diff options
Diffstat (limited to 'config/snort/snort_preprocessors.php')
-rwxr-xr-x | config/snort/snort_preprocessors.php | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 83025929..7d0348e9 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -56,6 +56,7 @@ if (isset($id) && $a_nat[$id]) { /* new options */ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['server_flow_depth'] = $a_nat[$id]['server_flow_depth']; + $pconfig['http_server_profile'] = $a_nat[$id]['http_server_profile']; $pconfig['client_flow_depth'] = $a_nat[$id]['client_flow_depth']; $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; @@ -75,6 +76,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc']; $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc']; $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc']; + $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc']; } if ($_POST) { @@ -88,6 +90,7 @@ if ($_POST) { if (!$input_errors) { /* post new options */ if ($_POST['server_flow_depth'] != "") { $natent['server_flow_depth'] = $_POST['server_flow_depth']; }else{ $natent['server_flow_depth'] = ""; } + if ($_POST['http_server_profile'] != "") { $natent['http_server_profile'] = $_POST['http_server_profile']; }else{ $natent['http_server_profile'] = "all"; } if ($_POST['client_flow_depth'] != "") { $natent['client_flow_depth'] = $_POST['client_flow_depth']; }else{ $natent['client_flow_depth'] = ""; } if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } @@ -116,6 +119,7 @@ if ($_POST) { $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; $natent['sip_preproc'] = $_POST['sip_preproc'] ? 'on' : 'off'; $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; + $natent['gtp_preproc'] = $_POST['gtp_preproc'] ? 'on' : 'off'; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -221,7 +225,7 @@ include_once("head.inc"); <tr> <td><input name="server_flow_depth" type="text" class="formfld" id="flow_depth" size="6" - value="<?=htmlspecialchars($pconfig['server_flow_depth']);?>"> <?php echo gettext("<strong>-1</strong> " . + value="<?=htmlspecialchars($pconfig['server_flow_depth']);?>"> <?php echo gettext("<strong>-1</strong> " . "to <strong>65535</strong> (<strong>-1</strong> disables HTTP " . "inspect, <strong>0</strong> enables all HTTP inspect)"); ?></td> </tr> @@ -233,6 +237,23 @@ include_once("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("HTTP server profile"); ?> </td> + <td width="78%" class="vtable"> + <select name="http_server_profile" class="formselect" id="http_server_profile"> + <?php + $profile = array('All', 'Apache', 'IIS', 'IIS_4.0', 'IIS_5.0'); + foreach ($profile as $val): ?> + <option value="<?=strtolower($val);?>" + <?php if (strtolower($val) == $pconfig['http_server_profile']) echo "selected"; ?>> + <?=gettext($val);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Choose the profile type of the protected web server."); ?><br> + <?php echo gettext(" The default is <strong>All</strong>. "); ?> + <?php echo gettext("IIS_4.0 and IIS_5.0 are identical to IIS except they alert on the "); ?> + <?php echo gettext("double decoding vulnerability present in those two versions."); ?><br> + </td> + </tr> + <tr> <td valign="top" class="vncell"><?php echo gettext("HTTP client flow depth"); ?></td> <td class="vtable"> <table cellpadding="0" cellspacing="0"> @@ -348,7 +369,7 @@ include_once("head.inc"); <td width="78%" class="vtable"> <input name="pscan_ignore_scanners" type="text" size="40" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners" value="<?=$pconfig['pscan_ignore_scanners'];?>"> <br><?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias.");?><br> - <?php echo gettext("Default value: \$HOME_NET"); ?><?php echo gettext(" Leave " . + <?php echo gettext("Default value: \$HOME_NET."); ?><?php echo gettext(" Leave " . "blank for default value."); ?> </td> <tr> @@ -419,6 +440,15 @@ include_once("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> + <?php echo gettext("GTP Detection"); ?></td> + <td width="78%" class="vtable"><input name="gtp_preproc" + type="checkbox" value="on" + <?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + <?php echo gettext("The GTP preprocessor decodes GPRS Tunneling Protocol traffic and detects intrusion attempts."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("DNS Detection"); ?></td> <td width="78%" class="vtable"><input name="dns_preprocessor" type="checkbox" value="on" |