diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 76 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 2 | ||||
-rw-r--r-- | config/snort/snort_define_servers.php | 19 | ||||
-rw-r--r-- | config/snort/snort_dynamic_ip_reload.php | 17 | ||||
-rw-r--r-- | config/snort/snort_head.inc | 61 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 8 | ||||
-rw-r--r-- | config/snort/snort_interfaces_edit_bkup.php | 609 | ||||
-rw-r--r-- | config/snort/snort_preprocessors.php | 8 |
8 files changed, 151 insertions, 649 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index eef238a0..61449c30 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -37,7 +37,6 @@ require_once("functions.inc"); require_once("filter.inc"); /* find out if were in 1.2.3-RELEASE */ - $pfsense_ver_chk = exec('/bin/cat /etc/version'); if ($pfsense_ver_chk == '1.2.3-RELEASE') { @@ -46,6 +45,9 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') $pfsense_stable = 'no'; } +/* tell me my theme */ +$pfsense_theme_is = $config['theme']; + /* checks to see if snort is running yes/no and stop/start */ function Running_Ck($snort_uuid, $if_real, $id) { global $config; @@ -588,7 +590,7 @@ class array_ereg { $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); $snort_rules_list[] = "snort_$id$if_real"; @@ -628,7 +630,7 @@ function sync_snort_package() conf_mount_ro(); } -/* make sure this func on writes to files and does not start snort */ +/* only run when a single iface needs to sync */ function sync_snort_package_all($id, $if_real, $snort_uuid) { //global $config, $g, $id, $if_real, $snort_uuid, $interface_fake; @@ -652,7 +654,7 @@ if ($id != '' && $if_real != '') //new $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); /* create snort configuration file */ create_snort_conf($id, $if_real, $snort_uuid); @@ -675,7 +677,7 @@ if ($id != '' && $if_real != '') //new } } -/* only be run on new iface create, bootup and ip refresh */ +/* only run when all ifaces needed to sync */ function sync_snort_package_empty() { global $config, $g; @@ -699,7 +701,7 @@ function sync_snort_package_empty() $id += 1; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { @@ -720,11 +722,60 @@ function sync_snort_package_empty() create_snort_sh(); sync_snort_package(); + + conf_mount_ro(); } } } +/* only bootup and ip refresh */ +function sync_snort_package_config() +{ + global $config, $g; + conf_mount_rw(); + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + if ($id == "") + { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + if ($id == '') { + $id = 0; + } + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + if ($if_real != '' && $snort_uuid != '') { + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') + create_barnyard2_conf($id, $if_real, $snort_uuid); + } + } + + sync_snort_package(); + + conf_mount_ro(); + + } + } +} + + /* Start of main config files */ /* Start of main config files */ @@ -752,7 +803,7 @@ function create_snort_sh() $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); /* define snortbarnyardlog_chk */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; @@ -860,7 +911,7 @@ rc_start() { /bin/echo "snort.sh run" > /tmp/snort.sh.pid #### Remake the configs on boot Important! - /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php + /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php & /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." $start_snort_iface_restart @@ -1087,9 +1138,10 @@ function snort_deinstall() exec("rm -rf /usr/local/etc/snort*"); //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); exec("cd /var/db/pkg && pkg_delete `ls | grep snort`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep mysql`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); + /* TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall */ + //exec("cd /var/db/pkg && pkg_delete `ls | grep mysql`"); + //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); + //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); /* Remove snort cron entries Ugly code needs smoothness*/ @@ -1528,7 +1580,7 @@ else $home_net .= "{$ip} "; /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name2("WAN"); + $int = convert_friendly_interface_to_real_interface_name("WAN"); $gw = get_interface_gateway($int); if($gw) $home_net .= "{$gw} "; diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 7a587330..db03a2d1 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -128,7 +128,7 @@ if (isset($id) && $a_nat[$id]) { if (isset($_GET['dup'])) unset($id); -$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 04984300..97e6a28b 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -38,7 +38,7 @@ Important add error checking */ -require_once("globals.inc"); +//require_once("globals.inc"); require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -126,7 +126,12 @@ if (isset($_GET['dup'])) } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + +$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($_POST["Submit"]) { @@ -226,11 +231,6 @@ $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interfac exit; } } - -$snort_uuid = $pconfig['uuid']; - - /* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid }_{$if_real}.dirty"; /* this will exec when alert says apply */ if ($_POST['apply']) { @@ -278,7 +278,7 @@ padding: 15px 10px 85% 50px; <?php - /* Display message */ + /* Display Alert message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks @@ -288,7 +288,8 @@ padding: 15px 10px 85% 50px; print_info_box2($savemsg); } - if (file_exists($d_snortconfdirty_path)) { + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { echo '<p>'; if($savemsg) { diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php index 98d9bcce..615302e8 100644 --- a/config/snort/snort_dynamic_ip_reload.php +++ b/config/snort/snort_dynamic_ip_reload.php @@ -33,18 +33,15 @@ require_once("/usr/local/pkg/snort/snort.inc"); -/* get the varibles from the command line */ -/* Note: snort.sh sould only be using this */ -//$id = $_SERVER["argv"][1]; -//$if_real = $_SERVER["argv"][2]; +if (file_exists('/var/run/snort_dynamic_ip_reload.dirty')) { + exit(); +} -//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; +exec('/usr/bin/touch /var/run/snort_dynamic_ip_reload.dirty'); -//if ($id == "" || $if_real == "" || $test_iface == "") { -// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\""); -// exit; -// } +sync_snort_package_config(); +sync_snort_package(); -sync_snort_package_empty(); +exec('/bin/rm /var/run/snort_dynamic_ip_reload.dirty'); ?>
\ No newline at end of file diff --git a/config/snort/snort_head.inc b/config/snort/snort_head.inc new file mode 100644 index 00000000..56a96df2 --- /dev/null +++ b/config/snort/snort_head.inc @@ -0,0 +1,61 @@ +<?php
+/*
+ * if user has selected a custom template, use it.
+ * otherwise default to pfsense tempalte
+ */
+if($config['theme'] <> "")
+ $g['theme'] = $config['theme'];
+else
+ $g['theme'] = "pfsense";
+
+$apple_ua = array("iPhone","iPod");
+foreach($apple_ua as $useragent)
+ if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
+ $g['theme'] = "pfsense";
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+ <title><?=gentitle($pgtitle);?></title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+ <link rel=”apple-touch-icon” href=”/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png”/>
+ <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
+ file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
+ <link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/wizard.css" media="all" />
+ <?php else: ?>
+ <link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css" media="all" />
+ <?php endif; ?>
+ <link rel="stylesheet" type="text/css" href="/niftycssprintCode.css" media="print" />
+ <script type="text/javascript">var theme = "<?php echo $g['theme']; ?>"</script>
+ <script type="text/javascript" src="/themes/<?php echo $g['theme']; ?>/loader.js"></script>
+
+<?
+ /*
+ * Find all javascript files that need to be included
+ * for this page ... from the arrays ... :)
+ * Coded by: Erik Kristensen
+ */
+
+ $dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php');
+ $path = "/usr/local/www/javascript/" . $dir . "/";
+ if (is_dir($path)) {
+ if ($dh = opendir($path)) {
+ while (($file = readdir($dh)) !== false) {
+ if (is_dir($file)) continue;
+ echo "\t".'<script type="text/javascript" src="/javascript/'.$dir.'/'.$file.'"></script>'."\n";
+ }
+ closedir($dh);
+ }
+ }
+
+ if ($oSajax):
+?>
+ <script language="javascript" type="text/javascript">
+ <?php $oSajax->sajax_show_javascript(); ?>
+ </script>
+<? endif; ?>
+
+<?php if (!isset($closehead)){ ?>
+</head>
+<?php } ?>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index cb51df44..b83068e1 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -494,7 +494,7 @@ if ($pkg['tabs'] <> "") { <?php /* TODO: remove when 2.0 stable */ -if ($pfsense_stable == 'yes') { +if ($pfsense_theme_is == 'nervecenter') { $footer2 = " @@ -527,12 +527,12 @@ $footer2 = " </div>\n"; } -if ($pfsense_stable != 'yes') { +if ($pfsense_theme_is == 'pfsense_ng') { $footer3 = " <style type=\"text/css\"> -#footer2 +#footer3 { top: 105px; @@ -556,7 +556,7 @@ clear: both; </style> - <div id=\"footer2\"> + <div id=\"footer3\"> Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com </div>\n"; diff --git a/config/snort/snort_interfaces_edit_bkup.php b/config/snort/snort_interfaces_edit_bkup.php deleted file mode 100644 index 92bc7c5a..00000000 --- a/config/snort/snort_interfaces_edit_bkup.php +++ /dev/null @@ -1,609 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} - -$a_nat = $config['installedpackages']['snortglobal']['rule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - -/* always have a limit of (65535) numbers only or snort will not start do to id limits */ -/* TODO: When inline gets added make the uuid the port number lisstening */ -//function gen_snort_uuid($fileline) -//{ - /* return the first 5 */ - //if (preg_match("/...../", $fileline, $matches1)) - //{ - //$uuid_final = "$matches1[0]"; - //} -//return $uuid_final; -//} - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$snort_uuid = 0; -while ($snort_uuid > 65535 || $snort_uuid == 0) { - $snort_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $snort_uuid; - } -} - -if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; -} - - -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - - -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['uuid'] = $a_nat[$id]['uuid']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - - if (!$pconfig['interface']) { - $pconfig['interface'] = "wan"; - } else { - $pconfig['interface'] = "wan"; - } -} - -if (isset($_GET['dup'])) - unset($id); - -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - - write_config(); - - sync_snort_package_empty(); - sync_snort_package(); - - unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); - - } - - if (file_exists($d_snortconfdirty_path)) { - - write_config(); - - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); - - unlink($d_snortconfdirty_path); - - } - - } - -if ($_POST["Submit"]) { - - - - // if ($config['installedpackages']['snortglobal']['rule']) { - if ($_POST['descr'] == '' && $pconfig['descr'] == '') { - $input_errors[] = "Please enter a description for your reference."; - } - - if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id_c = -1; - foreach ($rule_array as $value) { - - $id_c += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - - if ($_POST['interface'] == $result_lan) { - $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } - } - } - - /* check for overlaps */ - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; - if ($natent['interface'] != $_POST['interface']) - continue; - } - - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - - /* write to conf for 1st time or rewrite the answer */ - $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; - /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? on : off; - $natent['uuid'] = $pconfig['uuid']; - $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; - $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; - /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - /* if optiion = 0 then the old descr way will not work */ - - /* rewrite the options that are not in post */ - /* make shure values are set befor repost or conf.xml will be broken */ - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } - - write_config(); - - touch("$d_snortconfdirty_path"); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - - //exit; - } -} - - if ($_POST["Submit2"]) { - - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); - sleep(1); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - } - - if ($_POST["Submit3"]) - { - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - - } - - /* This code needs to be below headers */ - if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) - { - - $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - - if ($snort_up_ck2_info == 'no') { - $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; - }else{ - $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; - } - - }else{ - $snort_up_ck = ''; - } - - -$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("./snort_fbegin.inc"); -?> -<style type="text/css"> -.alert { - position:absolute; - top:10px; - left:0px; - width:94%; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; -} -</style> -<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript> -<script language="JavaScript"> -<!-- - -function enable_change(enable_change) { - endis = !(document.iform.enable.checked || enable_change); - // make shure a default answer is called if this is envoked. - endis2 = (document.iform.enable); - -<?php -/* make shure all the settings exist or function hide will not work */ -/* if $id is emty allow if and discr to be open */ -if($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') -{ -echo " - document.iform.interface.disabled = endis2; - document.iform.descr.disabled = endis;\n"; -} -?> - document.iform.performance.disabled = endis; - document.iform.blockoffenders7.disabled = endis; - document.iform.alertsystemlog.disabled = endis; - document.iform.tcpdumplog.disabled = endis; - document.iform.snortunifiedlog.disabled = endis; -} -//--> -</script> -<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php - - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box2($savemsg); - } - - //if (file_exists($d_snortconfdirty_path)) { - if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } - -?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if ($a_nat[$id]['interface'] != '') { - /* get the interface name */ - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface2) { - $if2 = convert_friendly_interface_to_real_interface_name2($iface2); - - if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { - $if2 = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if2){ - array_push($snortInterfaces, $if2); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } - -} - $tab_array = array(); - if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); - } - $tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}"); - /* hide user tabs when no settings have be saved */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { - if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - //$tab_array[] = array("upload", false, "/snort/snort_conf_upload.php?id={$id}"); - $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); - } - } - display_top_tabs($tab_array); - -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['enable'] == "on") - $checked = checked; - - $onclick_enable = "onClick=\"enable_change(false)\">"; - - echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable - <strong>Enable Interface</strong></td>\n\n"; - ?> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Memory Performance</td> - <td width="78%" class="vtable"> - <select name="performance" class="formfld" id="performance"> - <?php - $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); - foreach ($interfaces2 as $iface2 => $ifacename2): ?> - <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename2);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br> - </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Block offenders</td> - <td width="78%" class="vtable"> - <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Checking this option will automatically block hosts that generate a Snort alert.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> - <td width="78%" class="vtable"> - <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will send Alerts to the Pfsense system logs.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> - <td width="78%" class="vtable"> - <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td> - <td width="78%" class="vtable"> - <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - </table> -</form> - -<script language="JavaScript"> -<!-- -enable_change(false); -//--> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 25963cbe..d6cbb55d 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -119,7 +119,7 @@ if (isset($_GET['dup'])) } /* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); $snort_uuid = $pconfig['uuid']; @@ -212,7 +212,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off; $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; - if (isset($id) && $a_nat[$id]) + if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; else { if (is_numeric($after)) @@ -220,11 +220,11 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; else $a_nat[] = $natent; } - + write_config(); /* after click go to this page */ - touch($d_snortconfdirty_path); + //touch($d_snortconfdirty_path); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); |