 0)
+ $pconfig['stream5_prune_log_max'] = '1048576';
if (empty($pconfig['stream5_track_tcp']))
$pconfig['stream5_track_tcp'] = 'on';
+ if (empty($pconfig['stream5_max_tcp']))
+ $pconfig['stream5_max_tcp'] = '262144';
if (empty($pconfig['stream5_track_udp']))
$pconfig['stream5_track_udp'] = 'on';
- if (empty($pconfig['stream5_track_icmp']))
- $pconfig['stream5_track_icmp'] = 'off';
- if (empty($pconfig['stream5_require_3whs']))
- $pconfig['stream5_require_3whs'] = 'off';
- if (empty($pconfig['stream5_overlap_limit']))
- $pconfig['stream5_overlap_limit'] = '0';
- if (empty($pconfig['stream5_tcp_timeout']))
- $pconfig['stream5_tcp_timeout'] = '30';
+ if (empty($pconfig['stream5_max_udp']))
+ $pconfig['stream5_max_udp'] = '131072';
if (empty($pconfig['stream5_udp_timeout']))
$pconfig['stream5_udp_timeout'] = '30';
+ if (empty($pconfig['stream5_track_icmp']))
+ $pconfig['stream5_track_icmp'] = 'off';
+ if (empty($pconfig['stream5_max_icmp']))
+ $pconfig['stream5_max_icmp'] = '65536';
if (empty($pconfig['stream5_icmp_timeout']))
$pconfig['stream5_icmp_timeout'] = '30';
- if (empty($pconfig['stream5_no_reassemble_async']))
- $pconfig['stream5_no_reassemble_async'] = 'off';
- if (empty($pconfig['stream5_dont_store_lg_pkts']))
- $pconfig['stream5_dont_store_lg_pkts'] = 'off';
- if (empty($pconfig['stream5_policy']))
- $pconfig['stream5_policy'] = 'bsd';
+ if (empty($pconfig['stream5_mem_cap']))
+ $pconfig['stream5_mem_cap']= '8388608';
+
if (empty($pconfig['pscan_protocol']))
$pconfig['pscan_protocol'] = 'all';
if (empty($pconfig['pscan_type']))
@@ -210,6 +344,34 @@ if (isset($id) && $a_nat[$id]) {
$iface = snort_get_friendly_interface($pconfig['interface']);
$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
+if ($_GET['act'] && isset($_GET['eng_id'])) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ if ($_GET['act'] == "del_frag3")
+ unset($natent['frag3_engine']['item'][$_GET['eng_id']]);
+ elseif ($_GET['act'] == "del_stream5_tcp")
+ unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]);
+ elseif ($_GET['act'] == "del_http_inspect")
+ unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]);
+ elseif ($_GET['act'] == "del_ftp_server")
+ unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]);
+
+ if (isset($id) && $a_nat[$id]) {
+ $a_nat[$id] = $natent;
+ write_config();
+ }
+
+ header("Location: snort_preprocessors.php?id=$id");
+ exit;
+}
+
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
+ $pconfig[$_GET['varname']] = $_GET['varvalue'];
+}
+
if ($_POST['ResetAll']) {
/* Reset all the preprocessor settings to defaults */
@@ -218,32 +380,30 @@ if ($_POST['ResetAll']) {
$pconfig['max_attribute_hosts'] = '10000';
$pconfig['max_attribute_services_per_host'] = '10';
$pconfig['max_paf'] = '16000';
- $pconfig['server_flow_depth'] = "300";
- $pconfig['http_server_profile'] = "all";
- $pconfig['client_flow_depth'] = "300";
$pconfig['stream5_reassembly'] = "on";
- $pconfig['stream5_require_3whs'] = "off";
+ $pconfig['stream5_flush_on_alert'] = 'off';
+ $pconfig['stream5_prune_log_max'] = '1048576';
$pconfig['stream5_track_tcp'] = "on";
+ $pconfig['stream5_max_tcp'] = "262144";
$pconfig['stream5_track_udp'] = "on";
+ $pconfig['stream5_max_udp'] = "131072";
$pconfig['stream5_track_icmp'] = "off";
- $pconfig['max_queued_bytes'] = "1048576";
- $pconfig['max_queued_segs'] = "2621";
- $pconfig['stream5_overlap_limit'] = "0";
- $pconfig['stream5_policy'] = "bsd";
+ $pconfig['stream5_max_icmp'] = "65536";
$pconfig['stream5_mem_cap'] = "8388608";
- $pconfig['stream5_tcp_timeout'] = "30";
$pconfig['stream5_udp_timeout'] = "30";
$pconfig['stream5_icmp_timeout'] = "30";
- $pconfig['stream5_no_reassemble_async'] = "off";
- $pconfig['stream5_dont_store_lg_pkts'] = "off";
$pconfig['http_inspect'] = "on";
- $pconfig['http_inspect_enable_xff'] = "off";
- $pconfig['http_inspect_log_uri'] = "off";
- $pconfig['http_inspect_log_hostname'] = "off";
- $pconfig['noalert_http_inspect'] = "on";
+ $pconfig['http_inspect_proxy_alert'] = "off";
$pconfig['http_inspect_memcap'] = "150994944";
+ $pconfig['http_inspect_max_gzip_mem'] = "838860";
$pconfig['other_preprocs'] = "on";
$pconfig['ftp_preprocessor'] = "on";
+ $pconfig['ftp_telnet_inspection_type'] = "stateful";
+ $pconfig['ftp_telnet_alert_encrypted'] = "off";
+ $pconfig['ftp_telnet_check_encrypted'] = "on";
+ $pconfig['ftp_telnet_normalize'] = "on";
+ $pconfig['ftp_telnet_detect_anomalies'] = "on";
+ $pconfig['ftp_telnet_ayt_attack_threshold'] = "20";
$pconfig['smtp_preprocessor'] = "on";
$pconfig['sf_portscan'] = "off";
$pconfig['pscan_protocol'] = "all";
@@ -254,6 +414,9 @@ if ($_POST['ResetAll']) {
$pconfig['dce_rpc_2'] = "on";
$pconfig['dns_preprocessor'] = "on";
$pconfig['sensitive_data'] = "off";
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
+ $pconfig['sdf_alert_threshold'] = "25";
+ $pconfig['sdf_mask_output'] = "off";
$pconfig['ssl_preproc'] = "on";
$pconfig['pop_preproc'] = "on";
$pconfig['imap_preproc'] = "on";
@@ -265,22 +428,23 @@ if ($_POST['ResetAll']) {
$pconfig['preproc_auto_rule_disable'] = "off";
$pconfig['protect_preproc_rules'] = "off";
$pconfig['frag3_detection'] = "on";
- $pconfig['frag3_overlap_limit'] = "0";
- $pconfig['frag3_min_frag_len'] = "0";
- $pconfig['frag3_policy'] = "bsd";
$pconfig['frag3_max_frags'] = "8192";
$pconfig['frag3_memcap'] = "4194304";
- $pconfig['frag3_timeout'] = "60";
/* Log a message at the top of the page to inform the user */
- $savemsg = "All preprocessor settings have been reset to the defaults.";
+ $savemsg = gettext("All preprocessor settings have been reset to their defaults.");
}
elseif ($_POST['Submit']) {
$natent = array();
$natent = $pconfig;
- if ($_POST['pscan_ignore_scanners'] && !is_alias($_POST['pscan_ignore_scanners']))
- $input_errors[] = "Only aliases are allowed for the Portscan IGNORE_SCANNERS option.";
+ // Validate SDF alert threshold and alert data type values if SDF is enabled
+ if ($_POST['sensitive_data'] == 'on') {
+ if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 65535)
+ $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 65,535.");
+ if (empty($_POST['sdf_alert_data_type']))
+ $input_errors[] = gettext("You must select at least one sensitive data type to inspect for when Sensitive Data detection is enabled.");
+ }
/* if no errors write to conf */
if (!$input_errors) {
@@ -288,48 +452,45 @@ elseif ($_POST['Submit']) {
if ($_POST['max_attribute_hosts'] != "") { $natent['max_attribute_hosts'] = $_POST['max_attribute_hosts']; }else{ $natent['max_attribute_hosts'] = "10000"; }
if ($_POST['max_attribute_services_per_host'] != "") { $natent['max_attribute_services_per_host'] = $_POST['max_attribute_services_per_host']; }else{ $natent['max_attribute_services_per_host'] = "10"; }
if ($_POST['max_paf'] != "") { $natent['max_paf'] = $_POST['max_paf']; }else{ $natent['max_paf'] = "16000"; }
- if ($_POST['server_flow_depth'] != "") { $natent['server_flow_depth'] = $_POST['server_flow_depth']; }else{ $natent['server_flow_depth'] = "300"; }
- if ($_POST['http_server_profile'] != "") { $natent['http_server_profile'] = $_POST['http_server_profile']; }else{ $natent['http_server_profile'] = "all"; }
- if ($_POST['client_flow_depth'] != "") { $natent['client_flow_depth'] = $_POST['client_flow_depth']; }else{ $natent['client_flow_depth'] = "300"; }
if ($_POST['http_inspect_memcap'] != "") { $natent['http_inspect_memcap'] = $_POST['http_inspect_memcap']; }else{ $natent['http_inspect_memcap'] = "150994944"; }
- if ($_POST['stream5_overlap_limit'] != "") { $natent['stream5_overlap_limit'] = $_POST['stream5_overlap_limit']; }else{ $natent['stream5_overlap_limit'] = "0"; }
- if ($_POST['stream5_policy'] != "") { $natent['stream5_policy'] = $_POST['stream5_policy']; }else{ $natent['stream5_policy'] = "bsd"; }
+ if ($_POST['http_inspect_max_gzip_mem'] != "") { $natent['http_inspect_max_gzip_mem'] = $_POST['http_inspect_max_gzip_mem']; }else{ $natent['http_inspect_max_gzip_mem'] = "838860"; }
if ($_POST['stream5_mem_cap'] != "") { $natent['stream5_mem_cap'] = $_POST['stream5_mem_cap']; }else{ $natent['stream5_mem_cap'] = "8388608"; }
- if ($_POST['stream5_tcp_timeout'] != "") { $natent['stream5_tcp_timeout'] = $_POST['stream5_tcp_timeout']; }else{ $natent['stream5_tcp_timeout'] = "30"; }
+ if ($_POST['stream5_prune_log_max'] != "") { $natent['stream5_prune_log_max'] = $_POST['stream5_prune_log_max']; }else{ $natent['stream5_prune_log_max'] = "1048576"; }
if ($_POST['stream5_udp_timeout'] != "") { $natent['stream5_udp_timeout'] = $_POST['stream5_udp_timeout']; }else{ $natent['stream5_udp_timeout'] = "30"; }
if ($_POST['stream5_icmp_timeout'] != "") { $natent['stream5_icmp_timeout'] = $_POST['stream5_icmp_timeout']; }else{ $natent['stream5_icmp_timeout'] = "30"; }
- if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = "1048576"; }
- if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = "2621"; }
+ if ($_POST['stream5_max_tcp'] != "") { $natent['stream5_max_tcp'] = $_POST['stream5_max_tcp']; }else{ $natent['stream5_max_tcp'] = "262144"; }
+ if ($_POST['stream5_max_udp'] != "") { $natent['stream5_max_udp'] = $_POST['stream5_max_udp']; }else{ $natent['stream5_max_udp'] = "131072"; }
+ if ($_POST['stream5_max_icmp'] != "") { $natent['stream5_max_icmp'] = $_POST['stream5_max_icmp']; }else{ $natent['stream5_max_icmp'] = "65536"; }
if ($_POST['pscan_protocol'] != "") { $natent['pscan_protocol'] = $_POST['pscan_protocol']; }else{ $natent['pscan_protocol'] = "all"; }
if ($_POST['pscan_type'] != "") { $natent['pscan_type'] = $_POST['pscan_type']; }else{ $natent['pscan_type'] = "all"; }
if ($_POST['pscan_memcap'] != "") { $natent['pscan_memcap'] = $_POST['pscan_memcap']; }else{ $natent['pscan_memcap'] = "10000000"; }
if ($_POST['pscan_sense_level'] != "") { $natent['pscan_sense_level'] = $_POST['pscan_sense_level']; }else{ $natent['pscan_sense_level'] = "medium"; }
- if ($_POST['frag3_overlap_limit'] != "") { $natent['frag3_overlap_limit'] = $_POST['frag3_overlap_limit']; }else{ $natent['frag3_overlap_limit'] = "0"; }
- if ($_POST['frag3_min_frag_len'] != "") { $natent['frag3_min_frag_len'] = $_POST['frag3_min_frag_len']; }else{ $natent['frag3_min_frag_len'] = "0"; }
- if ($_POST['frag3_policy'] != "") { $natent['frag3_policy'] = $_POST['frag3_policy']; }else{ $natent['frag3_policy'] = "bsd"; }
+ if ($_POST['pscan_ignore_scanners'] != "") { $natent['pscan_ignore_scanners'] = $_POST['pscan_ignore_scanners']; }else{ $natent['pscan_ignore_scanners'] = ""; }
if ($_POST['frag3_max_frags'] != "") { $natent['frag3_max_frags'] = $_POST['frag3_max_frags']; }else{ $natent['frag3_max_frags'] = "8192"; }
if ($_POST['frag3_memcap'] != "") { $natent['frag3_memcap'] = $_POST['frag3_memcap']; }else{ $natent['frag3_memcap'] = "4194304"; }
- if ($_POST['frag3_timeout'] != "") { $natent['frag3_timeout'] = $_POST['frag3_timeout']; }else{ $natent['frag3_timeout'] = "60"; }
+ if ($_POST['ftp_telnet_inspection_type'] != "") { $natent['ftp_telnet_inspection_type'] = $_POST['ftp_telnet_inspection_type']; }else{ $natent['ftp_telnet_inspection_type'] = "stateful"; }
+ if ($_POST['ftp_telnet_ayt_attack_threshold'] != "") { $natent['ftp_telnet_ayt_attack_threshold'] = $_POST['ftp_telnet_ayt_attack_threshold']; }else{ $natent['ftp_telnet_ayt_attack_threshold'] = "20"; }
+ if ($_POST['sdf_alert_threshold'] != "") { $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; }else{ $natent['sdf_alert_threshold'] = "25"; }
- if ($_POST['pscan_ignore_scanners'])
- $natent['pscan_ignore_scanners'] = $_POST['pscan_ignore_scanners'];
- else
- unset($natent['pscan_ignore_scanners']);
+ // Set SDF inspection types
+ $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
$natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
$natent['host_attribute_table'] = $_POST['host_attribute_table'] ? 'on' : 'off';
$natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
- $natent['http_inspect_enable_xff'] = $_POST['http_inspect_enable_xff'] ? 'on' : 'off';
- $natent['http_inspect_log_uri'] = $_POST['http_inspect_log_uri'] ? 'on' : 'off';
- $natent['http_inspect_log_hostname'] = $_POST['http_inspect_log_hostname'] ? 'on' : 'off';
- $natent['noalert_http_inspect'] = $_POST['noalert_http_inspect'] ? 'on' : 'off';
+ $natent['http_inspect_proxy_alert'] = $_POST['http_inspect_proxy_alert'] ? 'on' : 'off';
$natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off';
$natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off';
+ $natent['ftp_telnet_alert_encrypted'] = $_POST['ftp_telnet_alert_encrypted'] ? 'on' : 'off';
+ $natent['ftp_telnet_check_encrypted'] = $_POST['ftp_telnet_check_encrypted'] ? 'on' : 'off';
+ $natent['ftp_telnet_normalize'] = $_POST['ftp_telnet_normalize'] ? 'on' : 'off';
+ $natent['ftp_telnet_detect_anomalies'] = $_POST['ftp_telnet_detect_anomalies'] ? 'on' : 'off';
$natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off';
$natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
+ $natent['sdf_mask_output'] = $_POST['sdf_mask_output'] ? 'on' : 'off';
$natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off';
$natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off';
$natent['imap_preproc'] = $_POST['imap_preproc'] ? 'on' : 'off';
@@ -343,28 +504,20 @@ elseif ($_POST['Submit']) {
$natent['protect_preproc_rules'] = $_POST['protect_preproc_rules'] ? 'on' : 'off';
$natent['frag3_detection'] = $_POST['frag3_detection'] ? 'on' : 'off';
$natent['stream5_reassembly'] = $_POST['stream5_reassembly'] ? 'on' : 'off';
+ $natent['stream5_flush_on_alert'] = $_POST['stream5_flush_on_alert'] ? 'on' : 'off';
$natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off';
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- $natent['stream5_require_3whs'] = $_POST['stream5_require_3whs'] ? 'on' : 'off';
- $natent['stream5_no_reassemble_async'] = $_POST['stream5_no_reassemble_async'] ? 'on' : 'off';
- $natent['stream5_dont_store_lg_pkts'] = $_POST['stream5_dont_store_lg_pkts'] ? 'on' : 'off';
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off')
@unlink("{$disabled_rules_log}");
- if (isset($id) && $a_nat[$id])
+ if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
- else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
- else
- $a_nat[] = $natent;
+ write_config();
}
- write_config();
-
/* Set flag to rebuild rules for this interface */
$rebuild_rules = true;
@@ -436,7 +589,7 @@ if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_d
$input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file.");
$if_friendly = snort_get_friendly_interface($pconfig['interface']);
-$pgtitle = "Snort: Interface {$if_friendly}: Preprocessors and Flow";
+$pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()">
@@ -546,7 +699,7 @@ include_once("head.inc");
<?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?>
<tr>
<td width="3%">&nbsp;</td>
- <td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600)"/>
+ <td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);">
&nbsp;&nbsp;&nbsp;<?php echo gettext("Click to view the list of currently auto-disabled rules"); ?></td>
</tr>
<?php endif; ?>
@@ -554,7 +707,7 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host Attribute Table Settings"); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host Attribute Table"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
@@ -564,13 +717,11 @@ include_once("head.inc");
<?php echo gettext("Use a Host Attribute Table file to auto-configure applicable preprocessors. " .
"Default is "); ?><strong><?php echo gettext("Not Checked"); ?></strong>.</td>
</tr>
- <tr>
+ <tr id="host_attrib_table_data_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td>
<td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/>
- <input name="host_attribute_file" type="file" class="formfld unknown" value="on" id="host_attribute_file" size="40"
- <?php if ($pconfig['host_attribute_table']<>"on") echo "disabled"; ?>>&nbsp;&nbsp;
- <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"
- <?php if ($pconfig['host_attribute_table']<>"on") echo "disabled"; ?>><br/>
+ <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40">&nbsp;&nbsp;
+ <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/>
<?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/>
<span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span>
<?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank">
@@ -580,9 +731,8 @@ include_once("head.inc");
<a href="http://code.google.com/p/hogger/" target="_blank"><?php echo gettext("Hogger"); ?></a><?php echo gettext(" or "); ?>
<a href="http://gamelinux.github.io/prads/" target="_blank"><?php echo gettext("PRADS"); ?></a><?php echo gettext(" can be used to " .
"scan networks and automatically generate a suitable Host Attribute Table file for import."); ?><br/><br/>
- <input type="submit" id="btn_edit_hat" name="btn_edit_hat" value="<?php if (!empty($pconfig['host_attribute_data'])) {echo gettext(" Edit ");} else {echo gettext("Create");} ?>"
- class="formbtn"
- <?php if ($pconfig['host_attribute_table']<>"on") echo "disabled"; ?>>&nbsp;&nbsp;
+ <input type="submit" id="btn_edit_hat" name="btn_edit_hat" value="<?php if (!empty($pconfig['host_attribute_data'])) {echo gettext(" Edit ");}
+ else {echo gettext("Create");} ?>" class="formbtn">&nbsp;&nbsp;
<?php if (!empty($pconfig['host_attribute_data'])) {echo gettext("Click to View or Edit the Host Attribute data.");}
else {echo gettext("Click to Create Host Attribute data manually.");}
if ($pconfig['host_attribute_table']=="on" && empty($pconfig['host_attribute_data'])){
@@ -590,14 +740,13 @@ include_once("head.inc");
gettext("No Host Attribute Data loaded - import from a file or enter it manually.");
} ?></td>
</tr>
- <tr>
+ <tr id="host_attrib_table_maxhosts_row">
<td valign="top" class="vncell"><?php echo gettext("Maximum Hosts"); ?></td>
<td class="vtable">
<table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="max_attribute_hosts" type="text" class="formfld" id="max_attribute_hosts" size="6"
- value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"
- <?php if ($pconfig['host_attribute_table']<>"on") echo "disabled"; ?>>&nbsp;&nbsp;
+ <td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9"
+ value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>">&nbsp;&nbsp;
<?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") .
"<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("524288") . "</strong>"; ?>.</td>
@@ -608,14 +757,13 @@ include_once("head.inc");
"Default is ") . "<strong>" . gettext("10000") . "</strong>"; ?>.<br/>
</td>
</tr>
- <tr>
+ <tr id="host_attrib_table_maxsvcs_row">
<td valign="top" class="vncell"><?php echo gettext("Maximum Services Per Host"); ?></td>
<td class="vtable">
<table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="max_attribute_services_per_host" type="text" class="formfld" id="max_attribute_services_per_host" size="6"
- value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"
- <?php if ($pconfig['host_attribute_table']<>"on") echo "disabled"; ?>>&nbsp;&nbsp;
+ <td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9"
+ value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>">&nbsp;&nbsp;
<?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") .
"<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("65535") . "</strong>"; ?>.</td>
@@ -627,250 +775,185 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Protocol Aware Flushing Setting"); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Protocol Aware Flushing"); ?></td>
</tr>
<tr>
<td valign="top" class="vncell"><?php echo gettext("Protocol Aware Flushing Maximum PDU"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="max_paf" type="text" class="formfld" id="max_paf" size="6"
- value="<?=htmlspecialchars($pconfig['max_paf']);?>">&nbsp;&nbsp;
- <?php echo gettext("Max number of PDUs to be reassembled into a single PDU. Min is ") .
- "<strong>" . gettext("0") . "</strong>" . gettext(" (off) and Max is ") . "<strong>" .
- gettext("63780") . "</strong>"; ?>.</td>
- </tr>
- </table>
- <?php echo gettext("Multiple PDUs within a single TCP segment, as well as one PDU spanning multiple TCP segments, will be " .
- "reassembled into one PDU per packet for each PDU. PDUs larger than the configured maximum will be split into multiple packets. " .
- "Default is ") . "<strong>" . gettext("16000") . "</strong>. " . gettext("A value of 0 disables Protocol Aware Flushing."); ?>.<br/>
+ <input name="max_paf" type="text" class="formfld unknown" id="max_paf" size="9"
+ value="<?=htmlspecialchars($pconfig['max_paf']);?>">&nbsp;
+ <?php echo gettext("Max number of PDUs to be reassembled into a single PDU. Min is ") .
+ "<strong>" . gettext("0") . "</strong>" . gettext(" (off) and Max is ") . "<strong>" .
+ gettext("63780") . "</strong>"; ?>.<br/><br/>
+ <?php echo gettext("Multiple PDUs within a single TCP segment, as well as one PDU spanning multiple TCP segments, will be " .
+ "reassembled into one PDU per packet for each PDU. PDUs larger than the configured maximum will be split into multiple packets. " .
+ "Default is ") . "<strong>" . gettext("16000") . "</strong>. " . gettext("A value of 0 disables Protocol Aware Flushing."); ?>.<br/>
</td>
</tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("HTTP Inspect Settings"); ?></td>
+ <tr id="httpinspect_row">
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("HTTP Inspect"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
<td width="78%" class="vtable"><input name="http_inspect"
type="checkbox" value="on" id="http_inspect" onclick="http_inspect_enable_change();"
- <?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked"; ?>>
- <?php echo gettext("Use HTTP Inspect to " .
- "Normalize/Decode and detect HTTP traffic and protocol anomalies. Default is "); ?>
+ <?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked";?>>
+ <?php echo gettext("Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies. Default is ");?>
<strong><?php echo gettext("Checked"); ?></strong>.</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable XFF/True-Client-IP"); ?></td>
- <td width="78%" class="vtable"><input name="http_inspect_enable_xff"
- type="checkbox" value="on" id="http_inspect_enable_xff"
- <?php if ($pconfig['http_inspect_enable_xff']=="on") echo "checked"; ?>>
- <?php echo gettext("Log original client IP present in X-Forwarded-For or True-Client-IP " .
- "HTTP headers. Default is "); ?>
- <strong><?php echo gettext("Not Checked"); ?></strong>.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable URI Logging"); ?></td>
- <td width="78%" class="vtable"><input name="http_inspect_log_uri"
- type="checkbox" value="on" id="http_inspect_log_uri"
- <?php if ($pconfig['http_inspect_log_uri']=="on") echo "checked"; ?>>
- <?php echo gettext("Parse URI data from the HTTP request and log it with other session data." .
- " Default is "); ?>
- <strong><?php echo gettext("Not Checked"); ?></strong>.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Hostname Logging"); ?></td>
- <td width="78%" class="vtable"><input name="http_inspect_log_hostname"
- type="checkbox" value="on" id="http_inspect_log_hostname"
- <?php if ($pconfig['http_inspect_log_hostname']=="on") echo "checked"; ?>>
- <?php echo gettext("Parse Hostname data from the HTTP request and log it with other session data." .
- " Default is "); ?>
- <strong><?php echo gettext("Not Checked"); ?></strong>.</td>
- </tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("HTTP Inspect Memory Cap"); ?></td>
+ <tr id="httpinspect_proxyalert_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Proxy Alert"); ?></td>
+ <td width="78%" class="vtable"><input name="http_inspect_proxy_alert"
+ type="checkbox" value="on" id="http_inspect_proxy_alert"
+ <?php if ($pconfig['http_inspect_proxy_alert']=="on") echo "checked";?>>
+ <?php echo gettext("Enable global alerting on HTTP server proxy usage. Default is ");?>
+ <strong><?php echo gettext("Not Checked"); ?></strong>.<br/><br/><span class="red"><strong>
+ <?php echo gettext("Note: ") . "</strong></span>" . gettext("By adding Server Configurations below and enabling " .
+ "the 'allow_proxy_use' parameter within them, alerts will be generated for web users that aren't using the configured " .
+ "proxies or are using a rogue proxy server.") . "<br/><br/><span class=\"red\"><strong>" . gettext("Warning: ") .
+ "</strong></span>" . gettext("If users are not required to configure web proxy use, you may get a lot " .
+ "of proxy alerts. Only use this feature with traditional proxy environments. Blind firewall proxies don't count!");?>
+ </td>
+ </tr>
+ <tr id="httpinspect_memcap_row">
+ <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="http_inspect_memcap" type="text" class="formfld"
- id="http_inspect_memcap" size="6"
- value="<?=htmlspecialchars($pconfig['http_inspect_memcap']);?>">&nbsp;&nbsp;
- <?php echo gettext("Max memory in bytes to use for URI and Hostname logging. Min is ") .
- "<strong>" . gettext("2304") . "</strong>" . gettext(" and Max is ") . "<strong>" .
- gettext("603979776") . "</strong>" . gettext(" (576 MB)"); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("Maximum amount of memory the preprocessor will use for logging the URI and Hostname data. The default " .
- "value is ") . "<strong>" . gettext("150,994,944") . "</strong>" . gettext(" (144 MB)."); ?>
- <?php echo gettext(" This option determines the maximum HTTP sessions that will log URI and Hostname data at any given instant. ") .
- gettext(" Max Logged Sessions = MEMCAP / 2304"); ?>.<br/>
+ <input name="http_inspect_memcap" type="text" class="formfld unknown"
+ id="http_inspect_memcap" size="9"
+ value="<?=htmlspecialchars($pconfig['http_inspect_memcap']);?>">&nbsp;
+ <?php echo gettext("Maximum memory in bytes to use for URI and Hostname logging. The Minimum value is ") .
+ "<strong>" . gettext("2304") . "</strong>" . gettext(" and the Maximum is ") . "<strong>" .
+ gettext("603979776") . "</strong>" . gettext(" (576 MB)"); ?>.<br/><br/>
+ <?php echo gettext("Sets the maximum amount of memory the preprocessor will use for logging the URI and Hostname data. The default " .
+ "value is ") . "<strong>" . gettext("150,994,944") . "</strong>" . gettext(" (144 MB)."); ?>
+ <?php echo gettext(" This option determines the maximum HTTP sessions that will log URI and Hostname data at any given instant. ") .
+ gettext(" Max Logged Sessions = MEMCAP / 2304"); ?>.
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("HTTP server flow depth"); ?></td>
+ <tr id="httpinspect_maxgzipmem_row">
+ <td valign="top" class="vncell"><?php echo gettext("Maximum gzip Memory"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="server_flow_depth" type="text" class="formfld"
- id="server_flow_depth" size="6"
- value="<?=htmlspecialchars($pconfig['server_flow_depth']);?>">&nbsp;&nbsp;<?php echo gettext("<strong>-1</strong> " .
- "to <strong>65535</strong> (<strong>-1</strong> disables HTTP " .
- "inspect, <strong>0</strong> enables all HTTP inspect)"); ?></td>
- </tr>
- </table>
- <?php echo gettext("Amount of HTTP server response payload to inspect. Snort's " .
- "performance may increase by adjusting this value."); ?><br/>
- <?php echo gettext("Setting this value too low may cause false negatives. Values above 0 " .
- "are specified in bytes. Recommended setting is maximum (65535). Default value is <strong>300</strong>"); ?><br/>
+ <input name="http_inspect_max_gzip_mem" type="text" class="formfld unknown"
+ id="http_inspect_memcap" size="9"
+ value="<?=htmlspecialchars($pconfig['http_inspect_max_gzip_mem']);?>">&nbsp;
+ <?php echo gettext("Maximum memory in bytes to use for decompression. The Minimum value is ") .
+ "<strong>" . gettext("3276") . "</strong>";?>.<br/><br/>
+ <?php echo gettext("The default value is ") . "<strong>" . gettext("838860") . "</strong>" . gettext(" bytes.");?>
+ <?php echo gettext(" This option determines the number of concurrent sessions that can be decompressed at any given instant.");?>
</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("HTTP server profile"); ?> </td>
- <td width="78%" class="vtable">
- <select name="http_server_profile" class="formselect" id="http_server_profile">
- <?php
- $profile = array('All', 'Apache', 'IIS', 'IIS4_0', 'IIS5_0');
- foreach ($profile as $val): ?>
- <option value="<?=strtolower($val);?>"
- <?php if (strtolower($val) == $pconfig['http_server_profile']) echo "selected"; ?>>
- <?=gettext($val);?></option>
- <?php endforeach; ?>
- </select>&nbsp;&nbsp;<?php echo gettext("Choose the profile type of the protected web server. The default is ") .
- "<strong>" . gettext("All") . "</strong>"; ?><br/>
- <?php echo gettext("IIS_4.0 and IIS_5.0 are identical to IIS except they alert on the ") .
- gettext("double decoding vulnerability present in those versions."); ?><br/>
- </td>
- </tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("HTTP client flow depth"); ?></td>
+ <tr id="httpinspect_engconf_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Server Configuration"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="client_flow_depth" type="text" class="formfld"
- id="client_flow_depth" size="6"
- value="<?=htmlspecialchars($pconfig['client_flow_depth']);?>"> <?php echo gettext("<strong>-1</strong> " .
- "to <strong>1460</strong> (<strong>-1</strong> disables HTTP " .
- "inspect, <strong>0</strong> enables all HTTP inspect)"); ?></td>
- </tr>
- </table>
- <?php echo gettext("Amount of raw HTTP client request payload to inspect. Snort's " .
- "performance may increase by adjusting this value."); ?><br/>
- <?php echo gettext("Setting this value too low may cause false negatives. Values above 0 " .
- "are specified in bytes. Recommended setting is maximum (1460). Default value is <strong>300</strong>"); ?><br/>
+ <table width="95%" align="left" id="httpinspectEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0">
+ <colgroup>
+ <col width="45%" align="left">
+ <col width="45%" align="center">
+ <col width="10%" align="right">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="string"><?php echo gettext("Server Name");?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
+ <th class="list" align="right"><a href="snort_import_aliases.php?id=<?=$id?>&eng=http_inspect_engine">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a>
+ <a href="snort_httpinspect_engine.php?id=<?=$id?>&eng_id=<?=$http_inspect_engine_next_id?>">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></a></th>
+ </tr>
+ </thead>
+ <?php foreach ($pconfig['http_inspect_engine']['item'] as $f => $v): ?>
+ <tr>
+ <td class="listlr" align="left"><?=gettext($v['name']);?></td>
+ <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
+ <td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>"></a>
+ <?php else : ?>
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
+ title="<?=gettext("Default server configuration cannot be deleted");?>">
+ <?php endif ?>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </table>
</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable HTTP Alerts"); ?></td>
- <td width="78%" class="vtable"><input name="noalert_http_inspect"
- type="checkbox" value="on" id="noalert_http_inspect"
- <?php if ($pconfig['noalert_http_inspect']=="on" || empty($pconfig['noalert_http_inspect'])) echo "checked"; ?>
- onClick="enable_change(false);"> <?php echo gettext("Turn off alerts from HTTP Inspect " .
- "preprocessor. This has no effect on HTTP rules. Default is "); ?>
- <strong><?php echo gettext("Checked"); ?></strong>.</td>
- </tr>
-
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Frag3 Settings"); ?></td>
+ <tr id="frag3_row">
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Frag3 Target-Based IP Defragmentation"); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable");?></td>
<td width="78%" class="vtable"><input name="frag3_detection" type="checkbox" value="on" onclick="frag3_enable_change();"
- <?php if ($pconfig['frag3_detection']=="on") echo "checked "; ?>
- onClick="enable_change(false)">
+ <?php if ($pconfig['frag3_detection']=="on") echo "checked";?>>
<?php echo gettext("Use Frag3 Engine to detect IDS evasion attempts via target-based IP packet fragmentation. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ "<strong>" . gettext("Checked") . "</strong>.";?></td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="frag3_memcap" type="text" class="formfld"
- id="frag3_memcap" size="6"
- value="<?=htmlspecialchars($pconfig['frag3_memcap']);?>">
- <?php echo gettext("Memory cap (in bytes) for self preservation."); ?>.</td>
- </tr>
- </table>
+ <tr id="frag3_memcap_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Memory Cap");?></td>
+ <td width="78%" class="vtable"><input name="frag3_memcap" type="text" class="formfld unknown" id="frag3_memcap" size="9" value="<?=htmlspecialchars($pconfig['frag3_memcap']);?>">
+ <?php echo gettext("Memory cap (in bytes) for self preservation.");?><br/>
<?php echo gettext("The maximum amount of memory allocated for Frag3 fragment reassembly. Default value is ") .
- "<strong>" . gettext("4MB") . "</strong>"; ?>.<br/>
+ "<strong>" . gettext("4MB") . "</strong>."; ?>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Maximum Fragments"); ?></td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="frag3_max_frags" type="text" class="formfld"
- id="frag3_max_frags" size="6"
- value="<?=htmlspecialchars($pconfig['frag3_max_frags']);?>">
- <?php echo gettext("Maximum simultaneous fragments to track."); ?></td>
- </tr>
- </table>
+ <tr id="frag3_maxfrags_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Maximum Fragments"); ?></td>
+ <td width="78%" class="vtable"><input name="frag3_max_frags" type="text" class="formfld unknown" id="frag3_max_frags" size="9" value="<?=htmlspecialchars($pconfig['frag3_max_frags']);?>">
+ <?php echo gettext("Maximum simultaneous fragments to track.");?>.<br/>
<?php echo gettext("The maximum number of simultaneous fragments to track. Default value is ") .
- "<strong>8192</strong>."; ?><br/>
- </td>
- </tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Overlap Limit"); ?></td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="frag3_overlap_limit" type="text" class="formfld"
- id="frag3_overlap_limit" size="6"
- value="<?=htmlspecialchars($pconfig['frag3_overlap_limit']);?>">
- <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (unlimited), values greater than zero set the overlapped fragments per packet limit."); ?></td>
- </tr>
- </table>
- <?php echo gettext("Sets the limit for the number of overlapping fragments allowed per packet. Default value is ") .
- "<strong>0</strong>" . gettext(" (unlimited)."); ?><br/>
- </td>
- </tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Minimum Fragment Length"); ?></td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="frag3_min_frag_len" type="text" class="formfld"
- id="frag3_min_frag_len" size="6"
- value="<?=htmlspecialchars($pconfig['frag3_min_frag_len']);?>">
- <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (check is disabled). Fragments smaller than or equal to this limit are considered malicious."); ?></td>
- </tr>
- </table>
- <?php echo gettext("Defines smallest fragment size (payload size) that should be considered valid. Default value is ") .
- "<strong>0</strong>" . gettext(" (check is disabled)."); ?><br/>
+ "<strong>8192</strong>.";?>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Timeout"); ?></td>
+ <tr id="frag3_engconf_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Engine Configuration"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="frag3_timeout" type="text" class="formfld"
- id="frag3_timeout" size="6"
- value="<?=htmlspecialchars($pconfig['frag3_timeout']);?>">
- <?php echo gettext("Timeout period in seconds for fragments in the engine."); ?></td>
- </tr>
- </table>
- <?php echo gettext("Fragments in the engine for longer than this period will be automatically dropped. Default value is ") .
- "<strong>" . gettext("60 ") . "</strong>" . gettext("seconds."); ?><br/>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Target Policy"); ?> </td>
- <td width="78%" class="vtable">
- <select name="frag3_policy" class="formselect" id="frag3_policy">
- <?php
- $profile = array( 'BSD', 'BSD-Right', 'First', 'Last', 'Linux', 'Solaris', 'Windows' );
- foreach ($profile as $val): ?>
- <option value="<?=strtolower($val);?>"
- <?php if (strtolower($val) == $pconfig['frag3_policy']) echo "selected"; ?>>
- <?=gettext($val);?></option>
- <?php endforeach; ?>
- </select>&nbsp;&nbsp;<?php echo gettext("Choose the IP fragmentation target policy appropriate for the protected hosts. The default is ") .
- "<strong>" . gettext("BSD") . "</strong>"; ?>.<br/>
- <?php echo gettext("Available OS targets are BSD, BSD-Right, First, Last, Linux, Solaris and Windows."); ?><br/>
+ <table width="95%" align="left" id="frag3EnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0">
+ <colgroup>
+ <col width="45%" align="left">
+ <col width="45%" align="center">
+ <col width="10%" align="right">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="string"><?php echo gettext("Engine Name");?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
+ <th class="list" align="right"><a href="snort_import_aliases.php?id=<?=$id?>&eng=frag3_engine">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import engine configuration from existing Aliases");?>"></a>
+ <a href="snort_frag3_engine.php?id=<?=$id?>&eng_id=<?=$frag3_engine_next_id?>">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new engine configuration");?>"></a></th>
+ </tr>
+ </thead>
+ <?php foreach ($pconfig['frag3_engine']['item'] as $f => $v): ?>
+ <tr>
+ <td class="listlr" align="left"><?=gettext($v['name']);?></td>
+ <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
+ <td class="listt" align="right"><a href="snort_frag3_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this engine configuration");?>"></a>
+ <?php else : ?>
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
+ title="<?=gettext("Default engine configuration cannot be deleted");?>">
+ <?php endif ?>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </table>
</td>
</tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Stream5 Settings"); ?></td>
+ <tr id="stream5_row">
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Stream5 Target-Based Stream Reassembly"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
@@ -879,182 +962,155 @@ include_once("head.inc");
<?php echo gettext("Use Stream5 session reassembly for TCP, UDP and/or ICMP traffic. Default is ") .
"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
- <tr>
+ <tr id="stream5_flushonalert_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Flush On Alert"); ?></td>
+ <td width="78%" class="vtable"><input name="stream5_flush_on_alert" type="checkbox" value="on"
+ <?php if ($pconfig['stream5_flush_on_alert']=="on") echo "checked"; ?>>
+ <?php echo gettext("Flush a TCP stream when an alert is generated on that stream. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong><br/><span class=\"red\"><strong>" .
+ gettext("Note: ") . "</strong></span>" . gettext("This parameter is for backwards compatibility.");?></td>
+ </tr>
+ <tr id="stream5_prunelogmax_row">
+ <td valign="top" class="vncell"><?php echo gettext("Prune Log Max"); ?></td>
+ <td class="vtable">
+ <input name="stream5_prune_log_max" type="text" class="formfld unknown" id="stream5_prune_log_max" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_prune_log_max']);?>">
+ <?php echo gettext("Prune Log Max Bytes. Minimum can be either ") . "<strong>0</strong>" . gettext(" (disabled), or if not disabled, ") .
+ "<strong>1024</strong>" . gettext(". Maximum is ") . "<strong>" . gettext("1073741824") . "</strong>";?>.
+ <?php echo gettext("Logs a message when a session terminates that was using more than the specified number of bytes. Default value is ") .
+ "<strong>1048576</strong>" . gettext(" bytes."); ?><br/>
+ </td>
+ </tr>
+ <tr id="stream5_proto_tracking_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol Tracking"); ?></td>
<td width="78%" class="vtable">
<input name="stream5_track_tcp" type="checkbox" value="on" id="stream5_track_tcp"
- <?php if ($pconfig['stream5_track_tcp']=="on") echo "checked"; ?>>
+ <?php if ($pconfig['stream5_track_tcp']=="on") echo "checked"; ?> onclick="stream5_track_tcp_enable_change();">
<?php echo gettext("Track and reassemble TCP sessions. Default is ") .
"<strong>" . gettext("Checked") . "</strong>."; ?>
<br/>
<input name="stream5_track_udp" type="checkbox" value="on" id="stream5_track_udp"
- <?php if ($pconfig['stream5_track_udp']=="on") echo "checked"; ?>>
+ <?php if ($pconfig['stream5_track_udp']=="on") echo "checked"; ?> onclick="stream5_track_udp_enable_change();">
<?php echo gettext("Track and reassemble UDP sessions. Default is ") .
"<strong>" . gettext("Checked") . "</strong>."; ?>
<br/>
<input name="stream5_track_icmp" type="checkbox" value="on" id="stream5_track_icmp"
- <?php if ($pconfig['stream5_track_icmp']=="on") echo "checked"; ?>>
+ <?php if ($pconfig['stream5_track_icmp']=="on") echo "checked"; ?> onclick="stream5_track_icmp_enable_change();">
<?php echo gettext("Track and reassemble ICMP sessions. Default is ") .
"<strong>" . gettext("Not Checked") . "</strong>."; ?>
</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Require 3-Way Handshake"); ?></td>
- <td width="78%" class="vtable"><input name="stream5_require_3whs" type="checkbox" value="on"
- <?php if ($pconfig['stream5_require_3whs']=="on") echo "checked "; ?>>
- <?php echo gettext("Establish sessions only on completion of SYN/SYN-ACK/ACK handshake. Default is ") .
- "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Do Not Reassemble Async"); ?></td>
- <td width="78%" class="vtable"><input name="stream5_no_reassemble_async" type="checkbox" value="on"
- <?php if ($pconfig['stream5_no_reassemble_async']=="on") echo "checked "; ?>>
- <?php echo gettext("Do not queue packets for reassembly if traffic has not been seen in both directions. Default is ") .
- "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Do Not Store Large TCP Packets"); ?></td>
- <td width="78%" class="vtable">
- <input name="stream5_dont_store_lg_pkts" type="checkbox" value="on"
- <?php if ($pconfig['stream5_dont_store_lg_pkts']=="on") echo "checked"; ?>>
- <?php echo gettext("Do not queue large packets in reassembly buffer to increase performance. Default is ") .
- "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
- <?php echo "<span class=\"red\"><strong>" . gettext("Warning: ") . "</strong></span>" .
- gettext("Enabling this option could result in missed packets. Recommended setting is not checked."); ?></td>
- </tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Max Queued Bytes"); ?></td>
+ <tr id="stream5_maxudp_row">
+ <td valign="top" class="vncell"><?php echo gettext("Maximum UDP Sessions"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="max_queued_bytes" type="text" class="formfld"
- id="max_queued_bytes" size="6"
- value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>">
- <?php echo gettext("Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> " .
- "( default value is <strong>1048576</strong>, <strong>0</strong> " .
- "means Maximum )"); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("The number of bytes to be queued for reassembly for TCP sessions in " .
- "memory. Default value is <strong>1048576</strong>"); ?>.<br/>
+ <input name="stream5_max_udp" type="text" class="formfld unknown" id="stream5_max_udp" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_max_udp']);?>">
+ <?php echo gettext("Maximum concurrent UDP sessions. Min is ") . "<strong>1</strong>" . gettext(" and Max is ") .
+ "<strong>" . gettext("1048576") . "</strong>.";?><br/>
+ <?php echo gettext("Sets the maximum number of concurrent UDP sessions that will be tracked. Default value is ") .
+ "<strong>" . gettext("131072") . "</strong>."; ?><br/>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Max Queued Segs"); ?></td>
+ <tr id="stream5_udp_sess_timeout_row">
+ <td valign="top" class="vncell"><?php echo gettext("UDP Session Timeout"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="max_queued_segs" type="text" class="formfld"
- id="max_queued_segs" size="6"
- value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>">
- <?php echo gettext("Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> " .
- "( default value is <strong>2621</strong>, <strong>0</strong> means " .
- "Maximum )"); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("The number of segments to be queued for reassembly for TCP sessions " .
- "in memory. Default value is <strong>2621</strong>"); ?>.<br/>
+ <input name="stream5_udp_timeout" type="text" class="formfld unknown" id="stream5_udp_timeout" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_udp_timeout']);?>">
+ <?php echo gettext("UDP Session timeout in seconds. Min is ") . "<strong>1</strong>" . gettext(" and Max is ") .
+ "<strong>" . gettext("86400") . "</strong>" . gettext(" (1 day).");?><br/>
+ <?php echo gettext("Sets the session reassembly timeout period for UDP packets. Default value is ") .
+ "<strong>" . gettext("30") . "</strong>" . gettext(" seconds."); ?><br/>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+ <tr id="stream5_maxicmp_row">
+ <td valign="top" class="vncell"><?php echo gettext("Maximum ICMP Sessions"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="stream5_mem_cap" type="text" class="formfld"
- id="stream5_mem_cap" size="6"
- value="<?=htmlspecialchars($pconfig['stream5_mem_cap']);?>">
- <?php echo gettext("Minimum is <strong>32768</strong>, Maximum is <strong>1073741824</strong> " .
- "( default value is <strong>8388608</strong>) "); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("The memory cap in bytes for TCP packet storage " .
- "in RAM. Default value is <strong>8388608</strong> (8 MB)"); ?>.<br/>
+ <input name="stream5_max_icmp" type="text" class="formfld unknown" id="stream5_max_icmp" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_max_icmp']);?>">
+ <?php echo gettext("Maximum concurrent ICMP sessions. Min is ") . "<strong>1</strong>" . gettext(" and Max is ") .
+ "<strong>" . gettext("1048576") . "</strong>.";?><br/>
+ <?php echo gettext("Sets the maximum number of concurrent ICMP sessions that will be tracked. Default value is ") .
+ "<strong>" . gettext("65536") . "</strong>."; ?><br/>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("Overlap Limit"); ?></td>
+ <tr id="stream5_icmp_sess_timeout_row">
+ <td valign="top" class="vncell"><?php echo gettext("ICMP Session Timeout"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="stream5_overlap_limit" type="text" class="formfld"
- id="stream5_overlap_limit" size="6"
- value="<?=htmlspecialchars($pconfig['stream5_overlap_limit']);?>">
- <?php echo gettext("Minimum is ") . "<strong>0</strong>" . gettext(" (unlimited), and the maximum is ") .
- "<strong>255</strong>."; ?></td>
- </tr>
- </table>
- <?php echo gettext("Sets the limit for the number of overlapping fragments allowed per packet. Default value is ") .
- "<strong>0</strong>" . gettext(" (unlimited)."); ?><br/>
+ <input name="stream5_icmp_timeout" type="text" class="formfld unknown" id="stream5_icmp_timeout" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_icmp_timeout']);?>">
+ <?php echo gettext("ICMP Session timeout in seconds. Min is ") . "<strong>1</strong>" . gettext(" and Max is ") .
+ "<strong>86400</strong>" . gettext(" (1 day).");?><br/>
+ <?php echo gettext("Sets the session reassembly timeout period for ICMP packets. Default value is ") .
+ "<strong>" . gettext("30") . "</strong>" . gettext(" seconds."); ?><br/>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("TCP Session Timeout"); ?></td>
+ <tr id="stream5_maxtcp_row">
+ <td valign="top" class="vncell"><?php echo gettext("Maximum TCP Sessions"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="stream5_tcp_timeout" type="text" class="formfld"
- id="stream5_tcp_timeout" size="6"
- value="<?=htmlspecialchars($pconfig['stream5_tcp_timeout']);?>">
- <?php echo gettext("TCP Session timeout in seconds. Minimum is ") . "<strong>1</strong>" . gettext(" and the maximum is ") .
- "<strong>86400</strong>" . gettext(" (approximately 1 day)"); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("Sets the session reassembly timeout period for TCP packets. Default value is ") .
- "<strong>30</strong>" . gettext(" seconds."); ?><br/>
+ <input name="stream5_max_tcp" type="text" class="formfld unknown" id="stream5_max_tcp" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_max_tcp']);?>">
+ <?php echo gettext("Maximum concurrent TCP sessions. Min is ") . "<strong>1</strong>" . gettext(" and Max is ") .
+ "<strong>" . gettext("1048576") . "</strong>.";?><br/>
+ <?php echo gettext("Sets the maximum number of concurrent TCP sessions that will be tracked. Default value is ") .
+ "<strong>" . gettext("262144") . "</strong>."; ?><br/>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("UDP Session Timeout"); ?></td>
+ <tr id="stream5_tcp_memcap_row">
+ <td valign="top" class="vncell"><?php echo gettext("TCP Memory Cap"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="stream5_udp_timeout" type="text" class="formfld"
- id="stream5_udp_timeout" size="6"
- value="<?=htmlspecialchars($pconfig['stream5_udp_timeout']);?>">
- <?php echo gettext("UDP Session timeout in seconds. Minimum is ") . "<strong>1</strong>" . gettext(" and the maximum is ") .
- "<strong>86400</strong>" . gettext(" (approximately 1 day)"); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("Sets the session reassembly timeout period for UDP packets. Default value is ") .
- "<strong>30</strong>" . gettext(" seconds."); ?><br/>
+ <input name="stream5_mem_cap" type="text" class="formfld unknown" id="stream5_mem_cap" size="9"
+ value="<?=htmlspecialchars($pconfig['stream5_mem_cap']);?>">
+ <?php echo gettext("Memory for TCP packet storage. Min is ") . "<strong>" . gettext("32768") . "</strong>" .
+ gettext(" and Max is ") . "<strong>" . gettext("1073741824") . "</strong>" .
+ gettext(" bytes.");?><br/>
+ <?php echo gettext("The memory cap in bytes for TCP packet storage " .
+ "in RAM. Default value is ") . "<strong>" . gettext("8388608") . "</strong>" . gettext(" (8 MB)"); ?>.<br/>
</td>
</tr>
- <tr>
- <td valign="top" class="vncell"><?php echo gettext("ICMP Session Timeout"); ?></td>
+ <tr id="stream5_tcp_engconf_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("TCP Engine Configuration"); ?></td>
<td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="stream5_icmp_timeout" type="text" class="formfld"
- id="stream5_icmp_timeout" size="6"
- value="<?=htmlspecialchars($pconfig['stream5_icmp_timeout']);?>">
- <?php echo gettext("ICMP Session timeout in seconds. Minimum is ") . "<strong>1</strong>" . gettext(" and the maximum is ") .
- "<strong>86400</strong>" . gettext(" (approximately 1 day)"); ?>.</td>
- </tr>
- </table>
- <?php echo gettext("Sets the session reassembly timeout period for ICMP packets. Default value is ") .
- "<strong>30</strong>" . gettext(" seconds."); ?><br/>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("IP Target Policy"); ?></td>
- <td width="78%" class="vtable">
- <select name="stream5_policy" class="formselect" id="stream5_policy">
- <?php
- $profile = array( 'BSD', 'First', 'HPUX', 'HPUX10', 'Irix', 'Last', 'Linux', 'MacOS', 'Old-Linux',
- 'Solaris', 'Vista', 'Windows', 'Win2003' );
- foreach ($profile as $val): ?>
- <option value="<?=strtolower($val);?>"
- <?php if (strtolower($val) == $pconfig['stream5_policy']) echo "selected"; ?>>
- <?=gettext($val);?></option>
- <?php endforeach; ?>
- </select>&nbsp;&nbsp;<?php echo gettext("Choose the TCP reassembly target policy appropriate for the protected hosts. The default is ") .
- "<strong>" . gettext("BSD") . "</strong>"; ?>.<br/>
- <?php echo gettext("Available OS targets are BSD, First, HPUX, HPUX10, Irix, Last, Linux, MacOS, Old Linux, Solaris, Vista, Windows, and Win2003 Server."); ?><br/>
+ <table width="95%" align="left" id="stream5EnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0">
+ <colgroup>
+ <col width="45%" align="left">
+ <col width="45%" align="center">
+ <col width="10%" align="right">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="string"><?php echo gettext("Engine Name");?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
+ <th class="list" align="right"><a href="snort_import_aliases.php?id=<?=$id?>&eng=stream5_tcp_engine">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import TCP engine configuration from existing Aliases");?>"></a>
+ <a href="snort_stream5_engine.php?id=<?=$id?>&eng_id=<?=$stream5_tcp_engine_next_id?>">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new TCP engine configuration");?>"></a></th>
+ </tr>
+ </thead>
+ <?php foreach ($pconfig['stream5_tcp_engine']['item'] as $f => $v): ?>
+ <tr>
+ <td class="listlr" align="left"><?=gettext($v['name']);?></td>
+ <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
+ <td class="listt" align="right"><a href="snort_stream5_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this TCP engine configuration");?>"></a>
+ <?php else : ?>
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
+ title="<?=gettext("Default engine configuration cannot be deleted");?>">
+ <?php endif ?>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </table>
</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Portscan Settings"); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Portscan Detection"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
@@ -1064,7 +1120,7 @@ include_once("head.inc");
<?php echo gettext("Use Portscan Detection to detect various types of port scans and sweeps. Default is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
</tr>
- <tr>
+ <tr id="portscan_protocol_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?> </td>
<td width="78%" class="vtable">
<select name="pscan_protocol" class="formselect" id="pscan_protocol">
@@ -1079,7 +1135,7 @@ include_once("head.inc");
"<strong>" . gettext("all") . "</strong>."; ?><br/>
</td>
</tr>
- <tr>
+ <tr id="portscan_type_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Scan Type"); ?> </td>
<td width="78%" class="vtable">
<select name="pscan_type" class="formselect" id="pscan_type">
@@ -1111,7 +1167,7 @@ include_once("head.inc");
</table>
</td>
</tr>
- <tr>
+ <tr id="portscan_sensitivity_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Sensitivity"); ?> </td>
<td width="78%" class="vtable">
<select name="pscan_sense_level" class="formselect" id="pscan_sense_level">
@@ -1140,13 +1196,13 @@ include_once("head.inc");
</table>
</td>
</tr>
- <tr>
+ <tr id="portscan_memcap_row">
<td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
<td class="vtable">
<table cellpadding="0" cellspacing="0">
<tr>
- <td><input name="pscan_memcap" type="text" class="formfld"
- id="pscan_memcap" size="6"
+ <td class="vexpl"><input name="pscan_memcap" type="text" class="formfld unknown"
+ id="pscan_memcap" size="9"
value="<?=htmlspecialchars($pconfig['pscan_memcap']);?>">
<?php echo gettext("Maximum memory in bytes to allocate for portscan detection. ") .
gettext("Default is ") . "<strong>" . gettext("10000000") . "</strong>" .
@@ -1158,17 +1214,231 @@ include_once("head.inc");
"<strong>10,000,000</strong>" . gettext(" bytes. (10 MB)"); ?><br/>
</td>
</tr>
- <tr>
+ <tr id="portscan_ignorescanners_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore Scanners"); ?></td>
<td width="78%" class="vtable">
- <input name="pscan_ignore_scanners" type="text" size="40" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners"
- value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
- gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.<br/>
- <?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias."); ?><br/>
+ <table width="95%" cellspacing="0" cellpadding="0" border="0">
+ <tr>
+ <td class="vexpl">
+ <input name="pscan_ignore_scanners" type="text" size="25" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners"
+ value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>">&nbsp;&nbsp;<?php echo gettext("Leave blank for default. ") .
+ gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td>
+ <td class="vexpl" align="right">
+ <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ title="<?php echo gettext("Select an existing IP alias");?>"/></td>
+ </tr>
+ <tr>
+ <td class="vexpl" colspan="2"><?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias."); ?></td>
+ </tr>
+ </table>
</td>
</tr>
+ <tr id="ftp_telnet_row">
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("FTP and Telnet Global Options"); ?></td>
+ </tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Preprocessor Settings"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+ <td width="78%" class="vtable"><input name="ftp_preprocessor" type="checkbox" value="on"
+ <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onclick="ftp_telnet_enable_change();">
+ <?php echo gettext("Normalize/Decode FTP and Telnet traffic and protocol anomalies. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr id="ftp_telnet_row_type">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Inspection Type"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="ftp_telnet_inspection_type" class="formselect" id="ftp_telnet_inspection_type">
+ <?php
+ $values = array('stateful', 'stateless');
+ foreach ($values as $val): ?>
+ <option value="<?=$val;?>"
+ <?php if ($val == $pconfig['ftp_telnet_inspection_type']) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;&nbsp;<?php echo gettext("Choose to operate in stateful or stateless mode. Default is ") .
+ "<strong>" . gettext("stateful") . "</strong>."; ?><br/>
+ </td>
+ </tr>
+ <tr id="ftp_telnet_row_encrypted_check">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Check Encrypted Traffic"); ?></td>
+ <td width="78%" class="vtable"><input name="ftp_telnet_check_encrypted" type="checkbox" value="on"
+ <?php if ($pconfig['ftp_telnet_check_encrypted']=="on") echo "checked"; ?>>
+ <?php echo gettext("Continue to check an encrypted session for subsequent command to cease encryption. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr id="ftp_telnet_row_encrypted_alert">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert on Encrypted Commands"); ?></td>
+ <td width="78%" class="vtable"><input name="ftp_telnet_alert_encrypted" type="checkbox" value="on"
+ <?php if ($pconfig['ftp_telnet_alert_encrypted']=="on") echo "checked"; ?>>
+ <?php echo gettext("Alert on encrypted FTP and Telnet command channels. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr id="ftp_telnet_row_telnet_proto_opts">
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Telnet Protocol Options"); ?></td>
+ </tr>
+ <tr id="ftp_telnet_row_normalize">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Normalization"); ?></td>
+ <td width="78%" class="vtable"><input name="ftp_telnet_normalize" type="checkbox" value="on"
+ <?php if ($pconfig['ftp_telnet_normalize']=="on") echo "checked"; ?>>
+ <?php echo gettext("Normalize Telnet traffic by eliminating Telnet escape sequences. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr id="ftp_telnet_row_detect_anomalies">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Detect Anomalies"); ?></td>
+ <td width="78%" class="vtable"><input name="ftp_telnet_detect_anomalies" type="checkbox" value="on"
+ <?php if ($pconfig['ftp_telnet_detect_anomalies']=="on") echo "checked"; ?>>
+ <?php echo gettext("Alert on Telnet subnegotiation begin without corresponding subnegotiation end. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
+ </tr>
+ <tr id="ftp_telnet_row_ayt_threshold">
+ <td valign="top" class="vncell"><?php echo gettext("AYT Attack Threshold"); ?></td>
+ <td class="vtable">
+ <input name="ftp_telnet_ayt_attack_threshold" type="text" class="formfld unknown" id="ftp_telnet_ayt_attack_threshold" size="9"
+ value="<?=htmlspecialchars($pconfig['ftp_telnet_ayt_attack_threshold']);?>">
+ <?php echo gettext("Are-You-There (AYT) command alert threshold. Enter ") . "<strong>" . gettext("0") . "</strong>" .
+ gettext(" to disable. Default is ") . "<strong>" . gettext("20.") . "</strong>";?><br/>
+ <?php echo gettext("Alert when the number of consecutive Telnet AYT commands reaches the number specified.");?><br/>
+ </td>
+ </tr>
+ <tr id="ftp_telnet_row_ftp_proto_opts">
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("FTP Protocol Options"); ?></td>
+ </tr>
+ <tr id="ftp_telnet_ftp_client_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Client Configuration"); ?></td>
+ <td class="vtable">
+ <table width="95%" align="left" id="FTPclientEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0">
+ <colgroup>
+ <col width="45%" align="left">
+ <col width="45%" align="center">
+ <col width="10%" align="right">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="string"><?php echo gettext("Engine Name");?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
+ <th class="list" align="right"><a href="snort_import_aliases.php?id=<?=$id?>&eng=ftp_client_engine">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import client configuration from existing Aliases");?>"></a>
+ <a href="snort_ftp_client_engine.php?id=<?=$id?>&eng_id=<?=$ftp_client_engine_next_id?>">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new FTP client configuration");?>"></a></th>
+ </tr>
+ </thead>
+ <?php foreach ($pconfig['ftp_client_engine']['item'] as $f => $v): ?>
+ <tr>
+ <td class="listlr" align="left"><?=gettext($v['name']);?></td>
+ <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
+ <td class="listt" align="right"><a href="snort_ftp_client_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP client configuration");?>"></a>
+ <?php else : ?>
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
+ title="<?=gettext("Default client configuration cannot be deleted");?>">
+ <?php endif ?>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </table>
+ </td>
+ </tr>
+ <tr id="ftp_telnet_ftp_server_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Server Configuration"); ?></td>
+ <td class="vtable">
+ <table width="95%" align="left" id="FTPserverEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0">
+ <colgroup>
+ <col width="45%" align="left">
+ <col width="45%" align="center">
+ <col width="10%" align="right">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="string"><?php echo gettext("Engine Name");?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
+ <th class="list" align="right"><a href="snort_import_aliases.php?id=<?=$id?>&eng=ftp_server_engine">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a>
+ <a href="snort_ftp_server_engine.php?id=<?=$id?>&eng_id=<?=$ftp_server_engine_next_id?>">
+ <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new FTP Server configuration");?>"></a></th>
+ </tr>
+ </thead>
+ <?php foreach ($pconfig['ftp_server_engine']['item'] as $f => $v): ?>
+ <tr>
+ <td class="listlr" align="left"><?=gettext($v['name']);?></td>
+ <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
+ <td class="listt" align="right"><a href="snort_ftp_server_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP server configuration");?>"></a>
+ <?php else : ?>
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
+ title="<?=gettext("Default server configuration cannot be deleted");?>">
+ <?php endif ?>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Sensitive Data Detection"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="sensitive_data" type="checkbox" value="on" onclick="sensitive_data_enable_change();"
+ <?php if ($pconfig['sensitive_data'] == "on")
+ echo "checked";
+ elseif ($vrt_enabled == "off")
+ echo "disabled";
+ ?>>
+ <?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?>
+ <br/>
+ <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") .
+ "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
+ </td>
+ </tr>
+ <tr id="sdf_alert_data_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Inspect for"); ?> </td>
+ <td width="78%" class="vtable">
+ <select name="sdf_alert_data_type[]" class="formselect" id="sdf_alert_data_type" size="4" multiple="multiple">
+ <?php
+ $values = array('Credit Card', 'Email Addresses', 'U.S. Phone Numbers', 'U.S. Social Security Numbers');
+ foreach ($values as $val): ?>
+ <option value="<?=$val;?>"
+ <?php if (preg_match("/$val/",$pconfig['sdf_alert_data_type'])) echo "selected"; ?>>
+ <?=gettext($val);?></option>
+ <?php endforeach; ?>
+ </select><br/><?php echo gettext("Choose which types of sensitive data to detect. Use CTRL + Click for multiple selections."); ?><br/>
+ </td>
+ </tr>
+ <tr id="sdf_alert_threshold_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Threshold"); ?></td>
+ <td width="78%" class="vtable"><input name="sdf_alert_threshold" type="text" class="formfld unknown" id="sdf_alert_threshold" size="9" value="<?=htmlspecialchars($pconfig['sdf_alert_threshold']);?>">
+ <?php echo gettext("Personally Identifiable Information (PII) combination alert threshold.");?><br/>
+ <?php echo gettext("This value sets the number of PII combinations required to trigger an alert. This should be set higher than the highest individual count in your \"sd_pattern\" rules. Default value is ") .
+ "<strong>" . gettext("25") . "</strong>.";?>
+ </td>
+ </tr>
+ <tr id="sdf_mask_output_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Mask Output"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="sdf_mask_output" type="checkbox" value="on"
+ <?php if ($pconfig['sdf_mask_output'] == "on")
+ echo "checked";
+ ?>>
+ <?php echo gettext("Replace all but last 4 digits of PII with \"X\"s on credit card and Social Security Numbers. ") .
+ gettext("Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Preprocessors"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable RPC Decode and Back Orifice detector"); ?></td>
@@ -1178,13 +1448,6 @@ include_once("head.inc");
"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable FTP and Telnet Normalizer"); ?></td>
- <td width="78%" class="vtable"><input name="ftp_preprocessor" type="checkbox" value="on"
- <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?>>
- <?php echo gettext("Normalize/Decode FTP and Telnet traffic and protocol anomalies. Default is ") .
- "<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
- </tr>
- <tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable POP Normalizer"); ?></td>
<td width="78%" class="vtable"><input name="pop_preproc" type="checkbox" value="on"
<?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?>>
@@ -1216,7 +1479,7 @@ include_once("head.inc");
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SIP Detection"); ?></td>
<td width="78%" class="vtable"><input name="sip_preproc" type="checkbox" value="on"
<?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>>
- <?php echo gettext("The SIP preprocessor decodes SIP traffic and detects some vulnerabilities. Default is ") .
+ <?php echo gettext("The SIP preprocessor decodes SIP traffic and detects vulnerabilities. Default is ") .
"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
@@ -1235,7 +1498,7 @@ include_once("head.inc");
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNS Detection"); ?></td>
<td width="78%" class="vtable"><input name="dns_preprocessor" type="checkbox" value="on"
<?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>>
- <?php echo gettext("The DNS preprocessor decodes DNS Response traffic and detects vulnerabilities. Default is ") .
+ <?php echo gettext("The DNS preprocessor decodes DNS response traffic and detects vulnerabilities. Default is ") .
"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
@@ -1247,21 +1510,7 @@ include_once("head.inc");
"<strong>" . gettext("Checked") . "</strong>"; ?>.</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Sensitive Data"); ?></td>
- <td width="78%" class="vtable">
- <input name="sensitive_data" type="checkbox" value="on"
- <?php if ($pconfig['sensitive_data'] == "on")
- echo "checked";
- elseif ($vrt_enabled == "off")
- echo "disabled";
- ?>>
- <?php echo gettext("Sensitive data searches for credit card or Social Security numbers and e-mail addresses in data."); ?>
- <br/>
- <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the Global Settings tab."); ?>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("SCADA Preprocessor Settings"); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("SCADA Preprocessors"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Modbus Detection"); ?></td>
@@ -1315,6 +1564,7 @@ include_once("head.inc");
if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
+ // Skip any Aliases that resolve to an empty string
if (trim(filter_expand_alias($alias_name['name'])) == "")
continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
@@ -1334,6 +1584,8 @@ include_once("head.inc");
function createAutoSuggest() {
<?php
echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
+ echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
+ echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
?>
}
@@ -1350,41 +1602,125 @@ function frag3_enable_change() {
}
}
var endis = !(document.iform.frag3_detection.checked);
- document.iform.frag3_overlap_limit.disabled=endis;
- document.iform.frag3_min_frag_len.disabled=endis;
- document.iform.frag3_policy.disabled=endis;
- document.iform.frag3_max_frags.disabled=endis;
- document.iform.frag3_memcap.disabled=endis;
- document.iform.frag3_timeout.disabled=endis;
+
+ // Hide the "config engines" table if Frag3 disabled
+ if (endis) {
+ document.getElementById("frag3_engconf_row").style.display="none";
+ document.getElementById("frag3_memcap_row").style.display="none";
+ document.getElementById("frag3_maxfrags_row").style.display="none";
+ }
+ else {
+ document.getElementById("frag3_engconf_row").style.display="table-row";
+ document.getElementById("frag3_memcap_row").style.display="table-row";
+ document.getElementById("frag3_maxfrags_row").style.display="table-row";
+ }
}
function host_attribute_table_enable_change() {
var endis = !(document.iform.host_attribute_table.checked);
- document.iform.host_attribute_file.disabled=endis;
- document.iform.btn_import.disabled=endis;
- document.iform.btn_edit_hat.disabled=endis;
- document.iform.max_attribute_hosts.disabled=endis;
- document.iform.max_attribute_services_per_host.disabled=endis;
+
+ // Hide "Host Attribute Table" config rows if HAT disabled
+ if (endis) {
+ document.getElementById("host_attrib_table_data_row").style.display="none";
+ document.getElementById("host_attrib_table_maxhosts_row").style.display="none";
+ document.getElementById("host_attrib_table_maxsvcs_row").style.display="none";
+ }
+ else {
+ document.getElementById("host_attrib_table_data_row").style.display="table-row";
+ document.getElementById("host_attrib_table_maxhosts_row").style.display="table-row";
+ document.getElementById("host_attrib_table_maxsvcs_row").style.display="table-row";
+ }
+}
+
+function stream5_track_tcp_enable_change() {
+ var endis = !(document.iform.stream5_track_tcp.checked);
+
+ // Hide the "tcp_memcap and tcp_engconf" rows if stream5_track_tcp disabled
+ if (endis) {
+ document.getElementById("stream5_maxtcp_row").style.display="none";
+ document.getElementById("stream5_tcp_memcap_row").style.display="none";
+ document.getElementById("stream5_tcp_engconf_row").style.display="none";
+ }
+ else {
+ document.getElementById("stream5_maxtcp_row").style.display="table-row";
+ document.getElementById("stream5_tcp_memcap_row").style.display="table-row";
+ document.getElementById("stream5_tcp_engconf_row").style.display="table-row";
+ }
+}
+
+function stream5_track_udp_enable_change() {
+ var endis = !(document.iform.stream5_track_udp.checked);
+
+ // Hide the "udp session timeout " row if stream5_track_udp disabled
+ if (endis) {
+ var msg = "WARNING: Stream5 UDP tracking is required by the Session Initiation Protocol (SIP) preprocessor! ";
+ msg = msg + "The SIP preprocessor will be automatically disabled if Stream5 UDP tracking is disabled.\n\n";
+ msg = msg + "Snort may fail to start because of rule options dependent on the SIP preprocessor. ";
+ msg = msg + "Are you sure you want to disable Stream5 UDP tracking?\n\n";
+ msg = msg + "Click OK to disable Stream5 UDP tracking, or CANCEL to quit.";
+ if (!confirm(msg))
+ return;
+ document.iform.sip_preproc.checked=false;
+ document.getElementById("stream5_maxudp_row").style.display="none";
+ document.getElementById("stream5_udp_sess_timeout_row").style.display="none";
+ }
+ else {
+ document.getElementById("stream5_maxudp_row").style.display="table-row";
+ document.getElementById("stream5_udp_sess_timeout_row").style.display="table-row";
+ }
+}
+
+function stream5_track_icmp_enable_change() {
+ var endis = !(document.iform.stream5_track_icmp.checked);
+
+ // Hide the "icmp session timeout " row if stream5_track_icmp disabled
+ if (endis) {
+ document.getElementById("stream5_maxicmp_row").style.display="none";
+ document.getElementById("stream5_icmp_sess_timeout_row").style.display="none";
+ }
+ else {
+ document.getElementById("stream5_maxicmp_row").style.display="table-row";
+ document.getElementById("stream5_icmp_sess_timeout_row").style.display="table-row";
+ }
}
function http_inspect_enable_change() {
var endis = !(document.iform.http_inspect.checked);
- document.iform.http_inspect_enable_xff.disabled=endis;
- document.iform.server_flow_depth.disabled=endis;
- document.iform.client_flow_depth.disabled=endis;
- document.iform.http_server_profile.disabled=endis;
document.iform.http_inspect_memcap.disabled=endis;
- document.iform.http_inspect_log_uri.disabled=endis;
- document.iform.http_inspect_log_hostname.disabled=endis;
+
+ // Hide the "icmp session timeout " row if stream5_track_icmp disabled
+ if (endis) {
+ document.getElementById("httpinspect_memcap_row").style.display="none";
+ document.getElementById("httpinspect_maxgzipmem_row").style.display="none";
+ document.getElementById("httpinspect_proxyalert_row").style.display="none";
+ document.getElementById("httpinspect_engconf_row").style.display="none";
+ }
+ else {
+ document.getElementById("httpinspect_memcap_row").style.display="table-row";
+ document.getElementById("httpinspect_maxgzipmem_row").style.display="table-row";
+ document.getElementById("httpinspect_proxyalert_row").style.display="table-row";
+ document.getElementById("httpinspect_engconf_row").style.display="table-row";
+ }
}
function sf_portscan_enable_change() {
var endis = !(document.iform.sf_portscan.checked);
- document.iform.pscan_protocol.disabled=endis;
- document.iform.pscan_type.disabled=endis;
- document.iform.pscan_memcap.disabled=endis;
- document.iform.pscan_sense_level.disabled=endis;
- document.iform.pscan_ignore_scanners.disabled=endis;
+
+ // Hide the portscan configuration rows if sf_portscan disabled
+ if (endis) {
+ document.getElementById("portscan_protocol_row").style.display="none";
+ document.getElementById("portscan_type_row").style.display="none";
+ document.getElementById("portscan_sensitivity_row").style.display="none";
+ document.getElementById("portscan_memcap_row").style.display="none";
+ document.getElementById("portscan_ignorescanners_row").style.display="none";
+ }
+ else {
+ document.getElementById("portscan_protocol_row").style.display="table-row";
+ document.getElementById("portscan_type_row").style.display="table-row";
+ document.getElementById("portscan_sensitivity_row").style.display="table-row";
+ document.getElementById("portscan_memcap_row").style.display="table-row";
+ document.getElementById("portscan_ignorescanners_row").style.display="table-row";
+ }
}
function stream5_enable_change() {
@@ -1419,43 +1755,129 @@ function stream5_enable_change() {
}
var endis = !(document.iform.stream5_reassembly.checked);
- document.iform.max_queued_bytes.disabled=endis;
- document.iform.max_queued_segs.disabled=endis;
- document.iform.stream5_mem_cap.disabled=endis;
- document.iform.stream5_policy.disabled=endis;
- document.iform.stream5_overlap_limit.disabled=endis;
- document.iform.stream5_no_reassemble_async.disabled=endis;
- document.iform.stream5_dont_store_lg_pkts.disabled=endis;
- document.iform.stream5_tcp_timeout.disabled=endis;
- document.iform.stream5_udp_timeout.disabled=endis;
- document.iform.stream5_icmp_timeout.disabled=endis;
+
+ // Hide the "stream5 conf" rows if stream5 disabled
+ if (endis) {
+ document.getElementById("stream5_tcp_memcap_row").style.display="none";
+ document.getElementById("stream5_tcp_engconf_row").style.display="none";
+ document.getElementById("stream5_udp_sess_timeout_row").style.display="none";
+ document.getElementById("stream5_icmp_sess_timeout_row").style.display="none";
+ document.getElementById("stream5_proto_tracking_row").style.display="none";
+ document.getElementById("stream5_flushonalert_row").style.display="none";
+ document.getElementById("stream5_prunelogmax_row").style.display="none";
+ }
+ else {
+ document.getElementById("stream5_tcp_memcap_row").style.display="table-row";
+ document.getElementById("stream5_tcp_engconf_row").style.display="table-row";
+ document.getElementById("stream5_udp_sess_timeout_row").style.display="table-row";
+ document.getElementById("stream5_icmp_sess_timeout_row").style.display="table-row";
+ document.getElementById("stream5_proto_tracking_row").style.display="table-row";
+ document.getElementById("stream5_flushonalert_row").style.display="table-row";
+ document.getElementById("stream5_prunelogmax_row").style.display="table-row";
+ }
+}
+
+function ftp_telnet_enable_change() {
+ var endis = !(document.iform.ftp_preprocessor.checked);
+
+ // Hide the ftp_telnet configuration rows if ftp_telnet disabled
+ if (endis) {
+ document.getElementById("ftp_telnet_row_type").style.display="none";
+ document.getElementById("ftp_telnet_row_encrypted_alert").style.display="none";
+ document.getElementById("ftp_telnet_row_encrypted_check").style.display="none";
+ document.getElementById("ftp_telnet_row_telnet_proto_opts").style.display="none";
+ document.getElementById("ftp_telnet_row_normalize").style.display="none";
+ document.getElementById("ftp_telnet_row_detect_anomalies").style.display="none";
+ document.getElementById("ftp_telnet_row_ayt_threshold").style.display="none";
+ document.getElementById("ftp_telnet_row_ftp_proto_opts").style.display="none";
+ document.getElementById("ftp_telnet_ftp_client_row").style.display="none";
+ document.getElementById("ftp_telnet_ftp_server_row").style.display="none";
+ }
+ else {
+ document.getElementById("ftp_telnet_row_type").style.display="table-row";
+ document.getElementById("ftp_telnet_row_encrypted_alert").style.display="table-row";
+ document.getElementById("ftp_telnet_row_encrypted_check").style.display="table-row";
+ document.getElementById("ftp_telnet_row_telnet_proto_opts").style.display="table-row";
+ document.getElementById("ftp_telnet_row_normalize").style.display="table-row";
+ document.getElementById("ftp_telnet_row_detect_anomalies").style.display="table-row";
+ document.getElementById("ftp_telnet_row_ayt_threshold").style.display="table-row";
+ document.getElementById("ftp_telnet_row_ftp_proto_opts").style.display="table-row";
+ document.getElementById("ftp_telnet_ftp_client_row").style.display="table-row";
+ document.getElementById("ftp_telnet_ftp_server_row").style.display="table-row";
+ }
+}
+
+function sensitive_data_enable_change() {
+ var endis = !(document.iform.sensitive_data.checked);
+
+ // Hide the sensitive_data configuration rows if sensitive_data disabled
+ if (endis) {
+ document.getElementById("sdf_alert_threshold_row").style.display="none";
+ document.getElementById("sdf_mask_output_row").style.display="none";
+ document.getElementById("sdf_alert_data_row").style.display="none";
+
+ }
+ else {
+ document.getElementById("sdf_alert_threshold_row").style.display="table-row";
+ document.getElementById("sdf_mask_output_row").style.display="table-row";
+ document.getElementById("sdf_alert_data_row").style.display="table-row";
+ }
}
function enable_change_all() {
http_inspect_enable_change();
sf_portscan_enable_change();
- // Enable/Disable Frag3 settings
+ // -- Enable/Disable Host Attribute Table settings --
+ host_attribute_table_enable_change();
+
+ // -- Enable/Disable Frag3 settings --
var endis = !(document.iform.frag3_detection.checked);
- document.iform.frag3_overlap_limit.disabled=endis;
- document.iform.frag3_min_frag_len.disabled=endis;
- document.iform.frag3_policy.disabled=endis;
- document.iform.frag3_max_frags.disabled=endis;
- document.iform.frag3_memcap.disabled=endis;
- document.iform.frag3_timeout.disabled=endis;
-
- // Enable/Disable Stream5 settings
+ // Hide the "config engines" table if Frag3 disabled
+ if (endis) {
+ document.getElementById("frag3_engconf_row").style.display="none";
+ document.getElementById("frag3_memcap_row").style.display="none";
+ document.getElementById("frag3_maxfrags_row").style.display="none";
+ }
+ else {
+ document.getElementById("frag3_engconf_row").style.display="table-row";
+ document.getElementById("frag3_memcap_row").style.display="table-row";
+ document.getElementById("frag3_maxfrags_row").style.display="table-row";
+ }
+
+ // -- Enable/Disable Stream5 settings --
endis = !(document.iform.stream5_reassembly.checked);
- document.iform.max_queued_bytes.disabled=endis;
- document.iform.max_queued_segs.disabled=endis;
- document.iform.stream5_mem_cap.disabled=endis;
- document.iform.stream5_policy.disabled=endis;
- document.iform.stream5_overlap_limit.disabled=endis;
- document.iform.stream5_no_reassemble_async.disabled=endis;
- document.iform.stream5_dont_store_lg_pkts.disabled=endis;
- document.iform.stream5_tcp_timeout.disabled=endis;
- document.iform.stream5_udp_timeout.disabled=endis;
- document.iform.stream5_icmp_timeout.disabled=endis;
+ // Hide the "stream5 conf" rows if stream5 disabled
+ if (endis) {
+ document.getElementById("stream5_tcp_memcap_row").style.display="none";
+ document.getElementById("stream5_tcp_engconf_row").style.display="none";
+ document.getElementById("stream5_udp_sess_timeout_row").style.display="none";
+ document.getElementById("stream5_icmp_sess_timeout_row").style.display="none";
+ document.getElementById("stream5_proto_tracking_row").style.display="none";
+ document.getElementById("stream5_flushonalert_row").style.display="none";
+ document.getElementById("stream5_prunelogmax_row").style.display="none";
+ document.getElementById("stream5_maxtcp_row").style.display="none";
+ document.getElementById("stream5_maxudp_row").style.display="none";
+ document.getElementById("stream5_maxicmp_row").style.display="none";
+ }
+ else {
+ document.getElementById("stream5_tcp_memcap_row").style.display="table-row";
+ document.getElementById("stream5_tcp_engconf_row").style.display="table-row";
+ document.getElementById("stream5_udp_sess_timeout_row").style.display="table-row";
+ document.getElementById("stream5_icmp_sess_timeout_row").style.display="table-row";
+ document.getElementById("stream5_proto_tracking_row").style.display="table-row";
+ document.getElementById("stream5_flushonalert_row").style.display="table-row";
+ document.getElementById("stream5_prunelogmax_row").style.display="table-row";
+ document.getElementById("stream5_maxtcp_row").style.display="table-row";
+ document.getElementById("stream5_maxudp_row").style.display="table-row";
+ document.getElementById("stream5_maxicmp_row").style.display="table-row";
+ }
+ // Set other stream5 initial conditions
+ stream5_track_tcp_enable_change();
+ stream5_track_udp_enable_change();
+ stream5_track_icmp_enable_change();
+ ftp_telnet_enable_change();
+ sensitive_data_enable_change();
}
function wopen(url, name, w, h)