aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc2
-rw-r--r--config/snort/snort_migrate_config.php12
-rwxr-xr-xconfig/snort/snort_preprocessors.php13
3 files changed, 22 insertions, 5 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index af1c0993..221bbb34 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -3123,6 +3123,8 @@ EOD;
$sdf_mask_output = "\\\n\tmask_output";
else
$sdf_mask_output = "";
+ if (empty($snortcfg['sdf_alert_threshold']))
+ $snortcfg['sdf_alert_threshold'] = 25;
$sensitive_data = <<<EOD
# SDF preprocessor #
preprocessor sensitive_data: \
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 35dd3847..78ccb737 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -279,6 +279,18 @@ foreach ($rule as &$r) {
$pconfig['ftp_server_engine']['item'][] = $default;
}
+ // Set sensible defaults for new SDF options if SDF is enabled
+ if ($pconfig['sensitive_data'] == 'on') {
+ if (empty($pconfig['sdf_alert_threshold'])) {
+ $pconfig['sdf_alert_threshold'] = 25;
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['sdf_alert_data_type'])) {
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
+ $updated_cfg = true;
+ }
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 1d47ccdb..468d1c14 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -263,6 +263,8 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+ if (empty($pconfig['sdf_alert_data_type']))
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
@@ -411,7 +413,7 @@ if ($_POST['ResetAll']) {
$pconfig['dce_rpc_2'] = "on";
$pconfig['dns_preprocessor'] = "on";
$pconfig['sensitive_data'] = "off";
- $pconfig['sdf_alert_data_type'] = "";
+ $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
$pconfig['sdf_alert_threshold'] = "25";
$pconfig['sdf_mask_output'] = "off";
$pconfig['ssl_preproc'] = "on";
@@ -437,8 +439,8 @@ elseif ($_POST['Submit']) {
// Validate SDF alert threshold and alert data type values if SDF is enabled
if ($_POST['sensitive_data'] == 'on') {
- if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 4294067295)
- $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 4,294,067,295.");
+ if ($_POST['sdf_alert_threshold'] < 1 || $_POST['sdf_alert_threshold'] > 65535)
+ $input_errors[] = gettext("The value for Sensitive_Data_Alert_Threshold must be between 1 and 65,535.");
if (empty($_POST['sdf_alert_data_type']))
$input_errors[] = gettext("You must select at least one sensitive data type to inspect for when Sensitive Data detection is enabled.");
}
@@ -469,6 +471,9 @@ elseif ($_POST['Submit']) {
if ($_POST['ftp_telnet_ayt_attack_threshold'] != "") { $natent['ftp_telnet_ayt_attack_threshold'] = $_POST['ftp_telnet_ayt_attack_threshold']; }else{ $natent['ftp_telnet_ayt_attack_threshold'] = "20"; }
if ($_POST['sdf_alert_threshold'] != "") { $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; }else{ $natent['sdf_alert_threshold'] = "25"; }
+ // Set SDF inspection types
+ $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
+
$natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
$natent['host_attribute_table'] = $_POST['host_attribute_table'] ? 'on' : 'off';
$natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
@@ -484,8 +489,6 @@ elseif ($_POST['Submit']) {
$natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
$natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
$natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off';
- $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']);
- $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold'];
$natent['sdf_mask_output'] = $_POST['sdf_mask_output'] ? 'on' : 'off';
$natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off';
$natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off';