diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort_interfaces.php | 5 | ||||
-rw-r--r-- | config/snort/snort_interfaces_suppress.php | 341 | ||||
-rw-r--r-- | config/snort/snort_interfaces_suppress_edit.php | 647 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist.php | 361 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 984 |
5 files changed, 1166 insertions, 1172 deletions
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index e15ea12c..d9ecc333 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -29,16 +29,16 @@ POSSIBILITY OF SUCH DAMAGE. */ +/* TODO: redo check if snort is up */ + require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); - $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; - if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); @@ -50,7 +50,6 @@ $id_gen = count($config['installedpackages']['snortglobal']['rule']); $id_gen = '0'; } - /* alert file */ $d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index e2793664..c2ecf817 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -1,171 +1,170 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* make sure I need these includes */
-require("guiconfig.inc");
-
-
-if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- $config['installedpackages']['snortglobal']['suppress']['item'] = array();
-
-//aliases_sort(); << what ?
-$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) {
-$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
-}else{
-$id_gen = '0';
-}
-
-$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
-
-if ($_POST) {
-
- $pconfig = $_POST;
-
- if ($_POST['apply']) {
- $retval = 0;
-
- if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
- else
- $savemsg = $retval;
- if ($retval == 0) {
- if (file_exists($d_suppresslistdirty_path))
- unlink($d_suppresslistdirty_path);
- }
- }
-}
-
-if ($_GET['act'] == "del") {
- if ($a_suppress[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
-
- unset($a_suppress[$_GET['id']]);
- write_config();
- filter_configure();
- touch($d_suppresslistdirty_path);
- header("Location: /snort/snort_interfaces_suppress.php");
- exit;
- }
-}
-
-$pgtitle = "Services: Snort: Suppression";
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("./snort_fbegin.inc"); ?>
-<p class="pgtitle"><?=$pgtitle?></p>
-<form action="/snort/snort_interfaces_suppress.php" method="post">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_suppresslistdirty_path)): ?><p>
-<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
-<?php endif; ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php");
- $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?> </td></tr>
-<tr>
-<td class="tabcont">
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-
-<tr>
- <td width="30%" class="listhdrr">File Name</td>
- <td width="70%" class="listhdr">Description</td>
-
- <td width="10%" class="list">
- </td>
-</tr>
- <?php $i = 0; foreach ($a_suppress as $list): ?>
-<tr>
- <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?>
- </td>
- <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF">
- <?=htmlspecialchars($list['descr']);?>
- </td>
-
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
- <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
- </tr>
- </table>
- </td>
-</tr>
- <?php $i++; endforeach; ?>
-<tr>
- <td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17"> </td>
- <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
- </td>
- </tr>
- </table>
-<br>
-<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br>Please note that you must restart a running rule so that changes can take effect.</span></p>
-</td>
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + firewall_aliases.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) + $config['installedpackages']['snortglobal']['suppress']['item'] = array(); + +//aliases_sort(); << what ? +$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + +if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) { +$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); +}else{ +$id_gen = '0'; +} + +$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty'; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + + if(stristr($retval, "error") <> true) + $savemsg = get_std_save_message($retval); + else + $savemsg = $retval; + if ($retval == 0) { + if (file_exists($d_suppresslistdirty_path)) + unlink($d_suppresslistdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_suppress[$_GET['id']]) { + /* make sure rule is not being referenced by any nat or filter rules */ + + unset($a_suppress[$_GET['id']]); + write_config(); + filter_configure(); + touch($d_suppresslistdirty_path); + header("Location: /snort/snort_interfaces_suppress.php"); + exit; + } +} + +$pgtitle = "Services: Snort: Suppression"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<form action="/snort/snort_interfaces_suppress.php" method="post"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_suppresslistdirty_path)): ?><p> +<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<?php endif; ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> </td></tr> +<tr> +<td class="tabcont"> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + +<tr> + <td width="30%" class="listhdrr">File Name</td> + <td width="70%" class="listhdr">Description</td> + + <td width="10%" class="list"> + </td> +</tr> + <?php $i = 0; foreach ($a_suppress as $list): ?> +<tr> + <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?> + </td> + <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> + <?=htmlspecialchars($list['descr']);?> + </td> + + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> +</tr> + <?php $i++; endforeach; ?> +<tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> +</tr> +</table> + </td> + </tr> + </table> +<br> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> +<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br>Please note that you must restart a running rule so that changes can take effect.</span></p> +</td> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 84be8c90..af3e4a9b 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -1,325 +1,324 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases_edit.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* make sure I need these includes */
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
- $config['installedpackages']['snortglobal']['suppress']['item'] = array();
-
-$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-
-/* gen uuid for each iface !inportant */
-if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
-$suppress_uuid = 0;
-while ($suppress_uuid > 65535 || $suppress_uuid == 0) {
- $suppress_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $suppress_uuid;
- }
-}
-
-if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') {
- $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'];
-}
-
-$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid";
-
-$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty';
-
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
- if (!is_string($name))
- return false;
-
- if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
-
- return false;
-}
-
-
-if (isset($id) && $a_suppress[$id]) {
-
- /* old settings */
- $pconfig['name'] = $a_suppress[$id]['name'];
- $pconfig['uuid'] = $a_suppress[$id]['uuid'];
- $pconfig['descr'] = $a_suppress[$id]['descr'];
- $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
-
-
-
-}
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists("$d_snort_suppress_dirty_path")) {
-
- write_config();
-
- sync_snort_package_config();
- sync_snort_package();
-
- unlink("$d_snort_suppress_dirty_path");
-
- }
-
- }
-
-if ($_POST['submit']) {
-
- unset($input_errors);
- $pconfig = $_POST;
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
-
- $x = is_validwhitelistname($_POST['name']);
- if (!isset($x)) {
- $input_errors[] = "Reserved word used for whitelist file name.";
- } else {
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
- }
-
-
- /* check for name conflicts */
- foreach ($a_suppress as $s_list) {
- if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
- continue;
-
- if ($s_list['name'] == $_POST['name']) {
- $input_errors[] = "A whitelist file name with this name already exists.";
- break;
- }
- }
-
-
- $s_list = array();
- /* post user input */
-
- if (!$input_errors) {
-
- $s_list['name'] = $_POST['name'];
- $s_list['uuid'] = $suppress_uuid;
- $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
-
-
- if (isset($id) && $a_suppress[$id])
- $a_suppress[$id] = $s_list;
- else
- $a_suppress[] = $s_list;
-
- touch($d_snort_suppress_dirty_path);
-
- write_config();
-
- header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id");
- exit;
- }
-
-}
-
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
-
-<style type="text/css">
-.formpre {
-font-family: Tahoma,Verdana,Arial,Helvetica,sans-serif;
-font-size: 1.1em;
-}
-</style>
-
-<?php
- include("./snort_fbegin.inc");
-?>
-<p class="pgtitle"><?=$pgtitle?></p>
-
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="inputerrors"></div>
-
-<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
-
-<?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- //if (file_exists($d_snortconfdirty_path)) {
- if (file_exists($d_snort_suppress_dirty_path)) {
- echo '<p>';
-
- if($savemsg) {
- print_info_box_np2("{$savemsg}");
- }else{
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
-?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php");
- $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php");
- $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?> </td></tr>
-<tr>
-<td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
- </tr>
-<?php if(is_alias_inuse($pconfig['name']) == true): ?>
- <tr>
- <td valign="top" class="vncellreq">Name</td>
- <td class="vtable"> <input name="name" type="hidden" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
- <?php echo $pconfig['name']; ?>
- <p>
- <span class="vexpl">NOTE: This list is in use so the name may not be modified!</span>
- </p>
- </td>
- </tr>
-<?php else: ?>
- <tr>
- <td valign="top" class="vncellreq">Name</td>
- <td class="vtable">
- <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
- <br />
- <span class="vexpl">
- The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
- </span>
- </td>
- </tr>
-<?php endif; ?>
- <tr>
- <td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
- <br />
- <span class="vexpl">
- You may enter a description here for your reference (not parsed).
- </span>
- </td>
- </tr>
-</table>
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <table height="32" width="100%">
- <tr>
- <td>
- <div style='background-color:#E0E0E0' id='redbox'>
- <table width='100%'>
- <tr>
- <td width='8%'>
- <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32">
- </td>
- <td width='70%'>
- <font size="2" color='#FF850A'><b>NOTE:</b></font>
- <font size="2" color='#000000'> The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead.</font>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
- <script type="text/javascript">
- NiftyCheck();
- Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
- Rounded("td#blackbox","all","#FFF","#000000","smooth");
- </script>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="vncell">
- <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br>
- <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60<br>
- <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10
- </td>
- </tr>
- <tr>
- <td width="100%" class="vtable">
- <textarea wrap="off" name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
-</td>
- </tr>
- <tr>
- <td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
- <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
- <?php endif; ?>
- </td>
- </tr>
- </table>
- </table>
- </td>
- </tr>
- </table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
+<?php +/* $Id$ */ +/* + firewall_aliases_edit.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) + $config['installedpackages']['snortglobal']['suppress']['item'] = array(); + +$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$suppress_uuid = 0; +while ($suppress_uuid > 65535 || $suppress_uuid == 0) { + $suppress_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $suppress_uuid; + } +} + +if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { + $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; +} + +$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid"; + +$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + + +if (isset($id) && $a_suppress[$id]) { + + /* old settings */ + $pconfig['name'] = $a_suppress[$id]['name']; + $pconfig['uuid'] = $a_suppress[$id]['uuid']; + $pconfig['descr'] = $a_suppress[$id]['descr']; + $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); + + + +} + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("$d_snort_suppress_dirty_path")) { + + write_config(); + + sync_snort_package_config(); + sync_snort_package(); + + unlink("$d_snort_suppress_dirty_path"); + + } + + } + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + + /* check for name conflicts */ + foreach ($a_suppress as $s_list) { + if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) + continue; + + if ($s_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + $s_list = array(); + /* post user input */ + + if (!$input_errors) { + + $s_list['name'] = $_POST['name']; + $s_list['uuid'] = $suppress_uuid; + $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + + + if (isset($id) && $a_suppress[$id]) + $a_suppress[$id] = $s_list; + else + $a_suppress[] = $s_list; + + touch($d_snort_suppress_dirty_path); + + write_config(); + + header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id"); + exit; + } + +} + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> + +<style type="text/css"> +.formpre { +font-family: Tahoma,Verdana,Arial,Helvetica,sans-serif; +font-size: 1.1em; +} +</style> + +<?php + include("./snort_fbegin.inc"); +?> +<p class="pgtitle"><?=$pgtitle?></p> + +<?php if ($input_errors) print_input_errors($input_errors); ?> +<div id="inputerrors"></div> + +<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> + +<?php + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snort_suppress_dirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", true, "/snort/snort_interfaces_suppress.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> </td></tr> +<tr> +<td class="tabcont"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> + </tr> +<?php if(is_alias_inuse($pconfig['name']) == true): ?> + <tr> + <td valign="top" class="vncellreq">Name</td> + <td class="vtable"> <input name="name" type="hidden" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> + <?php echo $pconfig['name']; ?> + <p> + <span class="vexpl">NOTE: This list is in use so the name may not be modified!</span> + </p> + </td> + </tr> +<?php else: ?> + <tr> + <td valign="top" class="vncellreq">Name</td> + <td class="vtable"> + <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> + <br /> + <span class="vexpl"> + The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. + </span> + </td> + </tr> +<?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> + <br /> + <span class="vexpl"> + You may enter a description here for your reference (not parsed). + </span> + </td> + </tr> +</table> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table height="32" width="100%"> + <tr> + <td> + <div style='background-color:#E0E0E0' id='redbox'> + <table width='100%'> + <tr> + <td width='8%'> + <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32"> + </td> + <td width='70%'> + <font size="2" color='#FF850A'><b>NOTE:</b></font> + <font size="2" color='#000000'> The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead.</font> + </td> + </tr> + </table> + </div> + </td> + </tr> + <script type="text/javascript"> + NiftyCheck(); + Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); + Rounded("td#blackbox","all","#FFF","#000000","smooth"); + </script> + <tr> + <td colspan="2" valign="top" class="listtopic">Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="vncell"> + <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> + <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60<br> + <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10 + </td> + </tr> + <tr> + <td width="100%" class="vtable"> + <textarea wrap="off" name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> +</td> + </tr> + <tr> + <td width="78%"> + <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> + <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> + <?php if (isset($id) && $a_suppress[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> + <?php endif; ?> + </td> + </tr> + </table> + </table> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> +</body> </html>
\ No newline at end of file diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php index 81011d85..3dd8f4dc 100644 --- a/config/snort/snort_interfaces_whitelist.php +++ b/config/snort/snort_interfaces_whitelist.php @@ -1,181 +1,180 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* make sure I need these includes */
-require("guiconfig.inc");
-
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-
-//aliases_sort(); << what ?
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
-$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
-}else{
-$id_gen = '0';
-}
-
-$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
-
-if ($_POST) {
-
- $pconfig = $_POST;
-
- if ($_POST['apply']) {
- $retval = 0;
-
- if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
- else
- $savemsg = $retval;
- if ($retval == 0) {
- if (file_exists($d_whitelistdirty_path))
- unlink($d_whitelistdirty_path);
- }
- }
-}
-
-if ($_GET['act'] == "del") {
- if ($a_whitelist[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
-
- unset($a_whitelist[$_GET['id']]);
- write_config();
- filter_configure();
- touch($d_whitelistdirty_path);
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- }
-}
-
-$pgtitle = "Services: Snort: Whitelist";
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("./snort_fbegin.inc"); ?>
-<p class="pgtitle"><?=$pgtitle?></p>
-<form action="/snort/snort_interfaces_whitelist.php" method="post">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php if (file_exists($d_whitelistdirty_path)): ?><p>
-<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
-<?php endif; ?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php");
- $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?> </td></tr>
-<tr>
-<td class="tabcont">
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-
-<tr>
- <td width="20%" class="listhdrr">File Name</td>
- <td width="40%" class="listhdrr">Values</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list">
- </td>
-</tr>
- <?php $i = 0; foreach ($a_whitelist as $list): ?>
-<tr>
- <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?>
- </td>
- <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?php
- $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
- echo $addresses;
- if(count($addresses) < 10) {
- echo " ";
- } else {
- echo "...";
- }
- ?>
- </td>
- <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF">
- <?=htmlspecialchars($list['descr']);?>
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
- <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
- </tr>
- </table>
- </td>
-</tr>
- <?php $i++; endforeach; ?>
-<tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17"> </td>
- <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
- </td>
- </tr>
- </table>
-<br>
-<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
- <p><span class="vexpl">Here you can create whitelist files for your snort package rules.<br>Please add all the ips or networks you want to protect against snort block decisions.<br>Remember that the default whitelist only includes local networks.<br>Be careful, it is very easy to get locked out of you system.</span></p>
-</td>
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+<?php +/* $Id$ */ +/* + firewall_aliases.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + +//aliases_sort(); << what ? +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { +$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); +}else{ +$id_gen = '0'; +} + +$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + + if(stristr($retval, "error") <> true) + $savemsg = get_std_save_message($retval); + else + $savemsg = $retval; + if ($retval == 0) { + if (file_exists($d_whitelistdirty_path)) + unlink($d_whitelistdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_whitelist[$_GET['id']]) { + /* make sure rule is not being referenced by any nat or filter rules */ + + unset($a_whitelist[$_GET['id']]); + write_config(); + filter_configure(); + touch($d_whitelistdirty_path); + header("Location: /snort/snort_interfaces_whitelist.php"); + exit; + } +} + +$pgtitle = "Services: Snort: Whitelist"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<form action="/snort/snort_interfaces_whitelist.php" method="post"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_whitelistdirty_path)): ?><p> +<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<?php endif; ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> </td></tr> +<tr> +<td class="tabcont"> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + +<tr> + <td width="20%" class="listhdrr">File Name</td> + <td width="40%" class="listhdrr">Values</td> + <td width="40%" class="listhdr">Description</td> + <td width="10%" class="list"> + </td> +</tr> + <?php $i = 0; foreach ($a_whitelist as $list): ?> +<tr> + <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?> + </td> + <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?php + $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); + echo $addresses; + if(count($addresses) < 10) { + echo " "; + } else { + echo "..."; + } + ?> + </td> + <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> + <?=htmlspecialchars($list['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> +</tr> + <?php $i++; endforeach; ?> +<tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> +</tr> +</table> + </td> + </tr> + </table> +<br> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> +<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create whitelist files for your snort package rules.<br>Please add all the ips or networks you want to protect against snort block decisions.<br>Remember that the default whitelist only includes local networks.<br>Be careful, it is very easy to get locked out of you system.</span></p> +</td> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 2a335c01..1d4e1fe0 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -1,494 +1,492 @@ -<?php
-/* $Id$ */
-/*
- firewall_aliases_edit.php
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- originially part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- modified for the pfsense snort package
- Copyright (C) 2009-2010 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-
-/* make sure I need these includes */
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-require_once("/usr/local/pkg/snort/snort_gui.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-
-/* gen uuid for each iface !inportant */
-if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
-$whitelist_uuid = 0;
-while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
- $whitelist_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $whitelist_uuid;
- }
-}
-
-if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') {
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
-}
-
-$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
-
-$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
-
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
- if (!is_string($name))
- return false;
-
- if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
-
- return false;
-}
-
-
-if (isset($id) && $a_whitelist[$id]) {
-
- /* old settings */
- $pconfig['name'] = $a_whitelist[$id]['name'];
- $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
- $pconfig['detail'] = $a_whitelist[$id]['detail'];
- $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
- $pconfig['address'] = $a_whitelist[$id]['address'];
- $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
- $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
- $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
- $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
- $pconfig['vips'] = $a_whitelist[$id]['vips'];
- $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
-
-
- $addresses = explode(' ', $pconfig['address']);
- $address = explode(" ", $addresses[0]);
- if ($address[1])
- $addresssubnettest = true;
- else
- $addresssubnettest = false;
-}
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists("$d_snort_whitelist_dirty_path")) {
-
- write_config();
-
- sync_snort_package_config();
- sync_snort_package();
-
- unlink("$d_snort_whitelist_dirty_path");
-
- }
-
- }
-
-if ($_POST['submit']) {
-
- unset($input_errors);
- $pconfig = $_POST;
-
- /* input validation */
- $reqdfields = explode(" ", "name address");
- $reqdfieldsn = explode(",", "Name,Address");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
-
- $x = is_validwhitelistname($_POST['name']);
- if (!isset($x)) {
- $input_errors[] = "Reserved word used for whitelist file name.";
- } else {
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
- }
-
- if (is_validwhitelistname($_POST['address']) == false)
- $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset.";
-
-
- /* check for name conflicts */
- foreach ($a_whitelist as $w_list) {
- if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
- continue;
-
- if ($w_list['name'] == $_POST['name']) {
- $input_errors[] = "A whitelist file name with this name already exists.";
- break;
- }
- }
-
-
- $w_list = array();
- /* post user input */
- $w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $whitelist_uuid;
- $w_list['snortlisttype'] = $_POST['snortlisttype'];
- $w_list['address'] = $_POST['address'];
- $w_list['wanips'] = $_POST['wanips']? yes : no;
- $w_list['wangateips'] = $_POST['wangateips']? yes : no;
- $w_list['wandnsips'] = $_POST['wandnsips']? yes : no;
- $w_list['vips'] = $_POST['vips']? yes : no;
- $w_list['vpnips'] = $_POST['vpnips']? yes : no;
-
-
- $address = $w_list['address'];
- $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto");
- if($final_address_detail <> "") {
- $final_address_details .= $final_address_detail;
- } else {
- $final_address_details .= "Entry added" . " ";
- $final_address_details .= date('r');
- }
- $final_address_details .= "||";
- $isfirst = 0;
-
-
- /* add another entry code */
- for($x=0; $x<299; $x++) {
- $comd = "\$subnet = \$_POST['address" . $x . "'];";
- eval($comd);
- $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];";
- eval($comd);
- if($subnet <> "") {
- $address .= " ";
- $address .= $subnet;
- if($subnet_address <> "") $address .= "" . $subnet_address;
-
- /* Compress in details to a single key, data separated by pipes.
- Pulling details here lets us only pull in details for valid
- address entries, saving us from having to track which ones to
- process later. */
- $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
- eval($comd);
- if($final_address_detail <> "") {
- $final_address_details .= $final_address_detail;
- } else {
- $final_address_details .= "Entry added" . " ";
- $final_address_details .= date('r');
- }
- $final_address_details .= "||";
- }
- }
-
- if (!$input_errors) {
- $w_list['address'] = $address;
- $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $w_list['detail'] = $final_address_details;
-
- if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
- else
- $a_whitelist[] = $w_list;
-
- touch($d_snort_whitelist_dirty_path);
-
- write_config();
-
- header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id");
- exit;
- }
- //we received input errors, copy data to prevent retype
- else
- {
- $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $pconfig['address'] = $address;
- $pconfig['detail'] = $final_address_details;
- }
-}
-
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
-<?php
- include("./snort_fbegin.inc");
- echo $jscriptstr;
-?>
-
-<script type="text/javascript" src="/snort/javascript/row_helper.js"></script>
-<input type='hidden' name='address_type' value='textbox' />
-<script type="text/javascript">
- rowname[0] = "address";
- rowtype[0] = "textbox";
- rowsize[0] = "30";
-
- rowname[1] = "detail";
- rowtype[1] = "textbox";
- rowsize[1] = "50";
-</script>
-
-<p class="pgtitle"><?=$pgtitle?></p>
-
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="inputerrors"></div>
-
-<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
-
-<?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box2($savemsg);
- }
-
- //if (file_exists($d_snortconfdirty_path)) {
- if (file_exists($d_snort_whitelist_dirty_path)) {
- echo '<p>';
-
- if($savemsg) {
- print_info_box_np2("{$savemsg}");
- }else{
- print_info_box_np2('
- The Snort configuration has changed and snort needs to be restarted on this interface.<br>
- You must apply the changes in order for them to take effect.<br>
- ');
- }
- }
-?>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td class="tabnavtbl">
-<?php
- $tab_array = array();
- $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
- $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
- $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
- $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
- $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
- $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php");
- $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
- display_top_tabs($tab_array);
-?> </td></tr>
-<tr>
-<td class="tabcont">
-
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
-<?php if(is_alias_inuse($pconfig['name']) == true): ?>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq">Name</td>
- <td class="vtable"> <input name="name" type="hidden" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
- <?php echo $pconfig['name']; ?>
- <p>
- <span class="vexpl">NOTE: This list is in use so the name may not be modified!</span>
- </p>
- </td>
- </tr>
-<?php else: ?>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq">Name</td>
- <td class="vtable">
- <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
- <br />
- <span class="vexpl">
- The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
- </span>
- </td>
- </tr>
-<?php endif; ?>
- <tr>
- <td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
- <br />
- <span class="vexpl">
- You may enter a description here for your reference (not parsed).
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">List Type</td>
- <td width="78%" class="vtable">
- <select name="snortlisttype" class="formfld" id="snortlisttype">
- <?php
- $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
- foreach ($interfaces4 as $iface4 => $ifacename4): ?>
- <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename4);?>
- </option>
- <?php endforeach; ?>
- </select><br>
- <span class="vexpl">Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make.
- </span> <span class="red">Note:</span> NETLIST's are only for defining snort.conf's external or home NETS.</td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">WAN IPs</td>
- <td width="78%" class="vtable">
- <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add WAN IPs to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Wan Gateways</td>
- <td width="78%" class="vtable">
- <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add WAN Gateways to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Wan DNS servers</td>
- <td width="78%" class="vtable">
- <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add WAN DNS servers to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">Virtual IP Addresses</td>
- <td width="78%" class="vtable">
- <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add Virtual IP Addresses to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">VPNs</td>
- <td width="78%" class="vtable">
- <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/>
- <span class="vexpl">
- Add VPN Addresses to the list.
- </span>
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><div id="addressnetworkport">IP or CIDR items</div></td>
- <td width="78%" class="vtable">
- <table id="maintable">
- <tbody>
- <tr>
- <td colspan="4">
- <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp">
- Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24</div>
- </td>
- </tr>
- <tr>
- <td><div id="onecolumn">IP or CIDR</div></td>
- <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td>
- </tr>
-
- <?php
- /* cleanup code */
- $counter = 0;
- $address = $pconfig['address'];
- $item = explode(" ", $address);
- $item3 = explode("||", $pconfig['detail']);
- foreach($item as $ww) {
- $address = $item[$counter];
- $item4 = $item3[$counter];
- if($counter > 0) $tracker = $counter + 1;
- ?>
- <tr>
- <td>
- <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" />
- </td>
- <td>
- <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" />
- </td>
- <td>
- <?php
- if($counter > 0)
- echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />";
- ?>
- </td>
- </tr>
- <?php
- $counter++;
-
- } // end foreach
- ?>
- </tbody>
- </table>
- <a onclick="javascript:addRowTo('maintable'); return false;" href="#"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" />
- </a>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
- <?php if (isset($id) && $a_whitelist[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
- <?php endif; ?>
- </td>
- </tr>
-</table>
- </td>
- </tr>
- </table>
-</form>
-
-<script type="text/javascript">
- /* row and col adjust when you add extra entries */
- field_counter_js = 2;
- rows = 1;
- totalrows = <?php echo $counter; ?>;
- loaded = <?php echo $counter; ?>;
-</script>
-
-<?php include("fend.inc"); ?>
-</body>
+<?php +/* $Id$ */ +/* + firewall_aliases_edit.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$whitelist_uuid = 0; +while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { + $whitelist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $whitelist_uuid; + } +} + +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; +} + +$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; + +$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + + +if (isset($id) && $a_whitelist[$id]) { + + /* old settings */ + $pconfig['name'] = $a_whitelist[$id]['name']; + $pconfig['uuid'] = $a_whitelist[$id]['uuid']; + $pconfig['detail'] = $a_whitelist[$id]['detail']; + $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; + $pconfig['address'] = $a_whitelist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); + $pconfig['wanips'] = $a_whitelist[$id]['wanips']; + $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; + $pconfig['vips'] = $a_whitelist[$id]['vips']; + $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; + + + $addresses = explode(' ', $pconfig['address']); + $address = explode(" ", $addresses[0]); + if ($address[1]) + $addresssubnettest = true; + else + $addresssubnettest = false; +} + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("$d_snort_whitelist_dirty_path")) { + + write_config(); + + sync_snort_package_config(); + sync_snort_package(); + + unlink("$d_snort_whitelist_dirty_path"); + + } + + } + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "name address"); + $reqdfieldsn = explode(",", "Name,Address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + if (is_validwhitelistname($_POST['address']) == false) + $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; + + + /* check for name conflicts */ + foreach ($a_whitelist as $w_list) { + if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) + continue; + + if ($w_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + $w_list = array(); + /* post user input */ + $w_list['name'] = $_POST['name']; + $w_list['uuid'] = $whitelist_uuid; + $w_list['snortlisttype'] = $_POST['snortlisttype']; + $w_list['address'] = $_POST['address']; + $w_list['wanips'] = $_POST['wanips']? yes : no; + $w_list['wangateips'] = $_POST['wangateips']? yes : no; + $w_list['wandnsips'] = $_POST['wandnsips']? yes : no; + $w_list['vips'] = $_POST['vips']? yes : no; + $w_list['vpnips'] = $_POST['vpnips']? yes : no; + + + $address = $w_list['address']; + $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto"); + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + $isfirst = 0; + + + /* add another entry code */ + for($x=0; $x<299; $x++) { + $comd = "\$subnet = \$_POST['address" . $x . "'];"; + eval($comd); + $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; + eval($comd); + if($subnet <> "") { + $address .= " "; + $address .= $subnet; + if($subnet_address <> "") $address .= "" . $subnet_address; + + /* Compress in details to a single key, data separated by pipes. + Pulling details here lets us only pull in details for valid + address entries, saving us from having to track which ones to + process later. */ + $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; + eval($comd); + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + } + } + + if (!$input_errors) { + $w_list['address'] = $address; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['detail'] = $final_address_details; + + if (isset($id) && $a_whitelist[$id]) + $a_whitelist[$id] = $w_list; + else + $a_whitelist[] = $w_list; + + touch($d_snort_whitelist_dirty_path); + + write_config(); + + header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); + exit; + } + //we received input errors, copy data to prevent retype + else + { + $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['address'] = $address; + $pconfig['detail'] = $final_address_details; + } +} + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php + include("./snort_fbegin.inc"); + echo $jscriptstr; +?> + +<script type="text/javascript" src="/snort/javascript/row_helper.js"></script> +<input type='hidden' name='address_type' value='textbox' /> +<script type="text/javascript"> + rowname[0] = "address"; + rowtype[0] = "textbox"; + rowsize[0] = "30"; + + rowname[1] = "detail"; + rowtype[1] = "textbox"; + rowsize[1] = "50"; +</script> + +<p class="pgtitle"><?=$pgtitle?></p> + +<?php if ($input_errors) print_input_errors($input_errors); ?> +<div id="inputerrors"></div> + +<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> + +<?php + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snort_whitelist_dirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> </td></tr> +<tr> +<td class="tabcont"> + +<table width="100%" border="0" cellpadding="6" cellspacing="0"> +<?php if(is_alias_inuse($pconfig['name']) == true): ?> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq">Name</td> + <td class="vtable"> <input name="name" type="hidden" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> + <?php echo $pconfig['name']; ?> + <p> + <span class="vexpl">NOTE: This list is in use so the name may not be modified!</span> + </p> + </td> + </tr> +<?php else: ?> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq">Name</td> + <td class="vtable"> + <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> + <br /> + <span class="vexpl"> + The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. + </span> + </td> + </tr> +<?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> + <br /> + <span class="vexpl"> + You may enter a description here for your reference (not parsed). + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">List Type</td> + <td width="78%" class="vtable"> + <select name="snortlisttype" class="formfld" id="snortlisttype"> + <?php + $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make. + </span> <span class="red">Note:</span> NETLIST's are only for defining snort.conf's external or home NETS.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">WAN IPs</td> + <td width="78%" class="vtable"> + <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/> + <span class="vexpl"> + Add WAN IPs to the list. + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Wan Gateways</td> + <td width="78%" class="vtable"> + <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/> + <span class="vexpl"> + Add WAN Gateways to the list. + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Wan DNS servers</td> + <td width="78%" class="vtable"> + <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/> + <span class="vexpl"> + Add WAN DNS servers to the list. + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Virtual IP Addresses</td> + <td width="78%" class="vtable"> + <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/> + <span class="vexpl"> + Add Virtual IP Addresses to the list. + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">VPNs</td> + <td width="78%" class="vtable"> + <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/> + <span class="vexpl"> + Add VPN Addresses to the list. + </span> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><div id="addressnetworkport">IP or CIDR items</div></td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="4"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24</div> + </td> + </tr> + <tr> + <td><div id="onecolumn">IP or CIDR</div></td> + <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td> + </tr> + + <?php + /* cleanup code */ + $counter = 0; + $address = $pconfig['address']; + $item = explode(" ", $address); + $item3 = explode("||", $pconfig['detail']); + foreach($item as $ww) { + $address = $item[$counter]; + $item4 = $item3[$counter]; + if($counter > 0) $tracker = $counter + 1; + ?> + <tr> + <td> + <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" /> + </td> + <td> + <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" /> + </td> + <td> + <?php + if($counter > 0) + echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; + ?> + </td> + </tr> + <?php + $counter++; + + } // end foreach + ?> + </tbody> + </table> + <a onclick="javascript:addRowTo('maintable'); return false;" href="#"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> + </a> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> + <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> + <?php if (isset($id) && $a_whitelist[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> + <?php endif; ?> + </td> + </tr> +</table> + </td> + </tr> + </table> +</form> + +<script type="text/javascript"> + /* row and col adjust when you add extra entries */ + field_counter_js = 2; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; +</script> + +<?php include("fend.inc"); ?> +</body> </html>
\ No newline at end of file |