diff options
Diffstat (limited to 'config/snort')
28 files changed, 1076 insertions, 1721 deletions
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc index 795924ea..8db5408d 100644 --- a/config/snort/snort.priv.inc +++ b/config/snort/snort.priv.inc @@ -24,10 +24,9 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_edit.php* $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_global.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress_edit.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist_edit.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_passlist.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_passlist_edit.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_list_view.php*"; -$priv_list['page-services-snort']['match'][] = "snort/snort_log_view.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_migrate_config.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_post_install.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_preprocessors.php*"; @@ -37,9 +36,14 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rules_flowbits.php*" $priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_ip_list_mgmt.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*"; +$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*"; +$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*"; +$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*"; $priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*"; $priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*"; $priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*"; $priv_list['page-services-snort']['match'][] = "snort/snort.inc*"; - ?>
\ No newline at end of file diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 804c6e8a..998cd061 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -40,6 +40,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); $snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; $supplist = array(); +$snortlogdir = SNORTLOGDIR; function snort_is_alert_globally_suppressed($list, $gid, $sid) { @@ -129,18 +130,18 @@ function snort_add_supplist_entry($suppress) { return false; } -if ($_GET['instance']) - $instanceid = $_GET['instance']; -if ($_POST['instance']) +if (isset($_POST['instance']) && is_numericint($_POST['instance'])) $instanceid = $_POST['instance']; -if (empty($instanceid)) +elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) + $instanceid = htmlspecialchars($_GET['instance']); +if (empty($instanceid) || !is_numericint($instanceid)) $instanceid = 0; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_uuid = $a_instance[$instanceid]['uuid']; -$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); +$if_real = get_real_interface($a_instance[$instanceid]['interface']); // Load up the arrays of force-enabled and force-disabled SIDs $enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']); @@ -173,63 +174,70 @@ if ($_POST['save']) { exit; } -if ($_POST['todelete'] || $_GET['todelete']) { +if ($_POST['todelete']) { $ip = ""; - if($_POST['todelete']) - $ip = $_POST['todelete']; - else if($_GET['todelete']) - $ip = $_GET['todelete']; - if (is_ipaddr($ip)) { - exec("/sbin/pfctl -t snort2c -T delete {$ip}"); - $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table."); + if($_POST['ip']) { + $ip = $_POST['ip']; + if (is_ipaddr($_POST['ip'])) { + exec("/sbin/pfctl -t snort2c -T delete {$ip}"); + $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Hosts Table."); + } } } -if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - if (empty($_GET['descr'])) - $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n"; - else - $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}"; - - /* Add the new entry to the Suppress List */ - if (snort_add_supplist_entry($suppress)) - $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List."); - else - $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); -} - -if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - if ($_GET['act'] == "addsuppress_srcip") +if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { + if ($_POST['addsuppress_srcip']) $method = "by_src"; - else + elseif ($_POST['addsuppress_dstip']) $method = "by_dst"; - - /* Check for valid IP addresses, exit if not valid */ - if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) { - if (empty($_GET['descr'])) - $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n"; - else - $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n"; - } - else { - header("Location: /snort/snort_alerts.php?instance={$instanceid}"); - exit; + else + $method ="all"; + + // See which kind of Suppress Entry to create + switch ($method) { + case "all": + if (empty($_POST['descr'])) + $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n"; + else + $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n"; + $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List."); + break; + case "by_src": + case "by_dst": + // Check for valid IP addresses, exit if not valid + if (is_ipaddr($_POST['ip'])) { + if (empty($_POST['descr'])) + $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n"; + else + $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n"; + $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List."); + } + else { + $input_errors[] = gettext("An invalid IP address was passed as a Suppress List parameter."); + } + break; + default: + header("Location: /snort/snort_alerts.php?instance={$instanceid}"); + exit; } - /* Add the new entry to the Suppress List */ - if (snort_add_supplist_entry($suppress)) - $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List."); - else - /* We did not find the defined list, so notify the user with an error */ - $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); + if (!$input_errors) { + /* Add the new entry to the Suppress List and signal Snort to reload config */ + if (snort_add_supplist_entry($suppress)) { + snort_reload_config($a_instance[$instanceid]); + $savemsg = $success; + /* Give Snort a couple seconds to reload the configuration */ + sleep(2); + } + else + $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); + } } -if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - // Get the GID tag embedded in the clicked rule icon. - $gid = $_GET['gen_id']; - - // Get the SID tag embedded in the clicked rule icon. - $sid= $_GET['sidid']; +if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { + // Get the GID and SID tags embedded in the clicked rule icon. + $gid = $_POST['gen_id']; + $sid= $_POST['sidid']; // See if the target SID is in our list of modified SIDs, // and toggle it if present. @@ -279,16 +287,17 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE /* Soft-restart Snort to live-load the new rules */ snort_reload_config($a_instance[$instanceid]); - $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules."); + /* Give Snort a couple seconds to reload the configuration */ + sleep(2); + + $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); } -if ($_GET['action'] == "clear" || $_POST['delete']) { +if ($_POST['delete']) { snort_post_delete_logs($snort_uuid); - $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+"); - if ($fd) - fclose($fd); + file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", ""); /* XXX: This is needed if snort is run as snort user */ - mwexec('/bin/chmod 660 /var/log/snort/*', true); + mwexec("/bin/chmod 660 {$snortlogdir}/*", true); if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); header("Location: /snort/snort_alerts.php?instance={$instanceid}"); @@ -298,7 +307,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) { if ($_POST['download']) { $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz"; - exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); + exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); if (file_exists("/tmp/{$file_name}")) { ob_start(); //important or other posts will fail @@ -338,16 +347,21 @@ include_once("fbegin.inc"); /* refresh every 60 secs */ if ($pconfig['arefresh'] == 'on') echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php?instance={$instanceid}\" />\n"; -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - if ($savemsg) { - print_info_box($savemsg); - } + +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} ?> <form action="/snort/snort_alerts.php" method="post" id="formalert"> +<input type="hidden" name="instance" id="instance" value="<?=$instanceid;?>"/> +<input type="hidden" name="sidid" id="sidid" value=""/> +<input type="hidden" name="gen_id" id="gen_id" value=""/> +<input type="hidden" name="ip" id="ip" value=""/> +<input type="hidden" name="descr" id="descr" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -357,10 +371,11 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php?instance={$instanceid}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -372,13 +387,13 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} <tr> <td width="22%" class="vncell"><?php echo gettext('Instance to inspect'); ?></td> <td width="78%" class="vtable"> - <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()"> + <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()"> <?php foreach ($a_instance as $id => $instance) { $selected = ""; if ($id == $instanceid) $selected = "selected"; - echo "<option value='{$id}' {$selected}> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n"; + echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ") {$instance['descr']}</option>\n"; } ?> </select> <?php echo gettext('Choose which instance alerts you want to inspect.'); ?> @@ -386,22 +401,23 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} <tr> <td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td> <td width="78%" class="vtable"> - <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' . - 'log files will be saved.'); ?> <a href="/snort/snort_alerts.php?action=clear&instance=<?=$instanceid;?>"> + <input name="download" type="submit" class="formbtns" value="Download" + title="<?=gettext("Download interface log files as a gzip archive");?>"/> + <?php echo gettext('All log files will be saved.');?> <input name="delete" type="submit" class="formbtns" value="Clear" - onclick="return confirm('Do you really want to remove all instance logs?')"></a> - <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?> + onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/> + <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?> </td> </tr> <tr> <td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td> <td width="78%" class="vtable"> - <input name="save" type="submit" class="formbtns" value="Save"> - <?php echo gettext('Refresh'); ?> <input name="arefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> - <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> - <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> - <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext('Refresh');?> <input name="arefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> + <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/> + <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> </td> </tr> <tr> @@ -410,39 +426,39 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} </tr> <tr> <td width="100%" colspan="2"> - <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0"> + <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="9%" align="center" axis="date"> - <col width="45" align="center" axis="number"> - <col width="65" align="center" axis="string"> + <col width="10%" align="center" axis="date"> + <col width="40" align="center" axis="number"> + <col width="52" align="center" axis="string"> <col width="10%" axis="string"> <col width="13%" align="center" axis="string"> - <col width="8%" align="center" axis="string"> + <col width="7%" align="center" axis="string"> <col width="13%" align="center" axis="string"> - <col width="8%" align="center" axis="string"> - <col width="9%" align="center" axis="number"> + <col width="7%" align="center" axis="string"> + <col width="10%" align="center" axis="number"> <col axis="string"> </colgroup> <thead> <tr> - <th class="listhdrr" axis="date"><?php echo gettext("DATE"); ?></th> - <th class="listhdrr" axis="number"><?php echo gettext("PRI"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("PROTO"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("CLASS"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("SRC"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("SPORT"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("DST"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("DPORT"); ?></th> + <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> + <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th> <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> - <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th> </tr> </thead> <tbody> <?php /* make sure alert file exists */ -if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -{$anentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); +if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { + exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); if (file_exists("/tmp/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); $counter = 0; @@ -450,7 +466,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) + if(count($fields) < 13) continue; /* Time */ @@ -482,9 +498,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) { - $alert_ip_src .= " <a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[6])) . "'>"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>"; + $alert_ip_src .= " <input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[6]}','{$alert_descr}');\" "; + $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'>"; } elseif (isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) { $alert_ip_src .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; @@ -492,9 +508,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { } /* Add icon for auto-removing from Blocked Table if required */ if (isset($tmpblocked[$fields[6]])) { - $alert_ip_src .= " "; - $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[6])) . "'> - <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>"; + $alert_ip_src .= " <input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[6]}';\" "; + $alert_ip_src .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>"; } /* IP SRC Port */ $alert_src_p = $fields[7]; @@ -515,9 +530,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { - $alert_ip_dst .= " <a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[8])) . "'>"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>"; + $alert_ip_dst .= " <input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[8]}','{$alert_descr}');\" "; + $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>"; } elseif (isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { $alert_ip_dst .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; @@ -525,18 +540,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { } /* Add icon for auto-removing from Blocked Table if required */ if (isset($tmpblocked[$fields[8]])) { - $alert_ip_dst .= " "; - $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[8])) . "'> - <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>"; + $alert_ip_dst .= " <input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[8]}';\" "; + $alert_ip_dst .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>"; } /* IP DST Port */ $alert_dst_p = $fields[9]; /* SID */ $alert_sid_str = "{$fields[1]}:{$fields[2]}"; if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2])) { - $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}'>"; - $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>"; + $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','{$alert_descr}');\" "; + $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>"; } else { $sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; @@ -544,31 +558,31 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { } /* Add icon for toggling rule state */ if (isset($disablesid[$fields[1]][$fields[2]])) { - $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>"; - $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block_d.gif' width='11' height='11' border='0' "; - $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action.") . "'></a>"; + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>"; } else { - $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>"; - $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; - $sid_dsbl_link .= "title='" . gettext("Click to force-disable rule and remove from current rules set.") . "'></a>"; + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>"; } /* DESCRIPTION */ $alert_class = $fields[11]; + /* Write out a table row */ echo "<tr> <td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td> <td class='listr' align='center'>{$alert_priority}</td> <td class='listr' align='center'>{$alert_proto}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> - <td class='listr' align='center'>{$alert_ip_src}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td> <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' align='center'>{$alert_ip_dst}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> - <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td> + <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; - $counter++; } fclose($fd); @@ -588,6 +602,21 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { <?php include("fend.inc"); ?> - +<script type="text/javascript"> +function encRuleSig(rulegid,rulesid,srcip,ruledescr) { + + // This function stuffs the passed GID, SID + // and other values into hidden Form Fields + // for postback. + if (typeof srcipip == "undefined") + var srcipip = ""; + if (typeof ruledescr == "undefined") + var ruledescr = ""; + document.getElementById("sidid").value = rulesid; + document.getElementById("gen_id").value = rulegid; + document.getElementById("ip").value = srcip; + document.getElementById("descr").value = ruledescr; +} +</script> </body> </html> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 4fc470d3..b05384ae 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -34,6 +34,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$snortlogdir = SNORTLOGDIR; + // Grab pfSense version so we can refer to it later on this page $pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -48,14 +50,14 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; -if ($_POST['todelete'] || $_GET['todelete']) { +if ($_POST['todelete']) { $ip = ""; - if($_POST['todelete']) - $ip = $_POST['todelete']; - else if($_GET['todelete']) - $ip = $_GET['todelete']; + if ($_POST['ip']) + $ip = $_POST['ip']; if (is_ipaddr($ip)) exec("/sbin/pfctl -t snort2c -T delete {$ip}"); + else + $input_errors[] = gettext("An invalid IP address was provided as a parameter."); } if ($_POST['remove']) { @@ -140,12 +142,19 @@ include_once("fbegin.inc"); /* refresh every 60 secs */ if ($pconfig['brefresh'] == 'on') echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; -?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} +?> -<?php if ($savemsg) print_info_box($savemsg); ?> <form action="/snort/snort_blocked.php" method="post"> +<input type="hidden" name="ip" id="ip" value=""/> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -156,10 +165,11 @@ if ($pconfig['brefresh'] == 'on') $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -172,22 +182,23 @@ if ($pconfig['brefresh'] == 'on') <tr> <td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td> <td width="78%" class="vtable"> - <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext("All " . - "blocked hosts will be saved."); ?> <input name="remove" type="submit" - class="formbtns" value="Clear"> <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> - <?php echo gettext("all hosts will be removed."); ?> + <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> + <?php echo gettext("All blocked hosts will be saved."); ?> + <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> </td> </tr> <tr> <td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td> <td width="78%" class="vtable"> - <input name="save" type="submit" class="formbtns" value="Save"> <?php echo gettext("Refresh"); ?> <input - name="brefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> - <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> <input - name="blertnumber" type="text" class="formfld unknown" id="blertnumber" - size="5" value="<?=htmlspecialchars($bnentries);?>"> <?php printf(gettext("Enter the " . - "number of blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext("Refresh"); ?> <input name="brefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>/> + <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber" + size="5" value="<?=htmlspecialchars($bnentries);?>"/> <?php printf(gettext("Enter number of " . + "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> </td> </tr> <tr> @@ -225,13 +236,13 @@ if ($pconfig['brefresh'] == 'on') if (!empty($blocked_ips_array)) { $tmpblocked = array_flip($blocked_ips_array); $src_ip_list = array(); - foreach (glob("/var/log/snort/*/alert") as $alertfile) { + foreach (glob("{$snortlogdir}/*/alert") as $alertfile) { $fd = fopen($alertfile, "r"); if ($fd) { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) + if(count($fields) < 13) continue; if (isset($tmpblocked[$fields[6]])) { @@ -280,8 +291,9 @@ if ($pconfig['brefresh'] == 'on') <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'> - <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\" + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> </tr>\n"; } } diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 7c057b19..d210da2c 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -5,6 +5,7 @@ * * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -35,12 +36,14 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; + header("Location: /snort/snort_interfaces.php"); + exit; } if (!is_array($config['installedpackages']['snortglobal']['rule'])) { @@ -87,20 +90,20 @@ $snort_ports = array( ); // Sort our SERVERS and PORTS arrays to make values -// easier to locate by the the user. +// easier to locate for the user. ksort($snort_servers); ksort($snort_ports); $pconfig = $a_nat[$id]; /* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +$if_real = get_real_interface($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; /* alert file */ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; -if ($_POST) { +if ($_POST['save']) { $natent = array(); $natent = $pconfig; @@ -149,9 +152,11 @@ if ($_POST) { header("Location: snort_define_servers.php?id=$id"); exit; } + else + $pconfig = $_POST; } -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports"); include_once("head.inc"); @@ -160,7 +165,6 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display Alert message */ if ($input_errors) print_input_errors($input_errors); // TODO: add checks @@ -180,23 +184,25 @@ if ($savemsg) $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -256,7 +262,7 @@ if ($savemsg) <tr> <td width="30%" valign="top"> </td> <td width="70%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> + <input name="save" type="submit" class="formbtn" value="Save"> <input name="id" type="hidden" value="<?=$id;?>"> </td> </tr> @@ -276,9 +282,6 @@ if ($savemsg) if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) foreach($config['aliases']['alias'] as $alias_name) { if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; if($addrisfirst == 1) $aliasesaddr .= ","; $aliasesaddr .= "'" . $alias_name['name'] . "'"; $addrisfirst = 1; diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 562a6b36..f35341f1 100755 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -91,7 +91,7 @@ include("head.inc"); <?php $snort_gui_include = true; -include("/usr/local/pkg/snort/snort_check_for_rule_updates.php"); +include("/usr/local/www/snort/snort_check_for_rule_updates.php"); /* hide progress bar and lets end this party */ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php index f6d00b0b..cef6a894 100644 --- a/config/snort/snort_edit_hat_data.php +++ b/config/snort/snort_edit_hat_data.php @@ -3,6 +3,7 @@ * snort_edit_hat_data.php * Copyright (C) 2004 Scott Ullrich * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * originially part of m0n0wall (http://m0n0.ch/wall) @@ -47,9 +48,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { } $a_nat = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -62,24 +65,27 @@ else if ($_POST['clear']) { unset($a_nat[$id]['host_attribute_data']); + $a_nat[$id]['host_attribute_table'] = 'off'; write_config(); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); - header("Location: /snort/snort_edit_hat_data.php?id={$id}"); - exit; + $pconfig['host_attribute_data'] = ""; } -if ($_POST['host_attribute_data']) { +if ($_POST['save']) { $a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']); + if (strlen($_POST['host_attribute_data']) > 0) + $a_nat[$id]['host_attribute_table'] = 'on'; + else + $a_nat[$id]['host_attribute_table'] = 'off'; write_config(); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); - header("Location: /snort/snort_preprocessors.php?id={$id}"); - exit; + $pconfig['host_attribute_data'] = $_POST['host_attribute_data']; } -$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Host Attribute Table Data"); include_once("head.inc"); @@ -89,8 +95,8 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> @@ -106,11 +112,11 @@ if ($savemsg) <tr> <td> <input type='hidden' name='id' value='<?=$id;?>'> - <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=$pconfig['host_attribute_data'];?></textarea></td> + <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=htmlspecialchars($pconfig['host_attribute_data']);?></textarea></td> </tr> <tr> <td> - <input name="Submit" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/> + <input name="save" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/> <input type="button" class="formbtn" value=" <?php echo gettext("Return"); ?>" onclick="parent.location='snort_preprocessors.php?id=<?=$id;?>'" title="<?php echo gettext("Return to Preprocessors tab"); ?>"/> <input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all Host Attribute data for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all Host Attribute data"); ?>"/> </td> diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index 89a21dc8..a4c8cb53 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_frag3_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,12 +34,15 @@ global $g; $snortdir = SNORTDIR; // Grab the incoming QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); @@ -90,10 +93,10 @@ if ($_POST['Cancel']) { // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } -if ($_POST['Submit']) { +if ($_POST['save']) { /* Grab all the POST values and save in new temp array */ $engine = array(); @@ -189,7 +192,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine"); include_once("head.inc"); @@ -324,7 +327,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index b039df5b..9058a06e 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_ftp_client_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,12 +33,15 @@ global $g; $snortdir = SNORTDIR; -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -84,7 +87,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "bounce_to_net" || $_GET['varname'] == "bounce_to_port") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['ftp_client_import'])) $_SESSION['ftp_client_import'] = array(); @@ -112,7 +115,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -220,7 +223,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine"); include_once("head.inc"); @@ -353,7 +356,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save ftp engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index e70033e7..618c8d85 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_ftp_server_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,12 +34,15 @@ global $g; $snortdir = SNORTDIR; // Grab any QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -85,7 +88,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['ftp_server_import'])) $_SESSION['ftp_server_import'] = array(); @@ -109,7 +112,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -191,7 +194,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine"); include_once("head.inc"); @@ -316,7 +319,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save ftp engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index 94d3364f..47495ebe 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_httpinspect_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,12 +33,15 @@ global $g; $snortdir = SNORTDIR; -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { // Clear and close out any session variable we created @@ -137,7 +140,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); $_SESSION['http_inspect_import'] = array(); $_SESSION['http_inspect_import'][$_GET['varname']] = $_GET['varvalue']; @@ -160,7 +163,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); @@ -300,7 +303,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: {$if_friendly} - HTTP_Inspect Preprocessor Engine"); include_once("head.inc"); @@ -637,7 +640,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save httpinspect engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 77cd5490..7edadea7 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -2,7 +2,7 @@ /* $Id$ */ /* snort_import_aliases.php - Copyright (C) 2013 Bill Meeks + Copyright (C) 2013, 2014 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,12 +32,15 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -$id = $_GET['id']; -$eng = $_GET['eng']; if (isset($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (isset($_POST['eng'])) $eng = $_POST['eng']; +elseif (isset($_GET['eng'])) + $eng = htmlspecialchars($_GET['eng']); // Make sure we have a valid rule ID and ENGINE name, or // else bail out to top-level menu. @@ -46,7 +49,10 @@ if (is_null($id) || is_null($eng)) { exit; } -// Used to track if any selectable Aliases are found +// Used to track if any selectable Aliases are found. Selectable +// means aliases matching the requirements of the configuration +// engine we are importing into (e.g., single IP only or +// multiple IP alias). $selectablealias = false; // Initialize required array variables as necessary @@ -89,7 +95,7 @@ switch ($eng) { break; case "stream5_tcp_engine": $anchor = "#stream5_row"; - $multi_ip = true; + $multi_ip = false; $title = "Stream5 TCP Engine"; break; case "ftp_server_engine": @@ -269,7 +275,7 @@ include("head.inc"); ?> <?php if ($disable): ?> <tr title="<?=$tooltip;?>"> - <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/> + <td class="listlr" align="center" sorttable_customkey=""><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height="11" border="0"/> <?php else: ?> <tr> <td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 15d9addc..9f42ab2e 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -4,6 +4,7 @@ * * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -28,56 +29,39 @@ * POSSIBILITY OF SUCH DAMAGE. */ -$nocsrf = true; require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortdir = SNORTDIR; +$snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; + +// Calculate the index of the next added Snort interface $id_gen = count($config['installedpackages']['snortglobal']['rule']); if (isset($_POST['del_x'])) { - /* delete selected rules */ + /* Delete selected Snort interfaces */ if (is_array($_POST['rule'])) { conf_mount_rw(); foreach ($_POST['rule'] as $rulei) { - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($a_nat[$rulei]['interface']); + $if_real = get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; snort_stop($a_nat[$rulei], $if_real); - exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}"); + exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}"); exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); - // If interface had auto-generated Suppress List, then - // delete that along with the interface - $autolist = "{$a_nat[$rulei]['interface']}" . "suppress"; - if (is_array($config['installedpackages']['snortglobal']['suppress']) && - is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { - $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; - foreach ($a_suppress as $k => $i) { - if ($i['name'] == $autolist) { - unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]); - break; - } - } - } - // Finally delete the interface's config entry entirely unset($a_nat[$rulei]); } conf_mount_ro(); - /* If all the Snort interfaces are removed, then unset the config array. */ + /* If all the Snort interfaces are removed, then unset the interfaces config array. */ if (empty($a_nat)) unset($a_nat); @@ -106,13 +90,13 @@ if (isset($_POST['del_x'])) { } -/* start/stop snort */ -if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { - $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id]; - $if_real = snort_get_real_interface($snortcfg['interface']); - $if_friendly = snort_get_friendly_interface($snortcfg['interface']); +/* start/stop barnyard2 */ +if ($_POST['bartoggle'] && is_numericint($_POST['id'])) { + $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; + $if_real = get_real_interface($snortcfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); - if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') { + if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) { log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})..."); sync_snort_package_config(); snort_barnyard_start($snortcfg, $if_real); @@ -120,27 +104,18 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_barnyard_stop($snortcfg, $if_real); } - sleep(3); // So the GUI reports correctly - header("Location: /snort/snort_interfaces.php"); - exit; } /* start/stop snort */ -if ($_GET['act'] == 'toggle' && is_numeric($id)) { - $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id]; - $if_real = snort_get_real_interface($snortcfg['interface']); - $if_friendly = snort_get_friendly_interface($snortcfg['interface']); +if ($_POST['toggle'] && is_numericint($_POST['id'])) { + $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; + $if_real = get_real_interface($snortcfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); - if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') { + if (snort_is_running($snortcfg['uuid'], $if_real)) { log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_stop($snortcfg, $if_real); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); } else { log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})..."); @@ -149,16 +124,8 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { sync_snort_package_config(); $rebuild_rules = false; snort_start($snortcfg, $if_real); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); } sleep(3); // So the GUI reports correctly - header("Location: /snort/snort_interfaces.php"); - exit; } $pgtitle = "Services: $snort_package_version"; @@ -169,34 +136,18 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if ($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> -<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php /* Display Alert message */ if ($input_errors) - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); - - //if (file_exists($d_snortconfdirty_path)) { - if ($d_snortconfdirty_path_ls != '') { - echo '<p>'; - - if($savemsg) - print_info_box_np("{$savemsg}"); - else { - print_info_box_np(gettext( - 'The Snort configuration has changed for one or more interfaces.<br>' . - 'You must apply the changes in order for them to take effect.<br>' - )); - } - } ?> +<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input type="hidden" name="id" id="id" value=""> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -207,10 +158,11 @@ if ($pfsense_stable == 'yes') $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -257,11 +209,10 @@ if ($pfsense_stable == 'yes') <?php /* convert fake interfaces to real and check if iface is up */ - /* There has to be a smarter way to do this */ - $if_real = snort_get_real_interface($natent['interface']); - $natend_friendly= snort_get_friendly_interface($natent['interface']); + $if_real = get_real_interface($natent['interface']); + $natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']); $snort_uuid = $natent['uuid']; - if (snort_is_running($snort_uuid, $if_real) == 'no'){ + if (!snort_is_running($snort_uuid, $if_real)){ $iconfn = 'block'; $iconfn_msg1 = 'Snort is not running on '; $iconfn_msg2 = '. Click to start.'; @@ -271,7 +222,7 @@ if ($pfsense_stable == 'yes') $iconfn_msg1 = 'Snort is running on '; $iconfn_msg2 = '. Click to stop.'; } - if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no'){ + if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')){ $biconfn = 'block'; $biconfn_msg1 = 'Barnyard2 is not running on '; $biconfn_msg2 = '. Click to start.'; @@ -312,14 +263,13 @@ if ($pfsense_stable == 'yes') <?php $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; if ($check_snort_info == "on") { - echo strtoupper("enabled"); - echo "<a href='?act=toggle&id={$i}'> - <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' - width='13' height='13' border='0' - title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>"; + echo gettext("ENABLED") . " "; + echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' "; + echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" "; + echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>"; echo ($no_rules) ? " <img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : ""; } else - echo strtoupper("disabled"); + echo gettext("DISABLED"); ?> </td> <td class="listr" @@ -353,13 +303,11 @@ if ($pfsense_stable == 'yes') <?php $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; if ($check_snortbarnyardlog_info == "on") { - echo strtoupper("enabled"); - echo "<a href='?act=bartoggle&id={$i}'> - <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' - width='13' height='13' border='0' - title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>"; + echo gettext("ENABLED") . " "; + echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' "; + echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>"; } else - echo strtoupper("disabled"); + echo gettext("DISABLED"); ?> </td> <td class="listbg" @@ -393,8 +341,7 @@ if ($pfsense_stable == 'yes') src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> <?php else: ?> - <input name="del" type="image" - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" onclick="return intf_del()"> <?php endif; ?></td> @@ -420,12 +367,8 @@ if ($pfsense_stable == 'yes') </td> </tr> <tr> - <td colspan="3" class="vexpl"><br> - </td> - </tr> - <tr> - <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br> - <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong> + <td colspan="3" class="vexpl"> + <?php echo gettext("New settings will not take effect until interface restart."); ?> </td> </tr> <tr> @@ -484,9 +427,9 @@ function intf_del() { } } if (isSelected) - return confirm('Do you really want to delete the selected Snort mapping?'); + return confirm('Do you really want to delete the selected Snort interface mapping(s)?'); else - alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete."); + alert("There is no Snort interface mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete."); } </script> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 72aa82e2..1f3a3cbe 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -4,6 +4,7 @@ * * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,6 +34,9 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; +$snortdir = SNORTDIR; +$snortlogdir = SNORTLOGDIR; + if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); $snortglob = $config['installedpackages']['snortglobal']; @@ -41,9 +45,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_rule = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -63,13 +69,7 @@ else { $snort_uuid = $pconfig['uuid']; // Get the physical configured interfaces on the firewall -if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); -else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; -} +$interfaces = get_configured_interface_with_descr(); // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { @@ -89,6 +89,8 @@ elseif (isset($id) && !isset($a_rule[$id])) { foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; + $pconfig['descr'] = strtoupper($i); + $pconfig['enable'] = 'on'; break; } } @@ -99,19 +101,26 @@ elseif (isset($id) && !isset($a_rule[$id])) { } } -if (isset($_GET['dup'])) - unset($id); - // Set defaults for empty key parameters if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['performance'])) $pconfig['performance'] = "ac-bnfa"; -if ($_POST["Submit"]) { - if (!$_POST['interface']) +if ($_POST["save"]) { + if (!isset($_POST['interface'])) $input_errors[] = "Interface is mandatory"; + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Snort instance."); + break; + } + } + } + /* if no errors write to conf */ if (!$input_errors) { $natent = $a_rule[$id]; @@ -136,6 +145,8 @@ if ($_POST["Submit"]) { if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); + if ($_POST['alert_log_limit']) $natent['alert_log_limit'] = $_POST['alert_log_limit']; else unset($natent['alert_log_limit']); + if ($_POST['alert_log_retention']) $natent['alert_log_retention'] = $_POST['alert_log_retention']; else unset($natent['alert_log_retention']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } @@ -145,14 +156,20 @@ if ($_POST["Submit"]) { if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; } if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; } - $if_real = snort_get_real_interface($natent['interface']); + $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { + // See if moving an existing Snort instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { - $oif_real = snort_get_real_interface($a_rule[$id]['interface']); - snort_stop($a_rule[$id], $oif_real); - exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']); + $oif_real = get_real_interface($a_rule[$id]['interface']); + if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { + snort_stop($a_rule[$id], $oif_real); + $snort_start = true; + } + else + $snort_start = false; + exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); - exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; @@ -264,6 +281,10 @@ if ($_POST["Submit"]) { /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); + /* See if we need to restart Snort after an interface re-assignment */ + if ($snort_start == true) + snort_start($natent, $if_real); + /*******************************************************/ /* Signal Snort to reload configuration if we changed */ /* HOME_NET, EXTERNAL_NET or Suppress list values. */ @@ -284,21 +305,18 @@ if ($_POST["Submit"]) { $pconfig = $_POST; } -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?php include("fbegin.inc"); -<?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { @@ -306,7 +324,8 @@ include_once("head.inc"); } ?> -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> +<form action="snort_interfaces_edit.php" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -314,12 +333,13 @@ include_once("head.inc"); $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -328,9 +348,10 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -345,7 +366,7 @@ include_once("head.inc"); if ($pconfig['enable'] == "on") $checked = "checked"; echo " - <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"> + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"/> " . gettext("Enable or Disable") . "\n"; ?> <br/> @@ -368,15 +389,15 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td> <td width="78%" class="vtable"><input name="descr" type="text" - class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/> + class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/><br/> <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> -</tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td> - <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>> + <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> <?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td> </tr> <tr> @@ -384,14 +405,14 @@ include_once("head.inc"); <td width="78%" class="vtable"> <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> - onClick="enable_blockoffenders()"> + onClick="enable_blockoffenders();" /> <?php echo gettext("Checking this option will automatically block hosts that generate a " . "Snort alert."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td> <td width="78%" class="vtable"> - <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>> + <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/> <?php echo gettext("Checking this option will kill firewall states for the blocked IP"); ?> </td> </tr> @@ -410,12 +431,12 @@ include_once("head.inc"); ?> </select> <?php echo gettext("Select which IP extracted from the packet you wish to block"); ?><br/> - <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> + <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/> </td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td> -</tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Search Method"); ?></td> <td width="78%" class="vtable"> @@ -442,7 +463,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Split ANY-ANY"); ?></td> <td width="78%" class="vtable"> - <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>> + <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>/> <?php echo gettext("Enable splitting of ANY-ANY port group.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This setting is a memory/performance trade-off. It reduces memory footprint by not " . @@ -454,7 +475,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Search Optimize"); ?></td> <td width="78%" class="vtable"> - <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>> + <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>/> <?php echo gettext("Enable search optimization.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This setting optimizes fast pattern memory when used with search-methods AC or AC-SPLIT " . @@ -465,7 +486,7 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Inserts"); ?></td> <td width="78%" class="vtable"> - <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>> + <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>/> <?php echo gettext("Do not evaluate stream inserted packets against the detection engine.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This is a potential performance improvement based on the idea the stream rebuilt packet " . @@ -475,15 +496,14 @@ include_once("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Checksum Check Disable"); ?></td> <td width="78%" class="vtable"> - <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>> + <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>/> <?php echo gettext("Disable checksum checking within Snort to improve performance."); ?> <br><span class="red"><?php echo gettext("Hint: ") . "</span>" . gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?> </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks " . - "Snort should inspect and whitelist."); ?></td> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks Snort should inspect and whitelist"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td> @@ -545,11 +565,11 @@ include_once("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td> <td width="78%" class="vtable"> <select name="whitelistname" class="formselect" id="whitelistname"> <?php - /* find whitelist names and filter by type, make sure to track by uuid */ + /* find whitelist (Pass List) names and filter by type, make sure to track by uuid */ echo "<option value='default' >default</option>\n"; if (is_array($snortglob['whitelist']['item'])) { foreach ($snortglob['whitelist']['item'] as $value) { @@ -562,19 +582,19 @@ include_once("head.inc"); } ?> </select> - <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')" - id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','passlist')" + id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> - <span class="vexpl"><?php echo gettext("Choose the whitelist you want this interface to " . + <span class="vexpl"><?php echo gettext("Choose the Pass List you want this interface to " . "use."); ?> </span><br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> - <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . - "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("The default " . + "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> </td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired."); ?></td> -</tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression and Filtering"); ?></td> <td width="78%" class="vtable"> @@ -602,29 +622,28 @@ include_once("head.inc"); gettext("Default option disables suppression and filtering."); ?> </td> </tr> -<tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " . - "be automatically inserted into the Snort configuration."); ?></td> -</tr> -<tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td> - <td width="78%" class="vtable"> - <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> -</tr> -<tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " . + "be automatically inserted into the Snort configuration."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td> + <td width="78%" class="vtable"> + <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> - <input name="id" type="hidden" value="<?=$id;?>"/> - </td> -</tr> -<tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . - gettext("Please save your settings before you attempt to start Snort."); ?> - </td> -</tr> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . + gettext("Please save your settings before you attempt to start Snort."); ?> + </td> + </tr> </table> </div> </td></tr> @@ -684,11 +703,12 @@ function getSelectedValue(elemID) { function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { - elemType = "whitelist"; + elemType = "passlist"; } var url = "snort_list_view.php?id=" + id + "&wlist="; url = url + getSelectedValue(elemID) + "&type=" + elemType; - wopen(url, 'WhitelistViewer', 640, 480); + url = url + "&time=" + new Date().getTime(); + wopen(url, 'PassListViewer', 640, 480); } enable_change(false); diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index b22a6934..99c8313d 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -5,6 +5,7 @@ * * Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Copyright (C) 2008-2009 Robert Zelaya @@ -42,23 +43,26 @@ global $g; $snortdir = SNORTDIR; /* make things short */ -$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; +$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off'; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; $pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; -$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; -$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro']; +$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off'; +$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off'; $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; $pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; $pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; $pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; -$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules']; +$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off'; +$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off'; +$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs'] == "on" ? 'on' : 'off'; +$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; +/* Set sensible values for any empty default params */ if (empty($pconfig['snortloglimit'])) $pconfig['snortloglimit'] = 'on'; -if (empty($pconfig['rule_update_starttime'])) - $pconfig['rule_update_starttime'] = '00:30'; +if (!isset($pconfig['rule_update_starttime'])) + $pconfig['rule_update_starttime'] = '00:05'; if ($_POST['rule_update_starttime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime'])) @@ -73,12 +77,14 @@ if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code'])) /* if no errors move foward with save */ if (!$input_errors) { - if ($_POST["Submit"]) { + if ($_POST["save"]) { $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start @@ -187,10 +193,11 @@ if ($input_errors) $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -268,7 +275,7 @@ if ($input_errors) <tr> <td> </td> <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . " " . - gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td> + gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are automatically disabled when the ETPro rules are selected."); ?></td> </tr> </table> <table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> @@ -310,11 +317,11 @@ if ($input_errors) <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td> <td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4" - maxlength="5" value="<?=$pconfig['rule_update_starttime'];?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl"> + maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl"> <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" . - gettext("Default") . " </strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/> + gettext("Default") . " </strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/> <?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " . - "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td> + "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> @@ -322,7 +329,7 @@ if ($input_errors) <tr> <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . - "Limit"); ?><br/> + "Limit"); ?><br/><br/> <br/> <br/> <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> @@ -368,6 +375,18 @@ if ($input_errors) <?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td> + <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/> + <?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files After Deinstall"); ?></td> + <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/> + <?php echo gettext("All Snort log files will be removed during package deinstallation."); ?></td> +</tr> +<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td> <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" @@ -377,7 +396,7 @@ if ($input_errors) <tr> <td width="22%" valign="top"> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" > + <input name="save" type="submit" class="formbtn" value="Save" > </td> </tr> <tr> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index e42b7f8c..216b93c6 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -46,7 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; $id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); - function snort_suppresslist_used($supplist) { /****************************************************************/ @@ -69,14 +68,14 @@ function snort_suppresslist_used($supplist) { return false; } -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - if (snort_suppresslist_used($a_suppress[$_GET['id']]['name'])) { - $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!"); +if ($_POST['del']) { + if ($a_suppress[$_POST['list_id']] && is_numericint($_POST['list_id'])) { + /* make sure list is not being referenced by any Snort interfaces */ + if (snort_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) { + $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to a Snort interface and cannot be removed! Unassign it from all Snort interfaces first."); } else { - unset($a_suppress[$_GET['id']]); + unset($a_suppress[$_POST['list_id']]); write_config(); header("Location: /snort/snort_interfaces_suppress.php"); exit; @@ -93,14 +92,16 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} if ($input_errors) { print_input_errors($input_errors); } +if ($savemsg) + print_info_box($savemsg); ?> -<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<form action="/snort/snort_interfaces_suppress.php" method="post"> +<input type="hidden" name="list_id" id="list_id" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -110,10 +111,11 @@ if ($input_errors) { $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -137,15 +139,13 @@ if ($input_errors) { <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a - href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td> - <td><a - href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td> + <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?php echo gettext("Edit Suppress List"); ?>"></a></td> + <td><input type="image" name="del[]" + onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete Suppress List");?>"/></td> </tr> </table> </td> @@ -160,7 +160,7 @@ if ($input_errors) { <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td> + width="17" height="17" border="0" title="<?php echo gettext("Add a new list"); ?>"></a></td> </tr> </table> </td> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 3d703987..370fa017 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -10,6 +10,7 @@ * * modified for the pfsense snort package * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -37,7 +38,6 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); - if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); $snortglob = $config['installedpackages']['snortglobal']; @@ -48,9 +48,16 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) $config['installedpackages']['snortglobal']['suppress']['item'] = array(); $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +/* Should never be called without identifying list index, so bail */ +if (is_null($id)) { + header("Location: /snort/snort_interfaces_suppress.php"); + exit; +} /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { @@ -77,7 +84,7 @@ if (isset($id) && $a_suppress[$id]) { $pconfig['uuid'] = uniqid(); } -if ($_POST['submit']) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -152,10 +159,11 @@ if ($savemsg) $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -204,7 +212,7 @@ if ($savemsg) </td> </tr> <tr> - <td colspan="2"><input id="submit" name="submit" type="submit" + <td colspan="2"><input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?> diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php deleted file mode 100644 index 9391eb85..00000000 --- a/config/snort/snort_interfaces_whitelist.php +++ /dev/null @@ -1,177 +0,0 @@ -<?php -/* - * snort_interfaces_whitelist.php - * - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) - $config['installedpackages']['snortglobal']['whitelist'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) - $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); -else - $id_gen = '0'; - -if ($_GET['act'] == "del") { - if ($a_whitelist[$_GET['id']]) { - /* make sure rule is not being referenced by any nat or filter rules */ - unset($a_whitelist[$_GET['id']]); - write_config(); - sync_snort_package_config(); - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } -} - -$pgtitle = gettext("Snort: Whitelists"); -include_once("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include_once("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($savemsg) print_info_box($savemsg); -?> - -<form action="/snort/snort_interfaces_whitelist.php" method="post"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); -?> - </td> -</tr> -<tr> - <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">File Name</td> - <td width="40%" class="listhdrr">Values</td> - <td width="40%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php foreach ($a_whitelist as $i => $list): ?> - <tr> - <td class="listlr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?></td> - <td class="listr" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?php - $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); - echo $addresses; - if(count($addresses) < 10) { - echo " "; - } else { - echo "..."; - } - ?></td> - <td class="listbg" - ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext("edit whitelist"); ?>"></a></td> - <td><a - href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" - onclick="return confirm('<?php echo gettext("Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!"); ?>')"><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="<?php echo gettext("delete whitelist"); ?>"></a></td> - </tr> - </table> - </td> - </tr> - <?php endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a - href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> -<br> -<table width="100%" border="0" cellpadding="1" - cellspacing="1"> - <tr> - <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> - <p><?php echo gettext("Here you can create whitelist files for your " . - "snort package rules."); ?><br> - <?php echo gettext("Please add all the ips or networks you want to protect against snort " . - "block decisions."); ?><br> - <?php echo gettext("Remember that the default whitelist only includes local networks."); ?><br> - <?php echo gettext("Be careful, it is very easy to get locked out of your system."); ?></p></span></td> - </tr> - <tr> - <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td> - </tr> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php deleted file mode 100644 index 882c2b6f..00000000 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ /dev/null @@ -1,324 +0,0 @@ -<?php -/* - * snort_interfaces_whitelist_edit.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -if ($_POST['cancel']) { - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; -} - -if (!is_array($config['installedpackages']['snortglobal']['whitelist'])) - $config['installedpackages']['snortglobal']['whitelist'] = array(); -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; -} - -if (empty($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'])) { - $whitelist_uuid = 0; - while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; - } -} else - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name)) - return true; - - return false; -} - -if (isset($id) && $a_whitelist[$id]) { - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_whitelist[$id]['name']; - $pconfig['uuid'] = $a_whitelist[$id]['uuid']; - $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['address'] = $a_whitelist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); - $pconfig['localnets'] = $a_whitelist[$id]['localnets']; - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; -} - -if ($_POST['submit']) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "name"); - $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = gettext("Whitelist file names may not be named defaultwhitelist."); - - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = gettext("Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); - - /* check for name conflicts */ - foreach ($a_whitelist as $w_list) { - if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) - continue; - - if ($w_list['name'] == $_POST['name']) { - $input_errors[] = gettext("A whitelist file name with this name already exists."); - break; - } - } - - if ($_POST['address']) - if (!is_alias($_POST['address'])) - $input_errors[] = gettext("A valid alias must be provided"); - - if (!$input_errors) { - $w_list = array(); - /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $whitelist_uuid; - $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $_POST['address']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; - - if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; - else - $a_whitelist[] = $w_list; - - write_config(); - - /* create whitelist and homenet file then sync files */ - sync_snort_package_config(); - - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; - } -} - -$pgtitle = gettext("Snort: Whitelist Edit - {$a_whitelist[$id]['name']}"); -include_once("head.inc"); -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > - -<?php -include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($input_errors) print_input_errors($input_errors); -if ($savemsg) - print_info_box($savemsg); -?> -<script type="text/javascript" src="/javascript/autosuggest.js"> -</script> -<script type="text/javascript" src="/javascript/suggestions.js"> -</script> -<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); - $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); - $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); - $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); -?> - </td> -</tr> -<tr><td><div id="mainarea"> -<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " . - "description of the file."); ?></td> - </tr> - <tr> - <td valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td> - <td class="vtable"><input name="name" type="text" id="name" class="formfld unknown" - size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> - <span class="vexpl"> <?php echo gettext("The list name may only consist of the " . - "characters \"a-z, A-Z, 0-9 and _\"."); ?> <span class="red"><?php echo gettext("Note:"); ?> </span> - <?php echo gettext("No Spaces or dashes."); ?> </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td> - <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown" - id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> - <span class="vexpl"> <?php echo gettext("You may enter a description here for your " . - "reference (not parsed)."); ?> </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td> - <td width="78%" class="vtable"><input name="localnets" type="checkbox" - id="localnets" size="40" value="yes" - <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td> - <td width="78%" class="vtable"><input name="wanips" type="checkbox" - id="wanips" size="40" value="yes" - <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td> - <td width="78%" class="vtable"><input name="wangateips" - type="checkbox" id="wangateips" size="40" value="yes" - <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add WAN Gateways to the list."); ?> </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN DNS servers"); ?></td> - <td width="78%" class="vtable"><input name="wandnsips" - type="checkbox" id="wandnsips" size="40" value="yes" - <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add WAN DNS servers to the list."); ?> </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Virtual IP Addresses"); ?></td> - <td width="78%" class="vtable"><input name="vips" type="checkbox" - id="vips" size="40" value="yes" - <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add Virtual IP Addresses to the list."); ?> </span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("VPNs"); ?></td> - <td width="78%" class="vtable"><input name="vpnips" type="checkbox" - id="vpnips" size="40" value="yes" - <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add VPN Addresses to the list."); ?> </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"> - <div id="addressnetworkport"><?php echo gettext("Alias Name:"); ?></div> - </td> - <td width="78%" class="vtable"> - <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" - title="<?=trim(filter_expand_alias($pconfig['address']));?>" /> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" - title="<?php echo gettext("Select an existing IP alias");?>"/> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" /> - <input name="id" type="hidden" value="<?=$id;?>" /> - </td> - </tr> -</table> -</div> -</td></tr> -</table> -</form> -<script type="text/javascript"> -<?php - $isfirst = 0; - $aliases = ""; - $addrisfirst = 0; - $aliasesaddr = ""; - if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) - foreach($config['aliases']['alias'] as $alias_name) { - if ($alias_name['type'] != "host" && $alias_name['type'] != "network") - continue; - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } -?> - - var addressarray=new Array(<?php echo $aliasesaddr; ?>); - -function createAutoSuggest() { -<?php - echo "objAlias = new AutoSuggestControl(document.getElementById('address'), new StateSuggestions(addressarray));\n"; -?> -} - -setTimeout("createAutoSuggest();", 500); - -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php index 856367ef..8c3d0134 100644 --- a/config/snort/snort_list_view.php +++ b/config/snort/snort_list_view.php @@ -4,6 +4,7 @@ * * Copyright (C) 2004, 2005 Scott Ullrich * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) @@ -41,23 +42,29 @@ global $g, $config; $contents = ''; -$id = $_GET['id']; -$wlist = $_GET['wlist']; -$type = $_GET['type']; +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +$wlist = htmlspecialchars($_GET['wlist']); +$type = htmlspecialchars($_GET['type']); +$title = "List"; if (isset($id) && isset($wlist)) { $a_rule = $config['installedpackages']['snortglobal']['rule'][$id]; if ($type == "homenet") { $list = snort_build_list($a_rule, $wlist); $contents = implode("\n", $list); + $title = "HOME_NET"; } - elseif ($type == "whitelist") { + elseif ($type == "passlist") { $list = snort_build_list($a_rule, $wlist, true); $contents = implode("\n", $list); + $title = "Pass List"; } elseif ($type == "suppress") { $list = snort_find_list($wlist, $type); $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); + $title = "Suppress List"; } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); @@ -65,35 +72,32 @@ if (isset($id) && isset($wlist)) { else $contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!"); -$pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer")); +$pgtitle = array(gettext("Snort"), gettext($title . " Viewer")); ?> <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> -<form action="snort_whitelist_view.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> - <td class="pgtitle" colspan="2">Snort: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td> + <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td> </tr> <tr> <td align="left" width="20%"> <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext(ucfirst($type) . ": ") . '</b> ' . $_GET['wlist']; ?> + <b><?php echo gettext($title . ": ") . '</b> ' . htmlspecialchars($_GET['wlist']); ?> </td> </tr> <tr> <td colspan="2" valign="top" class="label"> <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea> </div> </td> </tr> @@ -101,7 +105,5 @@ $pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer")); </td> </tr> </table> -</form> -<?php // include("fend.inc");?> </body> </html> diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php deleted file mode 100644 index beec1aa7..00000000 --- a/config/snort/snort_log_view.php +++ /dev/null @@ -1,93 +0,0 @@ -<?php -/* - * snort_log_view.php - * - * Copyright (C) 2004, 2005 Scott Ullrich - * Copyright (C) 2011 Ermal Luci - * All rights reserved. - * - * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) - * Copyright (C) 2006-2009 Volker Theile - * - * Adapted for Pfsense Snort package by Robert Zelaya - * Copyright (C) 2008-2009 Robert Zelaya - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$contents = ''; - -// Read the contents of the argument passed to us. -// Is it a fully qualified path and file? -$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401); -if (file_exists($logfile)) - if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) - $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!"); - else - $contents = file_get_contents($logfile); -// It is not something we can display, so print an error. -else - $contents = gettext("\n\nERROR -- File: {$logfile} not found!"); - -$pgtitle = array(gettext("Snort"), gettext("Log File Viewer")); -?> - -<?php include("head.inc");?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> - -<form action="snort_log_view.php" method="post"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td class="tabcont"> - <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> - <tr> - <td class="pgtitle" colspan="2">Snort: Log File Viewer</td> - </tr> - <tr> - <td align="left" width="20%"> - <input type="button" class="formbtn" value="Return" onclick="window.close()"> - </td> - <td align="right"> - <b><?php echo gettext("Log File: ") . '</b> ' . $logfile; ?> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="label"> - <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea> - </div> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php // include("fend.inc");?> -</body> -</html> diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 945ddd04..c2b46cd5 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -96,13 +96,15 @@ function snort_build_new_conf($snortcfg) { if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; + conf_mount_rw(); + /* See if we should protect and not modify the preprocessor rules files */ if (!empty($snortcfg['protect_preproc_rules'])) $protect_preproc_rules = $snortcfg['protect_preproc_rules']; else $protect_preproc_rules = "off"; - $if_real = snort_get_real_interface($snortcfg['interface']); + $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; @@ -162,8 +164,18 @@ function snort_build_new_conf($snortcfg) { /* define snortunifiedlog */ $snortunifiedlog_type = ""; - if ($snortcfg['snortunifiedlog'] == "on") - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; + if ($snortcfg['barnyard_enable'] == "on") { + if (isset($snortcfg['unified2_log_limit'])) + $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; + else + $u2_log_limit = "limit 128"; + + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; + if ($snortcfg['barnyard_log_vlan_events'] == 'on') + $snortunifiedlog_type .= ", vlan_event_types"; + if ($snortcfg['barnyard_log_mpls_events'] == 'on') + $snortunifiedlog_type .= ", mpls_event_types"; + } /* define spoink */ $spoink_type = ""; @@ -721,6 +733,49 @@ preprocessor sensitive_data: \ EOD; + /* define IP Reputation preprocessor */ + if (is_array($snortcfg['blist_files']['item'])) { + $blist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['blist_files']['item'] as $blist) { + if ($bIsFirst) { + $blist_files .= "blacklist " . IPREP_PATH . $blist; + $bIsFirst = FALSE; + } + else + $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist; + } + } + if (is_array($snortcfg['wlist_files']['item'])) { + $wlist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['wlist_files']['item'] as $wlist) { + if ($bIsFirst) { + $wlist_files .= "whitelist " . IPREP_PATH . $wlist; + $bIsFirst = FALSE; + } + else + $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist; + } + } + if (!empty($blist_files)) + $ip_lists = $blist_files; + if (!empty($wlist_files)) + $ip_lists .= ", \\ \n" . $wlist_files; + if ($snortcfg['iprep_scan_local'] == 'on') + $ip_lists .= ", \\ \n\tscan_local"; + + $reputation_preproc = <<<EOD +# IP Reputation preprocessor # +preprocessor reputation: \ + memcap {$snortcfg['iprep_memcap']}, \ + priority {$snortcfg['iprep_priority']}, \ + nested_ip {$snortcfg['iprep_nested_ip']}, \ + white {$snortcfg['iprep_white']}, \ + {$ip_lists} + +EOD; + /* define servers as IP variables */ $snort_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", @@ -751,11 +806,11 @@ EOD; "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" ); $snort_preproc = array ( - "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", - "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc" + "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", + "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc" ); $default_disabled_preprocs = array( - "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc" + "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat" ); $snort_preprocessors = ""; foreach ($snort_preproc as $preproc) { @@ -1213,7 +1268,7 @@ EOD; ipvar HOME_NET [{$home_net}] ipvar EXTERNAL_NET [{$external_net}] -# Define Rule Paths # +# Define Rule Path # var RULE_PATH {$snortcfgdir}/rules # Define Servers # @@ -1305,13 +1360,8 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src EOD; // Write out snort.conf file - $conf = fopen("{$snortcfgdir}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open {$snortcfgdir}/snort.conf for writing."); - return -1; - } - fwrite($conf, $snort_conf_text); - fclose($conf); + file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); + conf_mount_ro(); unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); } @@ -1326,14 +1376,14 @@ if(is_process_running("snort")) { exec("/usr/bin/killall -z snort"); sleep(2); // Delete any leftover snort PID files in /var/run - array_map('@unlink', glob("/var/run/snort_*.pid")); + unlink_if_exists("/var/run/snort_*.pid"); } // Hard kill any running Barnyard2 processes if(is_process_running("barnyard")) { exec("/usr/bin/killall -z barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - array_map('@unlink', glob("/var/run/barnyard2_*.pid")); + unlink_if_exists("/var/run/barnyard2_*.pid"); } /* Set flag for post-install in progress */ @@ -1362,46 +1412,68 @@ foreach ($preproc_rules as $file) { @unlink("{$rcdir}/snort.sh"); @unlink("{$rcdir}/barnyard2"); +/* Create required log and db directories in /var */ +safe_mkdir(SNORTLOGDIR); +safe_mkdir(IPREP_PATH); + +/* If installed, absorb the Snort Dashboard Widget into this package */ +/* by removing it as a separately installed package. */ +$pkgid = get_pkg_id("Dashboard Widget: Snort"); +if ($pkgid >= 0) { + log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package.")); + unset($config['installedpackages']['package'][$pkgid]); + unlink_if_exists("/usr/local/pkg/widget-snort.xml"); + write_config(); +} + +/* Define a default Dashboard Widget Container for Snort */ +$snort_widget_container = "snort_alerts-container:col2:close"; + /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); /* Do one-time settings migration for new multi-engine configurations */ - update_output_window(gettext("Please wait... migrating settings to new multi-engine configuration...")); - include('/usr/local/pkg/snort/snort_migrate_config.php'); + update_output_window(gettext("Please wait... migrating settings to new configuration...")); + include('/usr/local/www/snort/snort_migrate_config.php'); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Snort] Downloading and updating configured rule types...")); update_output_window(gettext("Please wait... downloading and updating configured rule types...")); if ($pkg_interface <> "console") $snort_gui_include = true; - include('/usr/local/pkg/snort/snort_check_for_rule_updates.php'); + include('/usr/local/www/snort/snort_check_for_rule_updates.php'); update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = true; /* Create the snort.conf files for each enabled interface */ $snortconf = $config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as $value) { - $if_real = snort_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); /* create a snort.conf file for interface */ snort_build_new_conf($value); /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') - snort_create_barnyard2_conf($value, $if_real); + snort_generate_barnyard2_conf($value, $if_real); } /* create snort bootup file snort.sh */ snort_create_rc(); /* Set Log Limit, Block Hosts Time and Rules Update Time */ - snort_snortloglimit_install_cron($config['installedpackages']['snortglobal']['snortloglimit'] == 'on' ? true : false); + snort_snortloglimit_install_cron(true); snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false); /* Add the recurring jobs created above to crontab */ configure_cron(); + /* Restore the last Snort Dashboard Widget setting if none is set */ + if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) && + stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) + $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget']; + $rebuild_rules = false; update_output_window(gettext("Finished rebuilding Snort configuration files...")); log_error(gettext("[Snort] Finished rebuilding installation from saved settings...")); @@ -1416,8 +1488,13 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { } } +/* If an existing Snort Dashboard Widget container is not found, */ +/* then insert our default Widget Dashboard container. */ +if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) + $config['widgets']['sequence'] .= ",{$snort_widget_container}"; + /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5"; write_config(); /* Done with post-install, so clear flag */ diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 26b37e81..6c3dc90f 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -6,7 +6,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -38,9 +38,11 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortlogdir = SNORTLOGDIR; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; @@ -66,6 +68,8 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_clie $a_nat = &$config['installedpackages']['snortglobal']['rule']; $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload']; + +// Calculate the "next engine ID" to use for the multi-config engine arrays $frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']); $stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']); $http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']); @@ -73,170 +77,9 @@ $ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']); $ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']); $pconfig = array(); -if (isset($id) && $a_nat[$id]) { +if (isset($id) && isset($a_nat[$id])) { $pconfig = $a_nat[$id]; - /* Get current values from config for page form fields */ - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table']; - $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; - $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts']; - $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host']; - $pconfig['max_paf'] = $a_nat[$id]['max_paf']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type']; - $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted']; - $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted']; - $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize']; - $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies']; - $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol']; - $pconfig['pscan_type'] = $a_nat[$id]['pscan_type']; - $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level']; - $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap']; - $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data']; - $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type']; - $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold']; - $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output']; - $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc']; - $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc']; - $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc']; - $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc']; - $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc']; - $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc']; - $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc']; - $pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc']; - $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable']; - $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules']; - - // Frag3 global settings - $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection']; - $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags']; - $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap']; - - // See if new Frag3 engine array is configured and use it; - // otherwise create a default engine configuration. - if (empty($pconfig['frag3_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", - "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", - "overlap_limit" => 0, "min_frag_len" => 0 ); - $pconfig['frag3_engine']['item'] = array(); - $pconfig['frag3_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['frag3_engine']['item'])) - $a_nat[$id]['frag3_engine']['item'] = array(); - $a_nat[$id]['frag3_engine']['item'][] = $default; - write_config(); - $frag3_engine_next_id++; - } - else - $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine']; - - // Stream5 global settings - $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly']; - $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert']; - $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max']; - $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap']; - $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp']; - $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp']; - $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp']; - $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp']; - $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout']; - $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp']; - $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp']; - $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout']; - - // See if new Stream5 engine array is configured and use it; - // otherwise create a default engine configuration. - if (empty($pconfig['stream5_tcp_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, - "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, - "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, - "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off", - "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default", - "ports_both" => "default", "ports_server" => "none" ); - $pconfig['stream5_tcp_engine']['item'] = array(); - $pconfig['stream5_tcp_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['stream5_tcp_engine']['item'])) - $a_nat[$id]['stream5_tcp_engine']['item'] = array(); - $a_nat[$id]['stream5_tcp_engine']['item'][] = $default; - write_config(); - $stream5_tcp_engine_next_id++; - } - else - $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine']; - - // HTTP_INSPECT global settings - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap']; - $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert']; - $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem']; - - // See if new HTTP_INSPECT engine array is configured and use it; - // otherwise create a default engine configuration. - if (empty($pconfig['http_inspect_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", - "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", - "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", - "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", - "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", - "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, - "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); - $pconfig['http_inspect_engine']['item'] = array(); - $pconfig['http_inspect_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['http_inspect_engine']['item'])) - $a_nat[$id]['http_inspect_engine']['item'] = array(); - $a_nat[$id]['http_inspect_engine']['item'][] = $default; - write_config(); - $http_inspect_engine_next_id++; - } - else - $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine']; - - // See if new FTP client engine array is configured and use it; - // otherwise create a default engine configuration.. - if (empty($pconfig['ftp_client_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); - $pconfig['ftp_client_engine']['item'] = array(); - $pconfig['ftp_client_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['ftp_client_engine']['item'])) - $a_nat[$id]['ftp_client_engine']['item'] = array(); - $a_nat[$id]['ftp_client_engine']['item'][] = $default; - write_config(); - $ftp_client_engine_next_id++; - } - else - $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine']; - - // See if new FTP server engine array is configured and use it; - // otherwise create a default engine configuration.. - if (empty($pconfig['ftp_server_engine']['item'])) { - $default = array( "name" => "default", "bind_to" => "all", "ports" => "default", - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "ignore_data_chan" => "no", "def_max_param_len" => 100 ); - $pconfig['ftp_server_engine']['item'] = array(); - $pconfig['ftp_server_engine']['item'][] = $default; - if (!is_array($a_nat[$id]['ftp_server_engine']['item'])) - $a_nat[$id]['ftp_server_engine']['item'] = array(); - $a_nat[$id]['ftp_server_engine']['item'][] = $default; - write_config(); - $ftp_server_engine_next_id++; - } - else - $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine']; - - /* If not using the Snort VRT rules, then disable */ - /* the Sensitive Data (sdf) preprocessor. */ - if ($vrt_enabled == "off") - $pconfig['sensitive_data'] = "off"; - /************************************************************/ /* To keep new users from shooting themselves in the foot */ /* enable the most common required preprocessors by default */ @@ -264,12 +107,14 @@ if (isset($id) && $a_nat[$id]) { $pconfig['ftp_telnet_detect_anomalies'] = 'on'; if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0) $pconfig['ftp_telnet_ayt_attack_threshold'] = '20'; + if (empty($pconfig['sdf_alert_data_type'])) $pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers"; if (empty($pconfig['sdf_alert_threshold'])) $pconfig['sdf_alert_threshold'] = '25'; if (empty($pconfig['sdf_mask_output'])) $pconfig['sdf_mask_output'] = 'off'; + if (empty($pconfig['smtp_preprocessor'])) $pconfig['smtp_preprocessor'] = 'on'; if (empty($pconfig['dce_rpc_2'])) @@ -340,36 +185,56 @@ if (isset($id) && $a_nat[$id]) { $pconfig['pscan_sense_level'] = 'medium'; } -/* Define the "disabled_preproc_rules.log" file for this interface */ -$iface = snort_get_friendly_interface($pconfig['interface']); -$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log"; +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); -if ($_GET['act'] && isset($_GET['eng_id'])) { +/* Define the "disabled_preproc_rules.log" file for this interface */ +$disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log"; - $natent = array(); - $natent = $pconfig; +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} - if ($_GET['act'] == "del_frag3") - unset($natent['frag3_engine']['item'][$_GET['eng_id']]); - elseif ($_GET['act'] == "del_stream5_tcp") - unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]); - elseif ($_GET['act'] == "del_http_inspect") - unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]); - elseif ($_GET['act'] == "del_ftp_server") - unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]); - - if (isset($id) && $a_nat[$id]) { - $a_nat[$id] = $natent; +// Handle deleting of any of the multiple configuration engines +if ($_POST['del_http_inspect']) { + if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) { + unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]); write_config(); + header("Location: snort_preprocessors.php?id=$id#httpinspect_row"); + exit; } - - header("Location: snort_preprocessors.php?id=$id"); - exit; } - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; +elseif ($_POST['del_frag3']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]); + write_config(); + header("Location: snort_preprocessors.php?id=$id#frag3_row"); + exit; + } +} +elseif ($_POST['del_stream5_tcp']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]); + write_config(); + header("Location: snort_preprocessors.php?id=$id#stream5_row"); + exit; + } +} +elseif ($_POST['del_ftp_client']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]); + write_config(); + header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); + exit; + } +} +elseif ($_POST['del_ftp_server']) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { + unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]); + write_config(); + header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); + exit; + } } if ($_POST['ResetAll']) { @@ -434,7 +299,8 @@ if ($_POST['ResetAll']) { /* Log a message at the top of the page to inform the user */ $savemsg = gettext("All preprocessor settings have been reset to their defaults."); } -elseif ($_POST['Submit']) { + +if ($_POST['save']) { $natent = array(); $natent = $pconfig; @@ -509,7 +375,7 @@ elseif ($_POST['Submit']) { $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off'; $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off'; - if (isset($id) && $a_nat[$id]) { + if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; write_config(); } @@ -524,7 +390,7 @@ elseif ($_POST['Submit']) { /* If 'preproc_auto_rule_disable' is off, then clear log file */ if ($natent['preproc_auto_rule_disable'] == 'off') - @unlink("{$disabled_rules_log}"); + unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}"); /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ @@ -543,14 +409,19 @@ elseif ($_POST['Submit']) { header("Location: snort_preprocessors.php?id=$id"); exit; } + else + $pconfig = $_POST; } -elseif ($_POST['btn_import']) { + +if ($_POST['btn_import']) { if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) { $data = file_get_contents($_FILES['host_attribute_file']['tmp_name']); - if ($data === false) + if ($data === false) { $input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!"); + $pconfig = $_POST; + } else { - if (isset($id) && $a_nat[$id]) { + if (isset($id) && isset($a_nat[$id])) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['host_attribute_data'] = base64_encode($data); $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; @@ -567,11 +438,14 @@ elseif ($_POST['btn_import']) { exit; } } - else + else { $input_errors[] = gettext("No filename specified for import!"); + $pconfig = $_POST; + } } -elseif ($_POST['btn_edit_hat']) { - if (isset($id) && $a_nat[$id]) { + +if ($_POST['btn_edit_hat']) { + if (isset($id) && isset($a_nat[$id])) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; @@ -586,26 +460,21 @@ elseif ($_POST['btn_edit_hat']) { if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data'])) $input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file."); -$if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow"); include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()"> -<?php include("fbegin.inc"); ?> -<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - +<?php include("fbegin.inc"); - /* Display Alert message */ - - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - - if ($savemsg) { - print_info_box($savemsg); - } +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} ?> <script type="text/javascript" src="/javascript/autosuggest.js"> @@ -613,8 +482,9 @@ include_once("head.inc"); <script type="text/javascript" src="/javascript/suggestions.js"> </script> -<form action="snort_preprocessors.php" method="post" - enctype="multipart/form-data" name="iform" id="iform"> +<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> +<input name="eng_id" id="eng_id" type="hidden" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -622,23 +492,25 @@ include_once("head.inc"); $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -694,7 +566,7 @@ include_once("head.inc"); "disabled preprocessors, but can substantially compromise the level of protection by " . "automatically disabling detection rules."); ?></td> </tr> - <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?> + <?php if (file_exists("{$snortlogdir}/{$disabled_rules_log}") && filesize("{$snortlogdir}/{$disabled_rules_log}") > 0): ?> <tr> <td width="3%"> </td> <td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);"> @@ -718,8 +590,8 @@ include_once("head.inc"); <tr id="host_attrib_table_data_row"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td> <td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/> - <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"> - <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/> + <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"/> + <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"/><br/> <?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/> <span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span> <?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank"> @@ -744,7 +616,7 @@ include_once("head.inc"); <table cellpadding="0" cellspacing="0"> <tr> <td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9" - value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"> + value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"/> <?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") . "<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" . gettext("524288") . "</strong>"; ?>.</td> @@ -761,7 +633,7 @@ include_once("head.inc"); <table cellpadding="0" cellspacing="0"> <tr> <td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9" - value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"> + value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"/> <?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") . "<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" . gettext("65535") . "</strong>"; ?>.</td> @@ -868,10 +740,10 @@ include_once("head.inc"); <td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>"> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a> - <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this server configuration");?>"></a> + <?php if ($v['bind_to'] <> "all") : ?> + <input type="image" name="del_http_inspect[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this server configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default server configuration cannot be deleted");?>"> @@ -937,9 +809,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this engine configuration");?>"></a> + <input type="image" name="del_frag3[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this engine configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default engine configuration cannot be deleted");?>"> @@ -1094,9 +966,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this TCP engine configuration");?>"></a> + <input type="image" name="del_stream5_tcp[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this TCP engine configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default engine configuration cannot be deleted");?>"> @@ -1329,9 +1201,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this FTP client configuration");?>"></a> + <input type="image" name="del_ftp_client[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this FTP client configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default client configuration cannot be deleted");?>"> @@ -1371,9 +1243,9 @@ include_once("head.inc"); <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a> <?php if ($v['bind_to'] <> "all") : ?> - <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" - title="<?=gettext("Delete this FTP server configuration");?>"></a> + <input type="image" name="del_ftp_server[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this FTP server configuration");?>"/> <?php else : ?> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="<?=gettext("Default server configuration cannot be deleted");?>"> @@ -1399,7 +1271,7 @@ include_once("head.inc"); <?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?> <br/> <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") . - "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?> + "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\">" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?> </td> </tr> <tr id="sdf_alert_data_row"> @@ -1533,9 +1405,9 @@ include_once("head.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo + <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Save preprocessor settings"); ?>"> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") . @@ -1582,8 +1454,6 @@ include_once("head.inc"); function createAutoSuggest() { <?php echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n"; ?> } diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index afc764fc..158999f9 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -37,38 +37,28 @@ global $g, $rebuild_rules; $snortdir = SNORTDIR; $rules_map = array(); +$categories = array(); $pconfig = array(); if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_rule = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; + header("Location: /snort/snort_interfaces.php"); + exit; } -if (isset($id) && $a_rule[$id]) { +if (isset($id) && isset($a_rule[$id])) { $pconfig['interface'] = $a_rule[$id]['interface']; $pconfig['rulesets'] = $a_rule[$id]['rulesets']; } -function truncate($string, $length) { - - /******************************** - * This function truncates the * - * passed string to the length * - * specified adding ellipsis if * - * truncation was necessary. * - ********************************/ - if (strlen($string) > $length) - $string = substr($string, 0, ($length - 2)) . "..."; - return $string; -} - function add_title_attribute($tag, $title) { /******************************** @@ -102,15 +92,19 @@ function add_title_attribute($tag, $title) { } /* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +$if_real = get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off'; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; $etprodownload = $config['installedpackages']['snortglobal']['emergingthreats_pro']; -$categories = explode("||", $pconfig['rulesets']); -// add the standard rules files to the categories list +// Add any previously saved rules files to the categories array +if (!empty($pconfig['rulesets'])) + $categories = explode("||", $pconfig['rulesets']); + +// add the standard rules files to the categories array $categories[] = "custom.rules"; $categories[] = "decoder.rules"; $categories[] = "preprocessor.rules"; @@ -121,20 +115,19 @@ if ($a_rule[$id]['autoflowbitrules'] == 'on') $categories[] = "Auto-Flowbit Rules"; natcasesort($categories); -if ($_GET['openruleset']) - $currentruleset = $_GET['openruleset']; -else if ($_POST['openruleset']) +if (isset($_POST['openruleset'])) $currentruleset = $_POST['openruleset']; +elseif (isset($_GET['openruleset'])) + $currentruleset = htmlspecialchars($_GET['openruleset']); else - $currentruleset = $categories[0]; + $currentruleset = $categories[key($categories)]; /* One last sanity check -- if the rules directory is empty, default to loading custom rules */ $tmp = glob("{$snortdir}/rules/*.rules"); if (empty($tmp)) $currentruleset = "custom.rules"; -$ruledir = "{$snortdir}/rules"; -$rulefile = "{$ruledir}/{$currentruleset}"; +$rulefile = "{$snortdir}/rules/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // If it is the auto-flowbits file, set the full path. @@ -157,13 +150,11 @@ if ($currentruleset != 'custom.rules') { $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']); -if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { - - // Get the GID tag embedded in the clicked rule icon. - $gid = $_GET['gid']; +if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { - // Get the SID tag embedded in the clicked rule icon. - $sid= $_GET['ids']; + // Get the GID:SID tags embedded in the clicked rule icon. + $gid = $_POST['gid']; + $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, // and toggle it back to default if present; otherwise, @@ -207,11 +198,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); - $_GET['openruleset'] = $currentruleset; $anchor = "rule_{$gid}_{$sid}"; } - -if ($_GET['act'] == "disable_all" && !empty($rules_map)) { +elseif ($_POST['disable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "disabled". foreach (array_keys($rules_map) as $k1) { @@ -248,13 +237,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "enable_all" && !empty($rules_map)) { +elseif ($_POST['enable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "enabled". foreach (array_keys($rules_map) as $k1) { @@ -290,13 +274,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { +elseif ($_POST['resetcategory'] && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { @@ -334,13 +313,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "resetall" && !empty($rules_map)) { +elseif ($_POST['resetall'] && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); @@ -348,23 +322,20 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_POST['clear']) { +else if ($_POST['cancel']) { + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} +elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); write_config(); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + $pconfig['customrules'] = ''; } - -if ($_POST['submit']) { +elseif ($_POST['save']) { + $pconfig['customrules'] = $_POST['customrules']; if ($_POST['customrules']) $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); else @@ -385,11 +356,12 @@ if ($_POST['submit']) { $input_errors[] = "Custom rules have errors:\n {$error}"; } else { - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + /* Soft-restart Snort to live-load new rules */ + snort_reload_config($a_rule[$id]); + $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); + $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); } } - else if ($_POST['apply']) { /* Save new configuration */ write_config(); @@ -404,29 +376,18 @@ else if ($_POST['apply']) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); - - /* Return to this same page */ - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; -} -else if ($_POST['cancel']) { - - /* Return to this same page */ - header("Location: /snort/snort_rules.php?id={$id}"); - exit; } require_once("guiconfig.inc"); include_once("head.inc"); -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); -if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display message */ if ($input_errors) { @@ -440,6 +401,10 @@ if ($savemsg) { ?> <form action="/snort/snort_rules.php" method="post" name="iform" id="iform"> +<input type='hidden' name='id' id='id' value='<?=$id;?>'/> +<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> +<input type='hidden' name='sid' id='sid' value=''/> +<input type='hidden' name='gid' id='gid' value=''/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -447,12 +412,13 @@ if ($savemsg) { $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array,true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -461,9 +427,10 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -471,20 +438,21 @@ if ($savemsg) { <tr> <td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td> </tr> - <tr> <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong> <select id="selectbox" name="selectbox" class="formselect" onChange="go()"> <?php foreach ($categories as $value) { - if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_") + if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX) + continue; + if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX) continue; - if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging") + if ($etprodownload != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX) continue; - if ($etprodownload != 'on' && substr($value, 0, 6) == "etpro-") + if ($snortcommunitydownload != 'on' && substr($value, 0, mb_strlen(GPL_FILE_PREFIX)) == GPL_FILE_PREFIX) continue; if (empty($value)) continue; - echo "<option value='?id={$id}&openruleset={$value}' "; + echo "<option value='{$value}' "; if ($value == $currentruleset) echo "selected"; echo ">{$value}</option>\n"; @@ -493,21 +461,18 @@ if ($savemsg) { </select> <?php echo gettext("Select the rule category to view"); ?> </td> </tr> - <?php if ($currentruleset == 'custom.rules'): ?> <tr> <td class="listtopic"><?php echo gettext("Defined Custom Rules"); ?></td> </tr> <tr> <td valign="top" class="vtable"> - <input type='hidden' name='openruleset' value='custom.rules'> - <input type='hidden' name='id' value='<?=$id;?>'> <textarea wrap="soft" cols="90" rows="40" name="customrules"><?=base64_decode($a_rule[$id]['customrules']);?></textarea> </td> </tr> <tr> <td> - <input name="submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/> + <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/> <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/> <input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/> </td> @@ -520,43 +485,50 @@ if ($savemsg) { <td class="vncell"> <table width="100%" align="center" border="0" cellpadding="0" cellspacing="0"> <tr> - <td rowspan="4" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn" - title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/> - <input type='hidden' name='id' value='<?=$id;?>'/> - <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/> + <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn" + title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/> <span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . - gettext("Snort must be restarted to activate any rule enable/disable changes made on this tab."); ?></span></td> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + gettext("When finished, click APPLY to save and send any SID enable/disable changes made on this tab to Snort."); ?></span></td> + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' - title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?> + title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?> <?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td> </tr> <tr> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' - title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?> + title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?> <?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td> </tr> <tr> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]' + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' - title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?> + title='" . gettext("Click to disable all rules in the selected category") . "'/>"?> <?php echo gettext("Disable all rules in the current Category"); ?></td> </tr> <tr> - <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'> - <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\" + <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]' + src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\" onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"' onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0' - title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?> + title='" . gettext("Click to enable all rules in the selected category") . "'/>"?> <?php echo gettext("Enable all rules in the current Category"); ?></td> </tr> + <tr> + <td class="vexpl" valign="middle"><a href="javascript: void(0)" + onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" width="15" height="15" <?php + echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> + title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a> + <?php echo gettext("View full file contents for the current Category"); ?></td> + </tr> <?php if ($currentruleset == 'Auto-Flowbit Rules'): ?> <tr> <td colspan="3"> </td> @@ -564,14 +536,13 @@ if ($savemsg) { <tr> <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" . gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") . - "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . + "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . gettext("clicking here") . ".</a>";?></td> </tr> <?php endif;?> </table> </td> </tr> - <tr> <td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td> </tr> @@ -579,18 +550,18 @@ if ($savemsg) { <td> <?php if ($currentruleset != 'decoder.rules' && $currentruleset != 'preprocessor.rules'): ?> + <table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="15" align="left" valign="middle"> + <col width="14" align="left" valign="middle"> <col width="6%" align="center" axis="number"> - <col width="8%" align="center" axis="number"> - <col width="54" align="center" axis="string"> + <col width="9%" align="center" axis="number"> + <col width="52" align="center" axis="string"> <col width="14%" align="center" axis="string"> - <col width="11%" align="center" axis="string"> + <col width="10%" align="center" axis="string"> <col width="14%" align="center" axis="string"> - <col width="11%" align="center" axis="string"> + <col width="10%" align="center" axis="string"> <col axis="string"> - <col width="22" align="right" valign="middle"> </colgroup> <thead> <tr> @@ -599,20 +570,13 @@ if ($savemsg) { <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Proto"); ?></th> <th class="listhdrr"><?php echo gettext("Source"); ?></th> - <th class="listhdrr"><?php echo gettext("Port"); ?></th> + <th class="listhdrr"><?php echo gettext("SPort"); ?></th> <th class="listhdrr"><?php echo gettext("Destination"); ?></th> - <th class="listhdrr"><?php echo gettext("Port"); ?></th> + <th class="listhdrr"><?php echo gettext("DPort"); ?></th> <th class="listhdrr"><?php echo gettext("Message"); ?></th> - <th class="list"><a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php - echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' - onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> - title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th> </tr> </thead> <tbody> - <?php $counter = $enable_cnt = $disable_cnt = 0; foreach ($rules_map as $k1 => $rulem) { @@ -660,51 +624,47 @@ if ($savemsg) { $dstspan = add_title_attribute($textss, $rule_content[5]); $dstprtspan = add_title_attribute($textss, $rule_content[6]); - $protocol = $rule_content[1]; //protocol field - $source = truncate($rule_content[2], 14); //source field - $source_port = truncate($rule_content[3], 10); //source port field - $destination = truncate($rule_content[5], 14); //destination field - $destination_port = truncate($rule_content[6], 10); //destination port field - $message = snort_get_msg($v['rule']); - - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss - <a id=\"rule_{$gid}_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&gid={$gid}&ids={$sid}'> - <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" - width=\"11\" height=\"11\" border=\"0\" - title='{$title}'></a> - $textse + $protocol = $rule_content[1]; //protocol field + $source = $rule_content[2]; //source field + $source_port = $rule_content[3]; //source port field + $destination = $rule_content[5]; //destination field + $destination_port = $rule_content[6]; //destination port field + $message = snort_get_msg($v['rule']); // description field + $sid_tooltip = gettext("View the raw text for this rule"); + + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/></a>{$textse} </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$gid}{$textse} </td> - <td class=\"listlr\" align=\"center\"> - {$textss}{$sid}{$textse} + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <a href=\"javascript: void(0)\" + onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" + title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$protocol}{$textse} </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$srcspan}{$source}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$srcprtspan}{$source_port}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$dstspan}{$destination}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$dstprtspan}{$destination_port}</span> </td> - <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\"> - {$textss}{$message}{$textse}</font> + <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$message}{$textse} </td>"; ?> - <td align="right" valign="middle" nowrap class="listt"> - <a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" - title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a> - </td> </tr> <?php $counter++; @@ -725,7 +685,6 @@ if ($savemsg) { <col width="22%" align="center" axis="string"> <col width="15%" align="center" axis="string"> <col align="left" axis="string"> - <col width="22" align="right" valign="middle"> </colgroup> <thead> <tr> @@ -735,12 +694,6 @@ if ($savemsg) { <th class="listhdrr"><?php echo gettext("Classification"); ?></th> <th class="listhdrr"><?php echo gettext("IPS Policy"); ?></th> <th class="listhdrr"><?php echo gettext("Message"); ?></th> - <th class="list"><a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php - echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' - onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> - title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th> </tr> </thead> <tbody> @@ -788,35 +741,30 @@ if ($savemsg) { else $policy = "none"; - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss - <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}&gid={$gid}'> - <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" - width=\"11\" height=\"11\" border=\"0\" - title='{$title}'></a> - $textse - </td> - <td class=\"listlr\" align=\"center\"> + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/>{$textse} + </td> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$gid}{$textse} </td> - <td class=\"listlr\" align=\"center\"> - {$textss}{$sid}{$textse} - </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <a href=\"javascript: void(0)\" + onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" + title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a> + </td> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$classtype}</span> </td> - <td class=\"listlr\" align=\"center\"> + <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$policy}</span> </td> - <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\"> - {$textss}{$message}{$textse}</font> + <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + {$textss}{$message}{$textse} </td>"; ?> - <td align="right" valign="middle" nowrap class="listt"> - <a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" - title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a> - </td> </tr> <?php $counter++; @@ -826,7 +774,9 @@ if ($savemsg) { ?> </tbody> </table> + <?php endif;?> + </td> </tr> <tr> @@ -875,10 +825,11 @@ if ($savemsg) { <script language="javascript" type="text/javascript"> function go() { - var box = document.iform.selectbox; - destination = box.options[box.selectedIndex].value; - if (destination) - location.href = destination; + var box = document.getElementById("selectbox"); + var ruleset = box.options[box.selectedIndex].value; + if (ruleset) + document.getElementById("openruleset").value = ruleset; + document.getElementById("iform").submit(); } function wopen(url, name, w, h) diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 61a9574a..49423440 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -41,28 +41,30 @@ require_once("/usr/local/pkg/snort/snort.inc"); $flowbit_rules_file = FLOWBITS_FILENAME; $snortdir = SNORTDIR; -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { - $config['installedpackages']['snortglobal']['rule'] = array(); -} -$a_rule = &$config['installedpackages']['snortglobal']['rule']; +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); -$id = $_GET['id']; +// If we were not passed a valid index ID, close the pop-up and exit if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); + echo '<html><body link="#000000" vlink="#000000" alink="#000000">'; + echo '<script language="javascript" type="text/javascript">'; + echo 'window.close();</script>'; + echo '</body></html>'; exit; } -if (isset($id) && $a_rule[$id]) { - $pconfig['enable'] = $a_rule[$id]['enable']; - $pconfig['interface'] = $a_rule[$id]['interface']; - $pconfig['rulesets'] = $a_rule[$id]['rulesets']; +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); } -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); +$a_rule = &$config['installedpackages']['snortglobal']['rule']; + +$if_real = get_real_interface($a_rule[$id]['interface']); $snort_uuid = $a_rule[$id]['uuid']; -$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; -$file = $_GET['openruleset']; +$snortlogdir = SNORTLOGDIR; +$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/"; + +$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); $contents = ''; $wrap_flag = "off"; @@ -77,13 +79,13 @@ else // a standard rules file, or a complete file name. // Test for the special case of an IPS Policy file. if (substr($file, 0, 10) == "IPS Policy") { - $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); - if (isset($_GET['ids'])) { - $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; + $rules_map = snort_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1)))); + if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { + $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } else { - $contents = "# Snort IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n"; + $contents = "# Snort IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n"; foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; @@ -94,7 +96,7 @@ if (substr($file, 0, 10) == "IPS Policy") { unset($rules_map); } // Is it a SID to load the rule text from? -elseif (isset($_GET['ids'])) { +elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { // If flowbit rule, point to interface-specific file if ($file == "Auto-Flowbit Rules") $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); @@ -102,7 +104,7 @@ elseif (isset($_GET['ids'])) { $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}"); else $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); - $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; + $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } // Is it our special flowbit rules file? @@ -114,16 +116,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}")) // Is it a rules file in the ../preproc_rules/ directory? elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}"); -// Is it a fully qualified path and file? -elseif (file_exists($file)) { - if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) - $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!"); - else - $contents = file_get_contents($file); -} +// Is it a disabled preprocessor auto-rules-disable file? +elseif (file_exists("{$snortlogdir}/{$file}")) + $contents = file_get_contents("{$snortlogdir}/{$file}"); // It is not something we can display, so exit. else - $input_errors[] = gettext("Unable to open file: {$displayfile}"); + $contents = gettext("Unable to open file: {$displayfile}"); $pgtitle = array(gettext("Snort"), gettext("File Viewer")); ?> @@ -131,10 +129,8 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> <?php // include("fbegin.inc");?> -<form action="snort_rules_edit.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> @@ -161,7 +157,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); </td> </tr> </table> -</form> <?php // include("fend.inc");?> </body> </html> diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index 325276ee..de5bdc6b 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -1,7 +1,7 @@ <?php /* * snort_rules_flowbits.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -41,40 +41,34 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { } $a_nat = &$config['installedpackages']['snortglobal']['rule']; -// Set who called us so we can return to the correct page with -// the RETURN button. Save the original referrer and the query -// string in session variables. -session_start(); -if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) { - $_SESSION['org_referrer'] = urldecode($_GET['returl']); - $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING']; -} -$referrer = $_SESSION['org_referrer']; -$querystr = $_SESSION['org_querystr']; -session_write_close(); +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); -if ($_POST['cancel']) { - session_start(); - unset($_SESSION['org_referrer']); - unset($_SESSION['org_querystr']); - session_write_close(); - header("Location: {$referrer}?{$querystr}"); +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); exit; } -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (is_null($id)) { - session_start(); - unset($_SESSION['org_referrer']); - unset($_SESSION['org_querystr']); - session_write_close(); - header("Location: /snort/snort_interfaces.php"); +// Set who called us so we can return to the correct page with +// the RETURN ('cancel') button. +if ($_POST['referrer']) + $referrer = $_POST['referrer']; +else + $referrer = $_SERVER['HTTP_REFERER']; + +// Make sure a rule index ID is appended to the return URL +if (strpos($referrer, "?id={$id}") === FALSE) + $referrer .= "?id={$id}"; + +// If RETURN button clicked, exit to original calling page +if ($_POST['cancel']) { + header("Location: {$referrer}"); exit; } -$if_real = snort_get_real_interface($a_nat[$id]['interface']); +$if_real = get_real_interface($a_nat[$id]['interface']); $snort_uuid = $a_nat[$id]['uuid']; /* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */ @@ -89,12 +83,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') { else $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!"); -if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { - $descr = snort_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']); +if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) { + $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']); + $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n"); if (empty($descr)) - $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n"; + $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; else - $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}"; + $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; if (!is_array($config['installedpackages']['snortglobal']['suppress'])) $config['installedpackages']['snortglobal']['suppress'] = array(); if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) @@ -134,7 +129,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ $rebuild_rules = false; sync_snort_package_config(); snort_reload_config($a_nat[$id]); - $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); + $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); } else { /* We did not find the defined list, so notify the user with an error */ @@ -142,23 +137,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ } } -function truncate($string, $length) { - - /******************************** - * This function truncates the * - * passed string to the length * - * specified adding ellipsis if * - * truncation was necessary. * - ********************************/ - if (strlen($string) > $length) - $string = substr($string, 0, ($length - 3)) . "..."; - return $string; -} - /* Load up an array with the current Suppression List GID,SID values */ $supplist = snort_load_suppress_sigs($a_nat[$id]); -$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Flowbit Rules"); include_once("head.inc"); @@ -168,12 +150,16 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> <form action="snort_rules_flowbits.php" method="post" name="iform" id="iform"> +<input type="hidden" name="id" value="<?=$id;?>"/> +<input type="hidden" name="referrer" value="<?=$referrer;?>"/> +<input type="hidden" name="sid" id="sid" value=""/> +<input type="hidden" name="gid" id="gid" value=""/> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -203,7 +189,7 @@ if ($savemsg) <td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td> <td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> - <input name="id" type="hidden" value="<?=$id;?>" /></td> + </td> </tr> <tr> <td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td> @@ -220,13 +206,13 @@ if ($savemsg) </tr> <tr> <td> - <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0"> + <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0"> <colgroup> <col width="11%" axis="number"> - <col width="10%" axis="string"> + <col width="54" axis="string"> <col width="14%" axis="string"> <col width="14%" axis="string"> - <col width="20%" axis="string"> + <col width="24%" axis="string"> <col axis="string"> </colgroup> <thead> @@ -253,19 +239,20 @@ if ($savemsg) $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); $rule_content = preg_split('/[\s]+/', $tmp); - $protocol = $rule_content[1]; //protocol - $source = truncate($rule_content[2], 14); //source - $destination = truncate($rule_content[5], 14); //destination - $message = snort_get_msg($v['rule']); + $protocol = $rule_content[1]; //protocol + $source = $rule_content[2]; //source + $destination = $rule_content[5]; //destination + $message = snort_get_msg($v['rule']); // description $flowbits = implode("; ", snort_get_flowbits($v['rule'])); if (strstr($flowbits, "noalert")) $supplink = ""; else { if (!isset($supplist[$gid][$sid])) { - $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">"; - $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" "; + $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';"; + $supplink .= "document.getElementById('gid').value='{$gid}';\" "; + $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" "; $supplink .= "width='12' height='12' border='0' title='"; - $supplink .= gettext("Click to add to Suppress List") . "'/></a>"; + $supplink .= gettext("Click to add to Suppress List") . "'/>"; } else { $supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" "; @@ -276,12 +263,12 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "<tr>" . - "<td class=\"listr\">{$sid} {$supplink}</td>" . - "<td class=\"listr\">{$protocol}</td>" . - "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" . - "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . + "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . + "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" . + "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" . - "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" . + "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" . "</tr>"; $count++; } @@ -297,7 +284,6 @@ if ($savemsg) <td align="center" valign="middle"> <input id="cancel" name="cancel" type="submit" class="formbtn" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> - <input name="id" type="hidden" value="<?=$id;?>" /> </td> </tr> <?php endif; ?> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 9c14392d..46a67913 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -5,6 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,12 +43,14 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) { } $a_nat = &$config['installedpackages']['snortglobal']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { - header("Location: /snort/snort_interfaces.php"); - exit; + header("Location: /snort/snort_interfaces.php"); + exit; } if (isset($id) && $a_nat[$id]) { @@ -59,12 +62,12 @@ if (isset($id) && $a_nat[$id]) { $pconfig['ips_policy'] = $a_nat[$id]['ips_policy']; } -$if_real = snort_get_real_interface($pconfig['interface']); +$if_real = get_real_interface($pconfig['interface']); $snort_uuid = $a_nat[$id]['uuid']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; -$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; -$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off'; +$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off'; +$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off'; +$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off'; $no_emerging_files = false; $no_snort_files = false; @@ -118,7 +121,12 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') { else $disable_vrt_rules = ""; -if ($_POST["Submit"]) { +if (!empty($a_nat[$id]['rulesets'])) + $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); +else + $enabled_rulesets_array = array(); + +if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; @@ -158,8 +166,10 @@ if ($_POST["Submit"]) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_nat[$id]); - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; + $pconfig = $_POST; + $enabled_rulesets_array = explode("||", $enabled_items); + if (snort_is_running($snort_uuid, $if_real)) + $savemsg = gettext("Snort is 'live-reloading' the new rule set."); } if ($_POST['unselectall']) { @@ -174,61 +184,47 @@ if ($_POST['unselectall']) { unset($a_nat[$id]['ips_policy']); } - write_config(); - sync_snort_package_config(); + $pconfig['autoflowbits'] = $_POST['autoflowbits']; + $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; + $pconfig['ips_policy'] = $_POST['ips_policy']; + $enabled_rulesets_array = array(); - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; + $savemsg = gettext("All rule categories have been de-selected. "); + if ($a_nat[$id]['ips_policy_enable'] = 'on') + $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used."); + else + $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!"); } if ($_POST['selectall']) { - $rulesets = array(); - - if ($_POST['ips_policy_enable'] == "on") { - $a_nat[$id]['ips_policy_enable'] = 'on'; - $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; - } - else { - $a_nat[$id]['ips_policy_enable'] = 'off'; - unset($a_nat[$id]['ips_policy']); - } + $enabled_rulesets_array = array(); if ($emergingdownload == 'on') { $files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } elseif ($etpro == 'on') { $files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } if ($snortcommunitydownload == 'on') { $files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } /* Include the Snort VRT rules only if enabled and no IPS policy is set */ if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } - - $a_nat[$id]['rulesets'] = implode("||", $rulesets); - - write_config(); - sync_snort_package_config(); - - header("Location: /snort/snort_rulesets.php?id=$id"); - exit; } -$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); - -$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Categories"); include_once("head.inc"); ?> @@ -237,11 +233,10 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { @@ -259,12 +254,13 @@ if ($savemsg) { $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); - $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -273,9 +269,10 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -392,9 +389,9 @@ if ($savemsg) { <td colspan="6"> <table width=90% align="center" border="0" cellpadding="2" cellspacing="0"> <tr height="45px"> - <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> - <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> - <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> + <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all categories to enforcing rules"); ?>"/></td> + <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove categories all from enforcing rules"); ?>"/></td> + <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> </tr> </table> @@ -426,14 +423,14 @@ if ($savemsg) { <?php endif; ?> <?php endif; ?> - <?php if ($no_emerging_files) - $msg_emerging = "downloaded."; + <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on')) + $msg_emerging = "have not been downloaded."; else - $msg_emerging = "enabled."; - if ($no_snort_files) - $msg_snort = "downloaded."; + $msg_emerging = "are not enabled."; + if ($no_snort_files && $snortdownload == 'on') + $msg_snort = "have not been downloaded."; else - $msg_snort = "enabled."; + $msg_snort = "are not enabled."; ?> <tr id="frheader"> <?php if ($emergingdownload == 'on' && !$no_emerging_files): ?> @@ -443,7 +440,7 @@ if ($savemsg) { <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td> <?php else: ?> - <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules not {$msg_emerging}"); ?></td> + <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td> <?php endif; ?> <?php if ($snortdownload == 'on' && !$no_snort_files): ?> <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> @@ -451,7 +448,7 @@ if ($savemsg) { <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Snort SO Rules');?></td> <?php else: ?> - <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules have not been {$msg_snort}"); ?></td> + <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td> <?php endif; ?> </tr> <?php @@ -561,7 +558,7 @@ if ($savemsg) { </tr> <tr> <td colspan="6" align="center" valign="middle"> - <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> + <input value="Save" type="submit" name="save" id="save" class="formbtn" title="<?php echo gettext("Click to Save changes and rebuild rules");?>"/></td> </tr> <?php endif; ?> </table> diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c5c6347e..c632b388 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -2,7 +2,7 @@ /* $Id$ */ /* snort_select_alias.php - Copyright (C) 2013 Bill Meeks + Copyright (C) 2013, 2014 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -42,22 +42,29 @@ require_once("/usr/local/pkg/snort/snort.inc"); // overwrite it on subsequent POST-BACKs to this page. if (!isset($_POST['org_querystr'])) $querystr = $_SERVER['QUERY_STRING']; +else + $querystr = $_POST['org_querystr']; // Retrieve any passed QUERY STRING or POST variables -$type = $_GET['type']; -$varname = $_GET['varname']; -$multi_ip = $_GET['multi_ip']; -$referrer = urldecode($_GET['returl']); if (isset($_POST['type'])) $type = $_POST['type']; +elseif (isset($_GET['type'])) + $type = htmlspecialchars($_GET['type']); + if (isset($_POST['varname'])) $varname = $_POST['varname']; +elseif (isset($_GET['varname'])) + $varname = htmlspecialchars($_GET['varname']); + if (isset($_POST['multi_ip'])) $multi_ip = $_POST['multi_ip']; +elseif (isset($_GET['multi_ip'])) + $multi_ip = htmlspecialchars($_GET['multi_ip']); + if (isset($_POST['returl'])) $referrer = urldecode($_POST['returl']); -if (isset($_POST['org_querystr'])) - $querystr = $_POST['org_querystr']; +elseif (isset($_GET['returl'])) + $referrer = urldecode($_GET['returl']); // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. @@ -122,11 +129,11 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <form action="snort_select_alias.php" method="post"> -<input type="hidden" name="varname" value="<?=$varname;?>"> -<input type="hidden" name="type" value="<?=$type;?>"> -<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"> -<input type="hidden" name="returl" value="<?=$referrer;?>"> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"> +<input type="hidden" name="varname" value="<?=$varname;?>"/> +<input type="hidden" name="type" value="<?=$type;?>"/> +<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> +<input type="hidden" name="returl" value="<?=$referrer;?>"/> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index b3d81f37..9a91e0d6 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_stream5_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,14 +36,16 @@ $snortdir = SNORTDIR; /* Retrieve required array index values from QUERY string if available. */ /* 'id' is the [rule] array index, and 'eng_id' is the index for the */ /* stream5_tcp_engine's [item] array. */ -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; - /* See if values are in our form's POST content */ -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); /* If we don't have a [rule] index specified, exit */ if (is_null($id)) { @@ -131,7 +133,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['stream5_client_import'])) $_SESSION['stream5_client_import'] = array(); @@ -165,7 +167,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['org_referer']); @@ -333,7 +335,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine"); include_once("head.inc"); @@ -586,7 +588,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo |