diff options
Diffstat (limited to 'config/snort')
| -rwxr-xr-x | config/snort/snort_alerts.php | 48 | ||||
| -rw-r--r-- | config/snort/snort_blocked.php | 10 | ||||
| -rwxr-xr-x | config/snort/snort_rules.php | 81 | ||||
| -rwxr-xr-x | config/snort/snort_rulesets.php | 31 |
4 files changed, 100 insertions, 70 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 7919b1f2..796e1587 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -83,7 +83,7 @@ if ($_POST['todelete'] || $_GET['todelete']) { $ip = $_GET['todelete']; if (is_ipaddr($ip)) { exec("/sbin/pfctl -t snort2c -T delete {$ip}"); - $savemsg = "Host IP address {$ip} has been removed from the Bocked Hosts table."; + $savemsg = "Host IP address {$ip} has been removed from the Blocked Table."; } } @@ -118,7 +118,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ } } } - $savemsg = "GID:SID '{$_GET['gen_id']}:{$_GET['sidid']}' has been added to the Suppress List."; + $savemsg = "An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List."; write_config(); sync_snort_package_config(); } @@ -250,18 +250,18 @@ if ($pconfig['arefresh'] == 'on') <?php echo gettext("(Most recent entries are listed first)"); ?></td> </tr> <tr> - <td width="100%" colspan="2" class='vtable'> - <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0"> + <td width="100%" colspan="2"> + <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0"> <thead> - <th class="listhdrr" align="center" axis="date"><?php echo gettext("DATE"); ?></th> - <th class="listhdrr" align="center" axis="number"><?php echo gettext("PRI"); ?></th> - <th class="listhdrr" align="center"axis="string"><?php echo gettext("PROTO"); ?></th> + <th class="listhdrr" width="8%" align="center" axis="date"><?php echo gettext("DATE"); ?></th> + <th class="listhdrr" width="18em" align="center" axis="number"><?php echo gettext("PRI"); ?></th> + <th class="listhdrr" width="38em" align="center"axis="string"><?php echo gettext("PROTO"); ?></th> <th class="listhdrr" width="10%" axis="string"><?php echo gettext("CLASS"); ?></th> - <th class="listhdrr" width="25%" axis="string"><?php echo gettext("SRC"); ?></th> - <th class="listhdrr" align="center" axis="string"><?php echo gettext("SPORT"); ?></th> - <th class="listhdrr" width="25%" axis="string"><?php echo gettext("DST"); ?></th> - <th class="listhdrr" align="center" axis="string"><?php echo gettext("DPORT"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("SID"); ?></th> + <th class="listhdrr" width="13%" axis="string"><?php echo gettext("SRC"); ?></th> + <th class="listhdrr" width="8%" align="center" axis="string"><?php echo gettext("SPORT"); ?></th> + <th class="listhdrr" width="13%" axis="string"><?php echo gettext("DST"); ?></th> + <th class="listhdrr" width="8%" align="center" axis="string"><?php echo gettext("DPORT"); ?></th> + <th class="listhdrr" width="9%" axis="string"><?php echo gettext("SID"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th> </thead> <tbody> @@ -295,7 +295,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; if (isset($tmpblocked[$fields[6]])) { $alert_ip_src .= "<br/><a href='?instance={$id}&todelete=" . trim(urlencode($fields[6])) . "'> - <img title=\"" . gettext("Remove from Blocked Hosts") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>"; + <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>"; } /* IP SRC Port */ $alert_src_p = $fields[7]; @@ -303,7 +303,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; if (isset($tmpblocked[$fields[8]])) { $alert_ip_dst .= "<br/><a href='?instance={$id}&todelete=" . trim(urlencode($fields[8])) . "'> - <img title=\"" . gettext("Remove from Blocked Hosts") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>"; + <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='10' height='10' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/></a>"; } /* IP DST Port */ $alert_dst_p = $fields[9]; @@ -312,24 +312,24 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { if (!isset($supplist[$fields[1]][$fields[2]])) { $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}'>"; $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='10' height='10' border='0' "; - $sidsupplink .= "title='" . gettext("Add GID:SID to Suppress List") . "'></a>"; + $sidsupplink .= "title='" . gettext("Add this gen_id:sig_id to Suppress List") . "'></a>"; } else { $sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='10' height='10' border='0' "; - $sidsupplink .= "title='" . gettext("GID:SID already in Suppress List") . "'/>"; + $sidsupplink .= "title='" . gettext("This gen_id:sig_id already in Suppress List") . "'/>"; } $alert_class = $fields[11]; echo "<tr> - <td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td> - <td class='listr' align='center'>{$alert_priority}</td> - <td class='listr' align='center'>{$alert_proto}</td> + <td class='listr' width='8%' align='center'>{$alert_date}<br/>{$alert_time}</td> + <td class='listr' width='18em' align='center'>{$alert_priority}</td> + <td class='listr' width='38em' align='center'>{$alert_proto}</td> <td class='listr' width='10%'>{$alert_class}</td> - <td class='listr' width='25%' align='center' style=\"word-break:break-all;\">{$alert_ip_src}</td> - <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' width='25%' align='center' style=\"word-break:break-all;\">{$alert_ip_dst}</td> - <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}</td> + <td class='listr' width='13%' align='center' style=\"word-break:break-all;\">{$alert_ip_src}</td> + <td class='listr' width='8%' align='center'>{$alert_src_p}</td> + <td class='listr' width='13%' align='center' style=\"word-break:break-all;\">{$alert_ip_dst}</td> + <td class='listr' width='8%' align='center'>{$alert_dst_p}</td> + <td class='listr' width='9%' align='center'>{$alert_sid_str}<br/>{$sidsupplink}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 40ef61a1..a726e9ad 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -183,12 +183,12 @@ if ($pconfig['brefresh'] == 'on') </tr> <tr> <td colspan="2"> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="2" cellspacing="0"> + <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="2" cellspacing="0"> <thead> <th class='listhdr' width="5%" class="listhdrr" align="center" axis="number">#</th> <th class='listhdr' width="15%" class="listhdrr" align="center" axis="string"><?php echo gettext("IP"); ?></th> <th class='listhdr' width="70%" class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> - <th class='listhdr' width="5%" class="listhdrr" align="center"><?php echo gettext("Remove"); ?></th> + <th class='listhdr' width="10%" class="listhdrr" align="center"><?php echo gettext("Remove"); ?></th> </thead> <tbody> <?php @@ -248,8 +248,8 @@ if ($pconfig['brefresh'] == 'on') <td width='5%' align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> <td width='15%' valign=\"middle\" class=\"listr\">{$blocked_ip}</td> <td width='70%' valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td width='5%' align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'> - <img title=\"" . gettext("Delete") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td width='10%' align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'> + <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> </tr>\n"; } @@ -260,7 +260,7 @@ if ($pconfig['brefresh'] == 'on') </td> </tr> <tr> - <td colspan="2" class="vncell" align="center"> + <td colspan="2" class="vexpl" align="center"> <?php if (!empty($blocked_ips_array)) { if ($counter > 1) echo "{$counter}" . gettext(" host IP addresses are currently being blocked."); diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index f737bc1d..bd31473c 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -71,6 +71,38 @@ function truncate($string, $length) { return $string; } +function add_title_attribute($tag, $title) { + + /******************************** + * This function adds a "title" * + * attribute to the passed tag * + * and sets the value to the * + * value specified by "$title". * + ********************************/ + $result = ""; + if (empty($tag)) { + // If passed an empty element tag, then + // just create a <span> tag with title + $result = "<span title=\"" . $title . "\">"; + } + else { + // Find the ending ">" for the element tag + $pos = strpos($tag, ">"); + if ($pos !== false) { + // We found the ">" delimter, so add "title" + // attribute and close the element tag + $result = substr($tag, 0, $pos) . " title=\"" . $title . "\">"; + } + else { + // We did not find the ">" delimiter, so + // something is wrong, just return the + // tag "as-is" + $result = $tag; + } + } + return $result; +} + /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; @@ -348,7 +380,7 @@ h += 96; <tr><td class="tabcont"> <table width="100%" border="0" cellpadding="4" cellspacing="0"> <tr> - <td class="listtopic"><?php echo gettext("Rule Categories"); ?></td> + <td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td> </tr> <tr> @@ -396,7 +428,7 @@ h += 96; </tr> <?php else: ?> <tr> - <td class="listtopic"><?php echo gettext("SID Enable/Disable Overrides"); ?></td> + <td class="listtopic"><?php echo gettext("Rule Signature ID (SID) Enable/Disable Overrides"); ?></td> </tr> <tr> <td class="vncell"> @@ -429,19 +461,19 @@ h += 96; </tr> <tr> - <td class="listtopic"><?php echo gettext("Selected Category Rules"); ?></td> + <td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td> </tr> <tr> <td> <table class="tabcont" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> <td width="12px" class="list" align="left"> </td> - <td width="10%" class="listhdrr" align="center"><?php echo gettext("SID"); ?></td> + <td width="9%" class="listhdrr" align="center"><?php echo gettext("SID"); ?></td> <td width="7%" class="listhdrr" align="center"><?php echo gettext("Proto"); ?></td> <td width="14%" class="listhdrr" align="center"><?php echo gettext("Source"); ?></td> - <td width="10%" class="listhdrr" align="center"><?php echo gettext("Port"); ?></td> + <td width="11%" class="listhdrr" align="center"><?php echo gettext("Port"); ?></td> <td width="14%" class="listhdrr" align="center"><?php echo gettext("Destination"); ?></td> - <td width="10%" class="listhdrr" align="center"><?php echo gettext("Port"); ?></td> + <td width="11%" class="listhdrr" align="center"><?php echo gettext("Port"); ?></td> <td class="listhdrr" align="center"><?php echo gettext("Message"); ?></td> <td width="18px" class="list" align="right"><a href="javascript: void(0)" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> @@ -481,11 +513,18 @@ h += 96; $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); $rule_content = preg_split('/[\s]+/', $tmp); - $protocol = truncate($rule_content[1], 6); //protocol location - $source = truncate($rule_content[2], 14); //source location - $source_port = truncate($rule_content[3], 10); //source port location - $destination = truncate($rule_content[5], 14); //destination location - $destination_port = truncate($rule_content[6], 10); //destination port location + // Create custom <span> tags for the fields we truncate so we can + // have a "title" attribute for tooltips to show the full string. + $srcspan = add_title_attribute($textss, $rule_content[2]); + $srcprtspan = add_title_attribute($textss, $rule_content[3]); + $dstspan = add_title_attribute($textss, $rule_content[5]); + $dstprtspan = add_title_attribute($textss, $rule_content[6]); + + $protocol = $rule_content[1]; //protocol field + $source = truncate($rule_content[2], 14); //source field + $source_port = truncate($rule_content[3], 10); //source port field + $destination = truncate($rule_content[5], 14); //destination field + $destination_port = truncate($rule_content[6], 10); //destination port field $message = snort_get_msg($v['rule']); echo "<tr><td width=\"12px\" class=\"listt\" align=\"left\" valign=\"middle\"> $textss @@ -495,26 +534,26 @@ h += 96; title='" . gettext("Click to toggle enabled/disabled state") . "'></a> $textse </td> - <td width=\"10%\" class=\"listlr\" align=\"center\"> - $textss $sid $textse + <td width=\"9%\" class=\"listlr\" align=\"center\"> + {$textss}{$sid}{$textse} </td> <td width=\"7%\" class=\"listlr\" align=\"center\"> - $textss $protocol $textse + {$textss}{$protocol}{$textse} </td> <td width=\"14%\" class=\"listlr\" align=\"center\"> - $textss $source $textse + {$srcspan}{$source}{$textse} </td> - <td width=\"10%\" class=\"listlr\" align=\"center\"> - $textss $source_port $textse + <td width=\"11%\" class=\"listlr\" align=\"center\"> + {$srcprtspan}{$source_port}{$textse} </td> <td width=\"14%\" class=\"listlr\" align=\"center\"> - $textss $destination $textse + {$dstspan}{$destination}{$textse} </td> - <td width=\"10%\" class=\"listlr\" align=\"center\"> - $textss $destination_port $textse + <td width=\"11%\" class=\"listlr\" align=\"center\"> + {$dstprtspan}{$destination_port}{$textse} </td> <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\"> - $textss $message $textse + {$textss}{$message}{$textse} </td>"; ?> <td width="18px" align="right" valign="middle" nowrap class="listt"> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index f9fb6aa8..3005a9eb 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -84,7 +84,7 @@ if (($snortdownload == 'off') || ($a_nat[$id]['ips_policy_enable'] != 'on')) if ($a_nat[$id]['autoflowbitrules'] == 'on') { if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { - $btn_view_flowb_rules = ""; + $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; } else $btn_view_flowb_rules = " disabled"; @@ -335,7 +335,7 @@ function enable_change() </tr> <tr> <td width="15%" class="listn"><?php echo gettext("Auto Flowbit Rules"); ?></td> - <td width="85%"><input type="button" class="formbtn" value="View" onclick="parent.location='snort_rules_flowbits.php?id=<?=$id;?>'" <?php echo $btn_view_flowb_rules; ?>/> + <td width="85%"><input type="button" class="formbtns" value="View" onclick="parent.location='snort_rules_flowbits.php?id=<?=$id;?>'" <?php echo $btn_view_flowb_rules; ?>/> <span class="vexpl"><?php echo gettext("Click to view auto-enabled rules required to satisfy flowbit dependencies"); ?></span></td> </tr> <tr> @@ -389,24 +389,19 @@ function enable_change() </td> </tr> <tr> - <td colspan="6" class="listtopic"><?php echo gettext("Check the rulesets that you would like Snort to load at startup."); ?><br/></td> + <td colspan="6" class="listtopic"><?php echo gettext("Select the rulesets you would like Snort to load at startup"); ?><br/></td> </tr> - <tr> <td colspan="6"> </td> </tr> <tr> <td colspan="6"> - <table width=100% border="0" cellpadding="2" cellspacing="2"> - <tr> - <td valign="middle"><input value="Select All" type="submit" name="selectall" id="selectall" /></td> - <td valign="middle"><input value="Unselect All" type="submit" name="unselectall" id="selectall" /></td> - <td valign="middle"><input value="Save" class="formbtn" type="submit" name="Submit" id="Submit" /></td> + <table width=90% align="center" border="0" cellpadding="2" cellspacing="0"> + <tr height="45px"> + <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> + <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> + <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> </tr> </table> </tr> - <tr> - <td colspan="6"> </td> - </tr> - <?php if ($no_community_files) $msg_community = "NOTE: Snort Community Rules have not been downloaded. Perform a Rules Update to enable them."; else @@ -431,10 +426,6 @@ function enable_change() </tr> <?php endif; ?> - <?php else: ?> - <tr> - <td colspan="6"> </td> - </tr> <?php endif; ?> <?php if ($no_emerging_files) @@ -563,11 +554,11 @@ function enable_change() </td> </tr> <tr> -<td colspan="6" class="vtable"> <br/></td> +<td colspan="6" class="vexpl"> <br/></td> </tr> <tr> - <td colspan="2" align="middle" valign="center"><br/><input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" /></td> - <td colspan="4" valign="center"> <br><br/></td> + <td colspan="6" align="center" valign="middle"> + <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> </tr> <?php endif; ?> </table> |