aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.priv.inc12
-rwxr-xr-xconfig/snort/snort_alerts.php285
-rw-r--r--config/snort/snort_blocked.php64
-rwxr-xr-xconfig/snort/snort_define_servers.php53
-rwxr-xr-xconfig/snort/snort_download_rules.php2
-rw-r--r--config/snort/snort_edit_hat_data.php30
-rw-r--r--config/snort/snort_frag3_engine.php21
-rw-r--r--config/snort/snort_ftp_client_engine.php21
-rw-r--r--config/snort/snort_ftp_server_engine.php21
-rw-r--r--config/snort/snort_httpinspect_engine.php21
-rw-r--r--config/snort/snort_import_aliases.php18
-rwxr-xr-xconfig/snort/snort_interfaces.php147
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php188
-rw-r--r--config/snort/snort_interfaces_global.php53
-rw-r--r--config/snort/snort_interfaces_suppress.php44
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php24
-rw-r--r--config/snort/snort_interfaces_whitelist.php177
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php324
-rw-r--r--config/snort/snort_list_view.php28
-rw-r--r--config/snort/snort_log_view.php93
-rw-r--r--config/snort/snort_post_install.php123
-rwxr-xr-xconfig/snort/snort_preprocessors.php372
-rwxr-xr-xconfig/snort/snort_rules.php329
-rwxr-xr-xconfig/snort/snort_rules_edit.php57
-rw-r--r--config/snort/snort_rules_flowbits.php118
-rwxr-xr-xconfig/snort/snort_rulesets.php119
-rw-r--r--config/snort/snort_select_alias.php31
-rw-r--r--config/snort/snort_stream5_engine.php22
28 files changed, 1076 insertions, 1721 deletions
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 795924ea..8db5408d 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -24,10 +24,9 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_edit.php*
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_global.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress_edit.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist_edit.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_passlist.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_passlist_edit.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_list_view.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_log_view.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_migrate_config.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_post_install.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_preprocessors.php*";
@@ -37,9 +36,14 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rules_flowbits.php*"
$priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_ip_list_mgmt.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*";
+$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*";
+$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*";
+$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*";
$priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*";
$priv_list['page-services-snort']['match'][] = "snort/snort.inc*";
-
?> \ No newline at end of file
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 804c6e8a..998cd061 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -40,6 +40,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$supplist = array();
+$snortlogdir = SNORTLOGDIR;
function snort_is_alert_globally_suppressed($list, $gid, $sid) {
@@ -129,18 +130,18 @@ function snort_add_supplist_entry($suppress) {
return false;
}
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
-if ($_POST['instance'])
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
-if (empty($instanceid))
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
+ $instanceid = htmlspecialchars($_GET['instance']);
+if (empty($instanceid) || !is_numericint($instanceid))
$instanceid = 0;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[$instanceid]['uuid'];
-$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+$if_real = get_real_interface($a_instance[$instanceid]['interface']);
// Load up the arrays of force-enabled and force-disabled SIDs
$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']);
@@ -173,63 +174,70 @@ if ($_POST['save']) {
exit;
}
-if ($_POST['todelete'] || $_GET['todelete']) {
+if ($_POST['todelete']) {
$ip = "";
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- else if($_GET['todelete'])
- $ip = $_GET['todelete'];
- if (is_ipaddr($ip)) {
- exec("/sbin/pfctl -t snort2c -T delete {$ip}");
- $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
+ if($_POST['ip']) {
+ $ip = $_POST['ip'];
+ if (is_ipaddr($_POST['ip'])) {
+ exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+ $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Hosts Table.");
+ }
}
}
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
-
- /* Add the new entry to the Suppress List */
- if (snort_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
- else
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
-}
-
-if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if ($_GET['act'] == "addsuppress_srcip")
+if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ if ($_POST['addsuppress_srcip'])
$method = "by_src";
- else
+ elseif ($_POST['addsuppress_dstip'])
$method = "by_dst";
-
- /* Check for valid IP addresses, exit if not valid */
- if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- }
- else {
- header("Location: /snort/snort_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $method ="all";
+
+ // See which kind of Suppress Entry to create
+ switch ($method) {
+ case "all":
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List.");
+ break;
+ case "by_src":
+ case "by_dst":
+ // Check for valid IP addresses, exit if not valid
+ if (is_ipaddr($_POST['ip'])) {
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List.");
+ }
+ else {
+ $input_errors[] = gettext("An invalid IP address was passed as a Suppress List parameter.");
+ }
+ break;
+ default:
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
+ exit;
}
- /* Add the new entry to the Suppress List */
- if (snort_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
- else
- /* We did not find the defined list, so notify the user with an error */
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ if (!$input_errors) {
+ /* Add the new entry to the Suppress List and signal Snort to reload config */
+ if (snort_add_supplist_entry($suppress)) {
+ snort_reload_config($a_instance[$instanceid]);
+ $savemsg = $success;
+ /* Give Snort a couple seconds to reload the configuration */
+ sleep(2);
+ }
+ else
+ $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ }
}
-if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gen_id'];
-
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['sidid'];
+if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ // Get the GID and SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gen_id'];
+ $sid= $_POST['sidid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it if present.
@@ -279,16 +287,17 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
/* Soft-restart Snort to live-load the new rules */
snort_reload_config($a_instance[$instanceid]);
- $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
+ /* Give Snort a couple seconds to reload the configuration */
+ sleep(2);
+
+ $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
-if ($_GET['action'] == "clear" || $_POST['delete']) {
+if ($_POST['delete']) {
snort_post_delete_logs($snort_uuid);
- $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
- if ($fd)
- fclose($fd);
+ file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", "");
/* XXX: This is needed if snort is run as snort user */
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ mwexec("/bin/chmod 660 {$snortlogdir}/*", true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
@@ -298,7 +307,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($_POST['download']) {
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
- exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
+ exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
if (file_exists("/tmp/{$file_name}")) {
ob_start(); //important or other posts will fail
@@ -338,16 +347,21 @@ include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php?instance={$instanceid}\" />\n";
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
- print_info_box($savemsg);
- }
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="/snort/snort_alerts.php" method="post" id="formalert">
+<input type="hidden" name="instance" id="instance" value="<?=$instanceid;?>"/>
+<input type="hidden" name="sidid" id="sidid" value=""/>
+<input type="hidden" name="gen_id" id="gen_id" value=""/>
+<input type="hidden" name="ip" id="ip" value=""/>
+<input type="hidden" name="descr" id="descr" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -357,10 +371,11 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php?instance={$instanceid}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -372,13 +387,13 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<tr>
<td width="22%" class="vncell"><?php echo gettext('Instance to inspect'); ?></td>
<td width="78%" class="vtable">
- <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()">
+ <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ")&nbsp;{$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -386,22 +401,23 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<tr>
<td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
- 'log files will be saved.'); ?>&nbsp;&nbsp;<a href="/snort/snort_alerts.php?action=clear&instance=<?=$instanceid;?>">
+ <input name="download" type="submit" class="formbtns" value="Download"
+ title="<?=gettext("Download interface log files as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext('All log files will be saved.');?>&nbsp;&nbsp;
<input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
- <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
+ onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/>
+ &nbsp;<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save">
- <?php echo gettext('Refresh'); ?> <input name="arefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
- <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;<?php echo gettext('Refresh');?>&nbsp;&nbsp;<input name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/>
+ <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/>
+ &nbsp;<?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -410,39 +426,39 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
</tr>
<tr>
<td width="100%" colspan="2">
- <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="9%" align="center" axis="date">
- <col width="45" align="center" axis="number">
- <col width="65" align="center" axis="string">
+ <col width="10%" align="center" axis="date">
+ <col width="40" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="10%" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
+ <col width="7%" align="center" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
- <col width="9%" align="center" axis="number">
+ <col width="7%" align="center" axis="string">
+ <col width="10%" align="center" axis="number">
<col axis="string">
</colgroup>
<thead>
<tr>
- <th class="listhdrr" axis="date"><?php echo gettext("DATE"); ?></th>
- <th class="listhdrr" axis="number"><?php echo gettext("PRI"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("PROTO"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("CLASS"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SRC"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SPORT"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DST"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DPORT"); ?></th>
+ <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th>
+ <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th>
</tr>
</thead>
<tbody>
<?php
/* make sure alert file exists */
-if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -{$anentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
+if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
if (file_exists("/tmp/alert_{$snort_uuid}")) {
$tmpblocked = array_flip(snort_get_blocked_ips());
$counter = 0;
@@ -450,7 +466,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
$fd = fopen("/tmp/alert_{$snort_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) < 13)
continue;
/* Time */
@@ -482,9 +498,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
- $alert_ip_src .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[6])) . "'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>";
+ $alert_ip_src .= "&nbsp;&nbsp;<input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[6]}','{$alert_descr}');\" ";
+ $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'>";
}
elseif (isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
$alert_ip_src .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -492,9 +508,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[6]])) {
- $alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[6])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_src .= "&nbsp;<input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[6]}';\" ";
+ $alert_ip_src .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>";
}
/* IP SRC Port */
$alert_src_p = $fields[7];
@@ -515,9 +530,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
- $alert_ip_dst .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[8])) . "'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>";
+ $alert_ip_dst .= "&nbsp;&nbsp;<input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[8]}','{$alert_descr}');\" ";
+ $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>";
}
elseif (isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
$alert_ip_dst .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -525,18 +540,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[8]])) {
- $alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[8])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_dst .= "&nbsp;<input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[8]}';\" ";
+ $alert_ip_dst .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>";
}
/* IP DST Port */
$alert_dst_p = $fields[9];
/* SID */
$alert_sid_str = "{$fields[1]}:{$fields[2]}";
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2])) {
- $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}'>";
- $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>";
+ $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','{$alert_descr}');\" ";
+ $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>";
}
else {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -544,31 +558,31 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for toggling rule state */
if (isset($disablesid[$fields[1]][$fields[2]])) {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block_d.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>";
}
else {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Click to force-disable rule and remove from current rules set.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
$alert_class = $fields[11];
+ /* Write out a table row */
echo "<tr>
<td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td>
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
- <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
-
$counter++;
}
fclose($fd);
@@ -588,6 +602,21 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
<?php
include("fend.inc");
?>
-
+<script type="text/javascript">
+function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
+
+ // This function stuffs the passed GID, SID
+ // and other values into hidden Form Fields
+ // for postback.
+ if (typeof srcipip == "undefined")
+ var srcipip = "";
+ if (typeof ruledescr == "undefined")
+ var ruledescr = "";
+ document.getElementById("sidid").value = rulesid;
+ document.getElementById("gen_id").value = rulegid;
+ document.getElementById("ip").value = srcip;
+ document.getElementById("descr").value = ruledescr;
+}
+</script>
</body>
</html>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 4fc470d3..b05384ae 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -34,6 +34,8 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+$snortlogdir = SNORTLOGDIR;
+
// Grab pfSense version so we can refer to it later on this page
$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -48,14 +50,14 @@ if (empty($pconfig['blertnumber']))
else
$bnentries = $pconfig['blertnumber'];
-if ($_POST['todelete'] || $_GET['todelete']) {
+if ($_POST['todelete']) {
$ip = "";
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- else if($_GET['todelete'])
- $ip = $_GET['todelete'];
+ if ($_POST['ip'])
+ $ip = $_POST['ip'];
if (is_ipaddr($ip))
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+ else
+ $input_errors[] = gettext("An invalid IP address was provided as a parameter.");
}
if ($_POST['remove']) {
@@ -140,12 +142,19 @@ include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['brefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
-?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
-<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="/snort/snort_blocked.php" method="post">
+<input type="hidden" name="ip" id="ip" value=""/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -156,10 +165,11 @@ if ($pconfig['brefresh'] == 'on')
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -172,22 +182,23 @@ if ($pconfig['brefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext("All " .
- "blocked hosts will be saved."); ?>&nbsp;&nbsp;<input name="remove" type="submit"
- class="formbtns" value="Clear">&nbsp;<span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>
- <?php echo gettext("all hosts will be removed."); ?>
+ <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext("All blocked hosts will be saved."); ?>&nbsp;&nbsp;
+ <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>"
+ onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/>&nbsp;
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>&nbsp;<?php echo gettext("all hosts will be removed."); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save"> <?php echo gettext("Refresh"); ?> <input
- name="brefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
- <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;<input
- name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
- size="5" value="<?=htmlspecialchars($bnentries);?>"> <?php printf(gettext("Enter the " .
- "number of blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;&nbsp;<?php echo gettext("Refresh"); ?>&nbsp;<input name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>/>
+ &nbsp;<?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"/>&nbsp;<?php printf(gettext("Enter number of " .
+ "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -225,13 +236,13 @@ if ($pconfig['brefresh'] == 'on')
if (!empty($blocked_ips_array)) {
$tmpblocked = array_flip($blocked_ips_array);
$src_ip_list = array();
- foreach (glob("/var/log/snort/*/alert") as $alertfile) {
+ foreach (glob("{$snortlogdir}/*/alert") as $alertfile) {
$fd = fopen($alertfile, "r");
if ($fd) {
/* 0 1 2 3 4 5 6 7 8 9 10 11 12
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) < 13)
continue;
if (isset($tmpblocked[$fields[6]])) {
@@ -280,8 +291,9 @@ if ($pconfig['brefresh'] == 'on')
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
- <td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
- <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\">
+ <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\"
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td>
</tr>\n";
}
}
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 7c057b19..d210da2c 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -35,12 +36,14 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
@@ -87,20 +90,20 @@ $snort_ports = array(
);
// Sort our SERVERS and PORTS arrays to make values
-// easier to locate by the the user.
+// easier to locate for the user.
ksort($snort_servers);
ksort($snort_ports);
$pconfig = $a_nat[$id];
/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-if ($_POST) {
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -149,9 +152,11 @@ if ($_POST) {
header("Location: snort_define_servers.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports");
include_once("head.inc");
@@ -160,7 +165,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display Alert message */
if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
@@ -180,23 +184,25 @@ if ($savemsg)
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -256,7 +262,7 @@ if ($savemsg)
<tr>
<td width="30%" valign="top">&nbsp;</td>
<td width="70%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="save" type="submit" class="formbtn" value="Save">
<input name="id" type="hidden" value="<?=$id;?>">
</td>
</tr>
@@ -276,9 +282,6 @@ if ($savemsg)
if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 562a6b36..f35341f1 100755
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -91,7 +91,7 @@ include("head.inc");
<?php
$snort_gui_include = true;
-include("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
+include("/usr/local/www/snort/snort_check_for_rule_updates.php");
/* hide progress bar and lets end this party */
echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index f6d00b0b..cef6a894 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -3,6 +3,7 @@
* snort_edit_hat_data.php
* Copyright (C) 2004 Scott Ullrich
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* originially part of m0n0wall (http://m0n0.ch/wall)
@@ -47,9 +48,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -62,24 +65,27 @@ else
if ($_POST['clear']) {
unset($a_nat[$id]['host_attribute_data']);
+ $a_nat[$id]['host_attribute_table'] = 'off';
write_config();
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
- header("Location: /snort/snort_edit_hat_data.php?id={$id}");
- exit;
+ $pconfig['host_attribute_data'] = "";
}
-if ($_POST['host_attribute_data']) {
+if ($_POST['save']) {
$a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']);
+ if (strlen($_POST['host_attribute_data']) > 0)
+ $a_nat[$id]['host_attribute_table'] = 'on';
+ else
+ $a_nat[$id]['host_attribute_table'] = 'off';
write_config();
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
- header("Location: /snort/snort_preprocessors.php?id={$id}");
- exit;
+ $pconfig['host_attribute_data'] = $_POST['host_attribute_data'];
}
-$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Host Attribute Table Data");
include_once("head.inc");
@@ -89,8 +95,8 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
@@ -106,11 +112,11 @@ if ($savemsg)
<tr>
<td>
<input type='hidden' name='id' value='<?=$id;?>'>
- <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=$pconfig['host_attribute_data'];?></textarea></td>
+ <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=htmlspecialchars($pconfig['host_attribute_data']);?></textarea></td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/>&nbsp;&nbsp;
<input type="button" class="formbtn" value=" <?php echo gettext("Return"); ?>" onclick="parent.location='snort_preprocessors.php?id=<?=$id;?>'" title="<?php echo gettext("Return to Preprocessors tab"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all Host Attribute data for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all Host Attribute data"); ?>"/>
</td>
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index 89a21dc8..a4c8cb53 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_frag3_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
@@ -90,10 +93,10 @@ if ($_POST['Cancel']) {
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import") {
if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
/* Grab all the POST values and save in new temp array */
$engine = array();
@@ -189,7 +192,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine");
include_once("head.inc");
@@ -324,7 +327,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php
index b039df5b..9058a06e 100644
--- a/config/snort/snort_ftp_client_engine.php
+++ b/config/snort/snort_ftp_client_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_client_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,12 +33,15 @@ global $g;
$snortdir = SNORTDIR;
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -84,7 +87,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "bounce_to_net" || $_GET['varname'] == "bounce_to_port")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_client_import']))
$_SESSION['ftp_client_import'] = array();
@@ -112,7 +115,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -220,7 +223,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine");
include_once("head.inc");
@@ -353,7 +356,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index e70033e7..618c8d85 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_server_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab any QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -85,7 +88,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_server_import']))
$_SESSION['ftp_server_import'] = array();
@@ -109,7 +112,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -191,7 +194,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine");
include_once("head.inc");
@@ -316,7 +319,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php
index 94d3364f..47495ebe 100644
--- a/config/snort/snort_httpinspect_engine.php
+++ b/config/snort/snort_httpinspect_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_httpinspect_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,12 +33,15 @@ global $g;
$snortdir = SNORTDIR;
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -137,7 +140,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
$_SESSION['http_inspect_import'] = array();
$_SESSION['http_inspect_import'][$_GET['varname']] = $_GET['varvalue'];
@@ -160,7 +163,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -300,7 +303,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: {$if_friendly} - HTTP_Inspect Preprocessor Engine");
include_once("head.inc");
@@ -637,7 +640,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save httpinspect engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index 77cd5490..7edadea7 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
snort_import_aliases.php
- Copyright (C) 2013 Bill Meeks
+ Copyright (C) 2013, 2014 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -32,12 +32,15 @@ require_once("functions.inc");
require_once("/usr/local/pkg/snort/snort.inc");
// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
if (isset($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (isset($_POST['eng']))
$eng = $_POST['eng'];
+elseif (isset($_GET['eng']))
+ $eng = htmlspecialchars($_GET['eng']);
// Make sure we have a valid rule ID and ENGINE name, or
// else bail out to top-level menu.
@@ -46,7 +49,10 @@ if (is_null($id) || is_null($eng)) {
exit;
}
-// Used to track if any selectable Aliases are found
+// Used to track if any selectable Aliases are found. Selectable
+// means aliases matching the requirements of the configuration
+// engine we are importing into (e.g., single IP only or
+// multiple IP alias).
$selectablealias = false;
// Initialize required array variables as necessary
@@ -89,7 +95,7 @@ switch ($eng) {
break;
case "stream5_tcp_engine":
$anchor = "#stream5_row";
- $multi_ip = true;
+ $multi_ip = false;
$title = "Stream5 TCP Engine";
break;
case "ftp_server_engine":
@@ -269,7 +275,7 @@ include("head.inc");
?>
<?php if ($disable): ?>
<tr title="<?=$tooltip;?>">
- <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
+ <td class="listlr" align="center" sorttable_customkey=""><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height="11" border="0"/>
<?php else: ?>
<tr>
<td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 15d9addc..9f42ab2e 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,56 +29,39 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-$nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortdir = SNORTDIR;
+$snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+// Calculate the index of the next added Snort interface
$id_gen = count($config['installedpackages']['snortglobal']['rule']);
if (isset($_POST['del_x'])) {
- /* delete selected rules */
+ /* Delete selected Snort interfaces */
if (is_array($_POST['rule'])) {
conf_mount_rw();
foreach ($_POST['rule'] as $rulei) {
- /* convert fake interfaces to real */
- $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
+ $if_real = get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
snort_stop($a_nat[$rulei], $if_real);
- exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}");
+ exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}");
exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}");
- // If interface had auto-generated Suppress List, then
- // delete that along with the interface
- $autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
- if (is_array($config['installedpackages']['snortglobal']['suppress']) &&
- is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
- $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
- foreach ($a_suppress as $k => $i) {
- if ($i['name'] == $autolist) {
- unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]);
- break;
- }
- }
- }
-
// Finally delete the interface's config entry entirely
unset($a_nat[$rulei]);
}
conf_mount_ro();
- /* If all the Snort interfaces are removed, then unset the config array. */
+ /* If all the Snort interfaces are removed, then unset the interfaces config array. */
if (empty($a_nat))
unset($a_nat);
@@ -106,13 +90,13 @@ if (isset($_POST['del_x'])) {
}
-/* start/stop snort */
-if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
- $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id];
- $if_real = snort_get_real_interface($snortcfg['interface']);
- $if_friendly = snort_get_friendly_interface($snortcfg['interface']);
+/* start/stop barnyard2 */
+if ($_POST['bartoggle'] && is_numericint($_POST['id'])) {
+ $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
+ $if_real = get_real_interface($snortcfg['interface']);
+ $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') {
+ if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})...");
sync_snort_package_config();
snort_barnyard_start($snortcfg, $if_real);
@@ -120,27 +104,18 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})...");
snort_barnyard_stop($snortcfg, $if_real);
}
-
sleep(3); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
}
/* start/stop snort */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
- $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id];
- $if_real = snort_get_real_interface($snortcfg['interface']);
- $if_friendly = snort_get_friendly_interface($snortcfg['interface']);
+if ($_POST['toggle'] && is_numericint($_POST['id'])) {
+ $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
+ $if_real = get_real_interface($snortcfg['interface']);
+ $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') {
+ if (snort_is_running($snortcfg['uuid'], $if_real)) {
log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})...");
snort_stop($snortcfg, $if_real);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
} else {
log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})...");
@@ -149,16 +124,8 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
sync_snort_package_config();
$rebuild_rules = false;
snort_start($snortcfg, $if_real);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
}
sleep(3); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
}
$pgtitle = "Services: $snort_package_version";
@@ -169,34 +136,18 @@ include_once("head.inc");
<?php
include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
-<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
/* Display Alert message */
if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
-
- //if (file_exists($d_snortconfdirty_path)) {
- if ($d_snortconfdirty_path_ls != '') {
- echo '<p>';
-
- if($savemsg)
- print_info_box_np("{$savemsg}");
- else {
- print_info_box_np(gettext(
- 'The Snort configuration has changed for one or more interfaces.<br>' .
- 'You must apply the changes in order for them to take effect.<br>'
- ));
- }
- }
?>
+<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="">
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -207,10 +158,11 @@ if ($pfsense_stable == 'yes')
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -257,11 +209,10 @@ if ($pfsense_stable == 'yes')
<?php
/* convert fake interfaces to real and check if iface is up */
- /* There has to be a smarter way to do this */
- $if_real = snort_get_real_interface($natent['interface']);
- $natend_friendly= snort_get_friendly_interface($natent['interface']);
+ $if_real = get_real_interface($natent['interface']);
+ $natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$snort_uuid = $natent['uuid'];
- if (snort_is_running($snort_uuid, $if_real) == 'no'){
+ if (!snort_is_running($snort_uuid, $if_real)){
$iconfn = 'block';
$iconfn_msg1 = 'Snort is not running on ';
$iconfn_msg2 = '. Click to start.';
@@ -271,7 +222,7 @@ if ($pfsense_stable == 'yes')
$iconfn_msg1 = 'Snort is running on ';
$iconfn_msg2 = '. Click to stop.';
}
- if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no'){
+ if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')){
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
@@ -312,14 +263,13 @@ if ($pfsense_stable == 'yes')
<?php
$check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
if ($check_snort_info == "on") {
- echo strtoupper("enabled");
- echo "<a href='?act=toggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" ";
+ echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>";
echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
} else
- echo strtoupper("disabled");
+ echo gettext("DISABLED");
?>
</td>
<td class="listr"
@@ -353,13 +303,11 @@ if ($pfsense_stable == 'yes')
<?php
$check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
if ($check_snortbarnyardlog_info == "on") {
- echo strtoupper("enabled");
- echo "<a href='?act=bartoggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>";
} else
- echo strtoupper("disabled");
+ echo gettext("DISABLED");
?>
</td>
<td class="listbg"
@@ -393,8 +341,7 @@ if ($pfsense_stable == 'yes')
src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
width="17" height="17" " border="0">
<?php else: ?>
- <input name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>"
onclick="return intf_del()">
<?php endif; ?></td>
@@ -420,12 +367,8 @@ if ($pfsense_stable == 'yes')
</td>
</tr>
<tr>
- <td colspan="3" class="vexpl"><br>
- </td>
- </tr>
- <tr>
- <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br>
- <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong>
+ <td colspan="3" class="vexpl">
+ <?php echo gettext("New settings will not take effect until interface restart."); ?>
</td>
</tr>
<tr>
@@ -484,9 +427,9 @@ function intf_del() {
}
}
if (isSelected)
- return confirm('Do you really want to delete the selected Snort mapping?');
+ return confirm('Do you really want to delete the selected Snort interface mapping(s)?');
else
- alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
+ alert("There is no Snort interface mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
}
</script>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 72aa82e2..1f3a3cbe 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,6 +34,9 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
+$snortdir = SNORTDIR;
+$snortlogdir = SNORTLOGDIR;
+
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -41,9 +45,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_rule = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -63,13 +69,7 @@ else {
$snort_uuid = $pconfig['uuid'];
// Get the physical configured interfaces on the firewall
-if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
-else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-}
+$interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
@@ -89,6 +89,8 @@ elseif (isset($id) && !isset($a_rule[$id])) {
foreach ($ifaces as $i) {
if (!in_array($i, $ifrules)) {
$pconfig['interface'] = $i;
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['enable'] = 'on';
break;
}
}
@@ -99,19 +101,26 @@ elseif (isset($id) && !isset($a_rule[$id])) {
}
}
-if (isset($_GET['dup']))
- unset($id);
-
// Set defaults for empty key parameters
if (empty($pconfig['blockoffendersip']))
$pconfig['blockoffendersip'] = "both";
if (empty($pconfig['performance']))
$pconfig['performance'] = "ac-bnfa";
-if ($_POST["Submit"]) {
- if (!$_POST['interface'])
+if ($_POST["save"]) {
+ if (!isset($_POST['interface']))
$input_errors[] = "Interface is mandatory";
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Snort instance.");
+ break;
+ }
+ }
+ }
+
/* if no errors write to conf */
if (!$input_errors) {
$natent = $a_rule[$id];
@@ -136,6 +145,8 @@ if ($_POST["Submit"]) {
if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']);
if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']);
if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']);
+ if ($_POST['alert_log_limit']) $natent['alert_log_limit'] = $_POST['alert_log_limit']; else unset($natent['alert_log_limit']);
+ if ($_POST['alert_log_retention']) $natent['alert_log_retention'] = $_POST['alert_log_retention']; else unset($natent['alert_log_retention']);
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
@@ -145,14 +156,20 @@ if ($_POST["Submit"]) {
if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; }
if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; }
- $if_real = snort_get_real_interface($natent['interface']);
+ $if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
+ // See if moving an existing Snort instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
- $oif_real = snort_get_real_interface($a_rule[$id]['interface']);
- snort_stop($a_rule[$id], $oif_real);
- exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']);
+ $oif_real = get_real_interface($a_rule[$id]['interface']);
+ if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ snort_stop($a_rule[$id], $oif_real);
+ $snort_start = true;
+ }
+ else
+ $snort_start = false;
+ exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
- exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}");
conf_mount_ro();
}
$a_rule[$id] = $natent;
@@ -264,6 +281,10 @@ if ($_POST["Submit"]) {
/* Update snort.conf and snort.sh files for this interface */
sync_snort_package_config();
+ /* See if we need to restart Snort after an interface re-assignment */
+ if ($snort_start == true)
+ snort_start($natent, $if_real);
+
/*******************************************************/
/* Signal Snort to reload configuration if we changed */
/* HOME_NET, EXTERNAL_NET or Suppress list values. */
@@ -284,21 +305,18 @@ if ($_POST["Submit"]) {
$pconfig = $_POST;
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php include("fbegin.inc");
-<?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -306,7 +324,8 @@ include_once("head.inc");
}
?>
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
+<form action="snort_interfaces_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -314,12 +333,13 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -328,9 +348,10 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -345,7 +366,7 @@ include_once("head.inc");
if ($pconfig['enable'] == "on")
$checked = "checked";
echo "
- <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\">
+ <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"/>
&nbsp;&nbsp;" . gettext("Enable or Disable") . "\n";
?>
<br/>
@@ -368,15 +389,15 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
<td width="78%" class="vtable"><input name="descr" type="text"
- class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/>
+ class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/><br/>
<span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td>
- <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
<?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td>
</tr>
<tr>
@@ -384,14 +405,14 @@ include_once("head.inc");
<td width="78%" class="vtable">
<input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
<?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
- onClick="enable_blockoffenders()">
+ onClick="enable_blockoffenders();" />
<?php echo gettext("Checking this option will automatically block hosts that generate a " .
"Snort alert."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td>
<td width="78%" class="vtable">
- <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+ <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/>
<?php echo gettext("Checking this option will kill firewall states for the blocked IP"); ?>
</td>
</tr>
@@ -410,12 +431,12 @@ include_once("head.inc");
?>
</select>&nbsp;&nbsp;
<?php echo gettext("Select which IP extracted from the packet you wish to block"); ?><br/>
- <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Search Method"); ?></td>
<td width="78%" class="vtable">
@@ -442,7 +463,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Split ANY-ANY"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>>
+ <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>/>
<?php echo gettext("Enable splitting of ANY-ANY port group.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This setting is a memory/performance trade-off. It reduces memory footprint by not " .
@@ -454,7 +475,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Search Optimize"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>>
+ <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>/>
<?php echo gettext("Enable search optimization.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This setting optimizes fast pattern memory when used with search-methods AC or AC-SPLIT " .
@@ -465,7 +486,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Inserts"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>>
+ <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>/>
<?php echo gettext("Do not evaluate stream inserted packets against the detection engine.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This is a potential performance improvement based on the idea the stream rebuilt packet " .
@@ -475,15 +496,14 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Checksum Check Disable"); ?></td>
<td width="78%" class="vtable">
- <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>>
+ <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>/>
<?php echo gettext("Disable checksum checking within Snort to improve performance."); ?>
<br><span class="red"><?php echo gettext("Hint: ") . "</span>" .
gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?>
</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks " .
- "Snort should inspect and whitelist."); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks Snort should inspect and whitelist"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td>
@@ -545,11 +565,11 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td>
<td width="78%" class="vtable">
<select name="whitelistname" class="formselect" id="whitelistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
+ /* find whitelist (Pass List) names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
if (is_array($snortglob['whitelist']['item'])) {
foreach ($snortglob['whitelist']['item'] as $value) {
@@ -562,19 +582,19 @@ include_once("head.inc");
}
?>
</select>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')"
- id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','passlist')"
+ id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <span class="vexpl"><?php echo gettext("Choose the whitelist you want this interface to " .
+ <span class="vexpl"><?php echo gettext("Choose the Pass List you want this interface to " .
"use."); ?> </span><br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
- <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
- "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
+ <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("The default " .
+ "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired."); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
<td width="78%" class="vtable">
@@ -602,29 +622,28 @@ include_once("head.inc");
gettext("Default option disables suppression and filtering."); ?>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " .
- "be automatically inserted into the Snort configuration."); ?></td>
-</tr>
-<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td>
- <td width="78%" class="vtable">
- <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
- </td>
-</tr>
-<tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " .
+ "be automatically inserted into the Snort configuration."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td>
+ <td width="78%" class="vtable">
+ <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
- <input name="id" type="hidden" value="<?=$id;?>"/>
- </td>
-</tr>
-<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
- gettext("Please save your settings before you attempt to start Snort."); ?>
- </td>
-</tr>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
+ gettext("Please save your settings before you attempt to start Snort."); ?>
+ </td>
+ </tr>
</table>
</div>
</td></tr>
@@ -684,11 +703,12 @@ function getSelectedValue(elemID) {
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
- elemType = "whitelist";
+ elemType = "passlist";
}
var url = "snort_list_view.php?id=" + id + "&wlist=";
url = url + getSelectedValue(elemID) + "&type=" + elemType;
- wopen(url, 'WhitelistViewer', 640, 480);
+ url = url + "&time=" + new Date().getTime();
+ wopen(url, 'PassListViewer', 640, 480);
}
enable_change(false);
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index b22a6934..99c8313d 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Copyright (C) 2008-2009 Robert Zelaya
@@ -42,23 +43,26 @@ global $g;
$snortdir = SNORTDIR;
/* make things short */
-$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
+$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off';
$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
-$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
-$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
+$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off';
+$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off';
$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
$pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime'];
-$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
-$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off';
+$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off';
+$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs'] == "on" ? 'on' : 'off';
+$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off';
+/* Set sensible values for any empty default params */
if (empty($pconfig['snortloglimit']))
$pconfig['snortloglimit'] = 'on';
-if (empty($pconfig['rule_update_starttime']))
- $pconfig['rule_update_starttime'] = '00:30';
+if (!isset($pconfig['rule_update_starttime']))
+ $pconfig['rule_update_starttime'] = '00:05';
if ($_POST['rule_update_starttime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime']))
@@ -73,12 +77,14 @@ if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off';
// If any rule sets are being turned off, then remove them
// from the active rules section of each interface. Start
@@ -187,10 +193,11 @@ if ($input_errors)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -268,7 +275,7 @@ if ($input_errors)
<tr>
<td>&nbsp;</td>
<td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" .
- gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
+ gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are automatically disabled when the ETPro rules are selected."); ?></td>
</tr>
</table>
<table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0">
@@ -310,11 +317,11 @@ if ($input_errors)
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td>
<td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4"
- maxlength="5" value="<?=$pconfig['rule_update_starttime'];?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
+ maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
<?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" .
- gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/>
+ gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/>
<?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " .
- "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td>
+ "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td>
</tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
@@ -322,7 +329,7 @@ if ($input_errors)
<tr>
<?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
- "Limit"); ?><br/>
+ "Limit"); ?><br/><br/>
<br/>
<br/>
<span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
@@ -368,6 +375,18 @@ if ($input_errors)
<?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files After Deinstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("All Snort log files will be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td>
<td width="78%" class="vtable"><input name="forcekeepsettings"
id="forcekeepsettings" type="checkbox" value="yes"
@@ -377,7 +396,7 @@ if ($input_errors)
<tr>
<td width="22%" valign="top">
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" >
+ <input name="save" type="submit" class="formbtn" value="Save" >
</td>
</tr>
<tr>
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index e42b7f8c..216b93c6 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -46,7 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
-
function snort_suppresslist_used($supplist) {
/****************************************************************/
@@ -69,14 +68,14 @@ function snort_suppresslist_used($supplist) {
return false;
}
-if ($_GET['act'] == "del") {
- if ($a_suppress[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
- if (snort_suppresslist_used($a_suppress[$_GET['id']]['name'])) {
- $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!");
+if ($_POST['del']) {
+ if ($a_suppress[$_POST['list_id']] && is_numericint($_POST['list_id'])) {
+ /* make sure list is not being referenced by any Snort interfaces */
+ if (snort_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to a Snort interface and cannot be removed! Unassign it from all Snort interfaces first.");
}
else {
- unset($a_suppress[$_GET['id']]);
+ unset($a_suppress[$_POST['list_id']]);
write_config();
header("Location: /snort/snort_interfaces_suppress.php");
exit;
@@ -93,14 +92,16 @@ include_once("head.inc");
<?php
include_once("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
if ($input_errors) {
print_input_errors($input_errors);
}
+if ($savemsg)
+ print_info_box($savemsg);
?>
-<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="/snort/snort_interfaces_suppress.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -110,10 +111,11 @@ if ($input_errors) {
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -137,15 +139,13 @@ if ($input_errors) {
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td valign="middle"><a
- href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
- <td><a
- href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
+ <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Edit Suppress List"); ?>"></a></td>
+ <td><input type="image" name="del[]"
+ onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete Suppress List");?>"/></td>
</tr>
</table>
</td>
@@ -160,7 +160,7 @@ if ($input_errors) {
<td valign="middle"><a
href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
+ width="17" height="17" border="0" title="<?php echo gettext("Add a new list"); ?>"></a></td>
</tr>
</table>
</td>
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 3d703987..370fa017 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -10,6 +10,7 @@
*
* modified for the pfsense snort package
* Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,7 +38,6 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -48,9 +48,16 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+}
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
@@ -77,7 +84,7 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['uuid'] = uniqid();
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -152,10 +159,11 @@ if ($savemsg)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -204,7 +212,7 @@ if ($savemsg)
</td>
</tr>
<tr>
- <td colspan="2"><input id="submit" name="submit" type="submit"
+ <td colspan="2"><input id="save" name="save" type="submit"
class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php
deleted file mode 100644
index 9391eb85..00000000
--- a/config/snort/snort_interfaces_whitelist.php
+++ /dev/null
@@ -1,177 +0,0 @@
-<?php
-/*
- * snort_interfaces_whitelist.php
- *
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
- $config['installedpackages']['snortglobal']['whitelist'] = array();
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['whitelist']['item']))
- $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
-else
- $id_gen = '0';
-
-if ($_GET['act'] == "del") {
- if ($a_whitelist[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
- unset($a_whitelist[$_GET['id']]);
- write_config();
- sync_snort_package_config();
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- }
-}
-
-$pgtitle = gettext("Snort: Whitelists");
-include_once("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-include_once("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($savemsg) print_info_box($savemsg);
-?>
-
-<form action="/snort/snort_interfaces_whitelist.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
-?>
- </td>
-</tr>
-<tr>
- <td><div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="20%" class="listhdrr">File Name</td>
- <td width="40%" class="listhdrr">Values</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
- </tr>
- <?php foreach ($a_whitelist as $i => $list): ?>
- <tr>
- <td class="listlr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?php
- $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
- echo $addresses;
- if(count($addresses) < 10) {
- echo " ";
- } else {
- echo "...";
- }
- ?></td>
- <td class="listbg"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit whitelist"); ?>"></a></td>
- <td><a
- href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete whitelist"); ?>"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-<br>
-<table width="100%" border="0" cellpadding="1"
- cellspacing="1">
- <tr>
- <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
- <p><?php echo gettext("Here you can create whitelist files for your " .
- "snort package rules."); ?><br>
- <?php echo gettext("Please add all the ips or networks you want to protect against snort " .
- "block decisions."); ?><br>
- <?php echo gettext("Remember that the default whitelist only includes local networks."); ?><br>
- <?php echo gettext("Be careful, it is very easy to get locked out of your system."); ?></p></span></td>
- </tr>
- <tr>
- <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td>
- </tr>
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
deleted file mode 100644
index 882c2b6f..00000000
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ /dev/null
@@ -1,324 +0,0 @@
-<?php
-/*
- * snort_interfaces_whitelist_edit.php
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if ($_POST['cancel']) {
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
- $config['installedpackages']['snortglobal']['whitelist'] = array();
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
-}
-
-if (empty($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'])) {
- $whitelist_uuid = 0;
- while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
- $whitelist_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $whitelist_uuid;
- }
-} else
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
-
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
- if (!is_string($name))
- return false;
-
- if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name))
- return true;
-
- return false;
-}
-
-if (isset($id) && $a_whitelist[$id]) {
- /* old settings */
- $pconfig = array();
- $pconfig['name'] = $a_whitelist[$id]['name'];
- $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
- $pconfig['detail'] = $a_whitelist[$id]['detail'];
- $pconfig['address'] = $a_whitelist[$id]['address'];
- $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
- $pconfig['localnets'] = $a_whitelist[$id]['localnets'];
- $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
- $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
- $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
- $pconfig['vips'] = $a_whitelist[$id]['vips'];
- $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "address" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['submit']) {
- unset($input_errors);
- $pconfig = $_POST;
-
- /* input validation */
- $reqdfields = explode(" ", "name");
- $reqdfieldsn = explode(",", "Name");
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = gettext("Whitelist file names may not be named defaultwhitelist.");
-
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = gettext("Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
-
- /* check for name conflicts */
- foreach ($a_whitelist as $w_list) {
- if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
- continue;
-
- if ($w_list['name'] == $_POST['name']) {
- $input_errors[] = gettext("A whitelist file name with this name already exists.");
- break;
- }
- }
-
- if ($_POST['address'])
- if (!is_alias($_POST['address']))
- $input_errors[] = gettext("A valid alias must be provided");
-
- if (!$input_errors) {
- $w_list = array();
- /* post user input */
- $w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $whitelist_uuid;
- $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
- $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
- $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
- $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
- $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
- $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
-
- $w_list['address'] = $_POST['address'];
- $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $w_list['detail'] = $final_address_details;
-
- if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
- else
- $a_whitelist[] = $w_list;
-
- write_config();
-
- /* create whitelist and homenet file then sync files */
- sync_snort_package_config();
-
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- }
-}
-
-$pgtitle = gettext("Snort: Whitelist Edit - {$a_whitelist[$id]['name']}");
-include_once("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
-?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
-<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
-?>
- </td>
-</tr>
-<tr><td><div id="mainarea">
-<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " .
- "description of the file."); ?></td>
- </tr>
- <tr>
- <td valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td>
- <td class="vtable"><input name="name" type="text" id="name" class="formfld unknown"
- size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
- <span class="vexpl"> <?php echo gettext("The list name may only consist of the " .
- "characters \"a-z, A-Z, 0-9 and _\"."); ?>&nbsp;&nbsp;<span class="red"><?php echo gettext("Note:"); ?> </span>
- <?php echo gettext("No Spaces or dashes."); ?> </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td>
- <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown"
- id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
- <span class="vexpl"> <?php echo gettext("You may enter a description here for your " .
- "reference (not parsed)."); ?> </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td>
- <td width="78%" class="vtable"><input name="localnets" type="checkbox"
- id="localnets" size="40" value="yes"
- <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td>
- </tr>
-
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td>
- <td width="78%" class="vtable"><input name="wanips" type="checkbox"
- id="wanips" size="40" value="yes"
- <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td>
- <td width="78%" class="vtable"><input name="wangateips"
- type="checkbox" id="wangateips" size="40" value="yes"
- <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> <?php echo gettext("Add WAN Gateways to the list."); ?> </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN DNS servers"); ?></td>
- <td width="78%" class="vtable"><input name="wandnsips"
- type="checkbox" id="wandnsips" size="40" value="yes"
- <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> <?php echo gettext("Add WAN DNS servers to the list."); ?> </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Virtual IP Addresses"); ?></td>
- <td width="78%" class="vtable"><input name="vips" type="checkbox"
- id="vips" size="40" value="yes"
- <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> <?php echo gettext("Add Virtual IP Addresses to the list."); ?> </span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("VPNs"); ?></td>
- <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
- id="vpnips" size="40" value="yes"
- <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
- <span class="vexpl"> <?php echo gettext("Add VPN Addresses to the list."); ?> </span></td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">
- <div id="addressnetworkport"><?php echo gettext("Alias Name:"); ?></div>
- </td>
- <td width="78%" class="vtable">
- <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
- title="<?=trim(filter_expand_alias($pconfig['address']));?>" />
- &nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
- title="<?php echo gettext("Select an existing IP alias");?>"/>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
- <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" />
- <input name="id" type="hidden" value="<?=$id;?>" />
- </td>
- </tr>
-</table>
-</div>
-</td></tr>
-</table>
-</form>
-<script type="text/javascript">
-<?php
- $isfirst = 0;
- $aliases = "";
- $addrisfirst = 0;
- $aliasesaddr = "";
- if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
- foreach($config['aliases']['alias'] as $alias_name) {
- if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
- continue;
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- }
-?>
-
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
-
-function createAutoSuggest() {
-<?php
- echo "objAlias = new AutoSuggestControl(document.getElementById('address'), new StateSuggestions(addressarray));\n";
-?>
-}
-
-setTimeout("createAutoSuggest();", 500);
-
-</script>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php
index 856367ef..8c3d0134 100644
--- a/config/snort/snort_list_view.php
+++ b/config/snort/snort_list_view.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2004, 2005 Scott Ullrich
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
@@ -41,23 +42,29 @@ global $g, $config;
$contents = '';
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
+$title = "List";
if (isset($id) && isset($wlist)) {
$a_rule = $config['installedpackages']['snortglobal']['rule'][$id];
if ($type == "homenet") {
$list = snort_build_list($a_rule, $wlist);
$contents = implode("\n", $list);
+ $title = "HOME_NET";
}
- elseif ($type == "whitelist") {
+ elseif ($type == "passlist") {
$list = snort_build_list($a_rule, $wlist, true);
$contents = implode("\n", $list);
+ $title = "Pass List";
}
elseif ($type == "suppress") {
$list = snort_find_list($wlist, $type);
$contents = str_replace("\r", "", base64_decode($list['suppresspassthru']));
+ $title = "Suppress List";
}
else
$contents = gettext("\n\nERROR -- Requested List Type entity is not valid!");
@@ -65,35 +72,32 @@ if (isset($id) && isset($wlist)) {
else
$contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!");
-$pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer"));
+$pgtitle = array(gettext("Snort"), gettext($title . " Viewer"));
?>
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-<form action="snort_whitelist_view.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
- <td class="pgtitle" colspan="2">Snort: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td>
+ <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td>
</tr>
<tr>
<td align="left" width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext(ucfirst($type) . ": ") . '</b>&nbsp;' . $_GET['wlist']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext($title . ": ") . '</b>&nbsp;' . htmlspecialchars($_GET['wlist']); ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
<td colspan="2" valign="top" class="label">
<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
</div>
</td>
</tr>
@@ -101,7 +105,5 @@ $pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer"));
</td>
</tr>
</table>
-</form>
-<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php
deleted file mode 100644
index beec1aa7..00000000
--- a/config/snort/snort_log_view.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php
-/*
- * snort_log_view.php
- *
- * Copyright (C) 2004, 2005 Scott Ullrich
- * Copyright (C) 2011 Ermal Luci
- * All rights reserved.
- *
- * Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
- * Copyright (C) 2006-2009 Volker Theile
- *
- * Adapted for Pfsense Snort package by Robert Zelaya
- * Copyright (C) 2008-2009 Robert Zelaya
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$contents = '';
-
-// Read the contents of the argument passed to us.
-// Is it a fully qualified path and file?
-$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401);
-if (file_exists($logfile))
- if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!");
- else
- $contents = file_get_contents($logfile);
-// It is not something we can display, so print an error.
-else
- $contents = gettext("\n\nERROR -- File: {$logfile} not found!");
-
-$pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
-?>
-
-<?php include("head.inc");?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-
-<form action="snort_log_view.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td class="tabcont">
- <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
- <tr>
- <td class="pgtitle" colspan="2">Snort: Log File Viewer</td>
- </tr>
- <tr>
- <td align="left" width="20%">
- <input type="button" class="formbtn" value="Return" onclick="window.close()">
- </td>
- <td align="right">
- <b><?php echo gettext("Log File: ") . '</b>&nbsp;' . $logfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="label">
- <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php // include("fend.inc");?>
-</body>
-</html>
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 945ddd04..c2b46cd5 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -96,13 +96,15 @@ function snort_build_new_conf($snortcfg) {
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
+ conf_mount_rw();
+
/* See if we should protect and not modify the preprocessor rules files */
if (!empty($snortcfg['protect_preproc_rules']))
$protect_preproc_rules = $snortcfg['protect_preproc_rules'];
else
$protect_preproc_rules = "off";
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
$snort_uuid = $snortcfg['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
@@ -162,8 +164,18 @@ function snort_build_new_conf($snortcfg) {
/* define snortunifiedlog */
$snortunifiedlog_type = "";
- if ($snortcfg['snortunifiedlog'] == "on")
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ if ($snortcfg['barnyard_enable'] == "on") {
+ if (isset($snortcfg['unified2_log_limit']))
+ $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}";
+ else
+ $u2_log_limit = "limit 128";
+
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}";
+ if ($snortcfg['barnyard_log_vlan_events'] == 'on')
+ $snortunifiedlog_type .= ", vlan_event_types";
+ if ($snortcfg['barnyard_log_mpls_events'] == 'on')
+ $snortunifiedlog_type .= ", mpls_event_types";
+ }
/* define spoink */
$spoink_type = "";
@@ -721,6 +733,49 @@ preprocessor sensitive_data: \
EOD;
+ /* define IP Reputation preprocessor */
+ if (is_array($snortcfg['blist_files']['item'])) {
+ $blist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['blist_files']['item'] as $blist) {
+ if ($bIsFirst) {
+ $blist_files .= "blacklist " . IPREP_PATH . $blist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist;
+ }
+ }
+ if (is_array($snortcfg['wlist_files']['item'])) {
+ $wlist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['wlist_files']['item'] as $wlist) {
+ if ($bIsFirst) {
+ $wlist_files .= "whitelist " . IPREP_PATH . $wlist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist;
+ }
+ }
+ if (!empty($blist_files))
+ $ip_lists = $blist_files;
+ if (!empty($wlist_files))
+ $ip_lists .= ", \\ \n" . $wlist_files;
+ if ($snortcfg['iprep_scan_local'] == 'on')
+ $ip_lists .= ", \\ \n\tscan_local";
+
+ $reputation_preproc = <<<EOD
+# IP Reputation preprocessor #
+preprocessor reputation: \
+ memcap {$snortcfg['iprep_memcap']}, \
+ priority {$snortcfg['iprep_priority']}, \
+ nested_ip {$snortcfg['iprep_nested_ip']}, \
+ white {$snortcfg['iprep_white']}, \
+ {$ip_lists}
+
+EOD;
+
/* define servers as IP variables */
$snort_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -751,11 +806,11 @@ EOD;
"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
);
$snort_preproc = array (
- "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc"
+ "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan",
+ "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc"
);
$default_disabled_preprocs = array(
- "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc"
+ "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
@@ -1213,7 +1268,7 @@ EOD;
ipvar HOME_NET [{$home_net}]
ipvar EXTERNAL_NET [{$external_net}]
-# Define Rule Paths #
+# Define Rule Path #
var RULE_PATH {$snortcfgdir}/rules
# Define Servers #
@@ -1305,13 +1360,8 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src
EOD;
// Write out snort.conf file
- $conf = fopen("{$snortcfgdir}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open {$snortcfgdir}/snort.conf for writing.");
- return -1;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
+ file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
+ conf_mount_ro();
unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
unset($home_net, $external_net, $ipvardef, $portvardef);
}
@@ -1326,14 +1376,14 @@ if(is_process_running("snort")) {
exec("/usr/bin/killall -z snort");
sleep(2);
// Delete any leftover snort PID files in /var/run
- array_map('@unlink', glob("/var/run/snort_*.pid"));
+ unlink_if_exists("/var/run/snort_*.pid");
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
exec("/usr/bin/killall -z barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
}
/* Set flag for post-install in progress */
@@ -1362,46 +1412,68 @@ foreach ($preproc_rules as $file) {
@unlink("{$rcdir}/snort.sh");
@unlink("{$rcdir}/barnyard2");
+/* Create required log and db directories in /var */
+safe_mkdir(SNORTLOGDIR);
+safe_mkdir(IPREP_PATH);
+
+/* If installed, absorb the Snort Dashboard Widget into this package */
+/* by removing it as a separately installed package. */
+$pkgid = get_pkg_id("Dashboard Widget: Snort");
+if ($pkgid >= 0) {
+ log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package."));
+ unset($config['installedpackages']['package'][$pkgid]);
+ unlink_if_exists("/usr/local/pkg/widget-snort.xml");
+ write_config();
+}
+
+/* Define a default Dashboard Widget Container for Snort */
+$snort_widget_container = "snort_alerts-container:col2:close";
+
/* remake saved settings */
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
/* Do one-time settings migration for new multi-engine configurations */
- update_output_window(gettext("Please wait... migrating settings to new multi-engine configuration..."));
- include('/usr/local/pkg/snort/snort_migrate_config.php');
+ update_output_window(gettext("Please wait... migrating settings to new configuration..."));
+ include('/usr/local/www/snort/snort_migrate_config.php');
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
log_error(gettext("[Snort] Downloading and updating configured rule types..."));
update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
if ($pkg_interface <> "console")
$snort_gui_include = true;
- include('/usr/local/pkg/snort/snort_check_for_rule_updates.php');
+ include('/usr/local/www/snort/snort_check_for_rule_updates.php');
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = true;
/* Create the snort.conf files for each enabled interface */
$snortconf = $config['installedpackages']['snortglobal']['rule'];
foreach ($snortconf as $value) {
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
/* create a snort.conf file for interface */
snort_build_new_conf($value);
/* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
- snort_create_barnyard2_conf($value, $if_real);
+ snort_generate_barnyard2_conf($value, $if_real);
}
/* create snort bootup file snort.sh */
snort_create_rc();
/* Set Log Limit, Block Hosts Time and Rules Update Time */
- snort_snortloglimit_install_cron($config['installedpackages']['snortglobal']['snortloglimit'] == 'on' ? true : false);
+ snort_snortloglimit_install_cron(true);
snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false);
snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false);
/* Add the recurring jobs created above to crontab */
configure_cron();
+ /* Restore the last Snort Dashboard Widget setting if none is set */
+ if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) &&
+ stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
+ $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget'];
+
$rebuild_rules = false;
update_output_window(gettext("Finished rebuilding Snort configuration files..."));
log_error(gettext("[Snort] Finished rebuilding installation from saved settings..."));
@@ -1416,8 +1488,13 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
}
}
+/* If an existing Snort Dashboard Widget container is not found, */
+/* then insert our default Widget Dashboard container. */
+if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
+ $config['widgets']['sequence'] .= ",{$snort_widget_container}";
+
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5";
write_config();
/* Done with post-install, so clear flag */
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 26b37e81..6c3dc90f 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -6,7 +6,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -38,9 +38,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortlogdir = SNORTLOGDIR;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -66,6 +68,8 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_clie
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
+
+// Calculate the "next engine ID" to use for the multi-config engine arrays
$frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']);
$stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']);
$http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']);
@@ -73,170 +77,9 @@ $ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']);
$ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']);
$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
+if (isset($id) && isset($a_nat[$id])) {
$pconfig = $a_nat[$id];
- /* Get current values from config for page form fields */
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table'];
- $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
- $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts'];
- $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host'];
- $pconfig['max_paf'] = $a_nat[$id]['max_paf'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type'];
- $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted'];
- $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted'];
- $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize'];
- $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies'];
- $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol'];
- $pconfig['pscan_type'] = $a_nat[$id]['pscan_type'];
- $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level'];
- $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap'];
- $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
- $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
- $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type'];
- $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold'];
- $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output'];
- $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
- $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
- $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
- $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc'];
- $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc'];
- $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc'];
- $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc'];
- $pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc'];
- $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable'];
- $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules'];
-
- // Frag3 global settings
- $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection'];
- $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags'];
- $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap'];
-
- // See if new Frag3 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['frag3_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd",
- "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on",
- "overlap_limit" => 0, "min_frag_len" => 0 );
- $pconfig['frag3_engine']['item'] = array();
- $pconfig['frag3_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['frag3_engine']['item']))
- $a_nat[$id]['frag3_engine']['item'] = array();
- $a_nat[$id]['frag3_engine']['item'][] = $default;
- write_config();
- $frag3_engine_next_id++;
- }
- else
- $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine'];
-
- // Stream5 global settings
- $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
- $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert'];
- $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max'];
- $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
- $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
- $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp'];
- $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
- $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp'];
- $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
- $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
- $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp'];
- $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
-
- // See if new Stream5 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['stream5_tcp_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30,
- "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0,
- "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0,
- "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off",
- "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default",
- "ports_both" => "default", "ports_server" => "none" );
- $pconfig['stream5_tcp_engine']['item'] = array();
- $pconfig['stream5_tcp_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['stream5_tcp_engine']['item']))
- $a_nat[$id]['stream5_tcp_engine']['item'] = array();
- $a_nat[$id]['stream5_tcp_engine']['item'][] = $default;
- write_config();
- $stream5_tcp_engine_next_id++;
- }
- else
- $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine'];
-
- // HTTP_INSPECT global settings
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
- $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert'];
- $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem'];
-
- // See if new HTTP_INSPECT engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['http_inspect_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off",
- "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on",
- "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off",
- "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on",
- "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on",
- "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200,
- "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" );
- $pconfig['http_inspect_engine']['item'] = array();
- $pconfig['http_inspect_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['http_inspect_engine']['item']))
- $a_nat[$id]['http_inspect_engine']['item'] = array();
- $a_nat[$id]['http_inspect_engine']['item'][] = $default;
- write_config();
- $http_inspect_engine_next_id++;
- }
- else
- $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine'];
-
- // See if new FTP client engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_client_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256,
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" );
- $pconfig['ftp_client_engine']['item'] = array();
- $pconfig['ftp_client_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_client_engine']['item']))
- $a_nat[$id]['ftp_client_engine']['item'] = array();
- $a_nat[$id]['ftp_client_engine']['item'][] = $default;
- write_config();
- $ftp_client_engine_next_id++;
- }
- else
- $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine'];
-
- // See if new FTP server engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_server_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "ports" => "default",
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "ignore_data_chan" => "no", "def_max_param_len" => 100 );
- $pconfig['ftp_server_engine']['item'] = array();
- $pconfig['ftp_server_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_server_engine']['item']))
- $a_nat[$id]['ftp_server_engine']['item'] = array();
- $a_nat[$id]['ftp_server_engine']['item'][] = $default;
- write_config();
- $ftp_server_engine_next_id++;
- }
- else
- $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine'];
-
- /* If not using the Snort VRT rules, then disable */
- /* the Sensitive Data (sdf) preprocessor. */
- if ($vrt_enabled == "off")
- $pconfig['sensitive_data'] = "off";
-
/************************************************************/
/* To keep new users from shooting themselves in the foot */
/* enable the most common required preprocessors by default */
@@ -264,12 +107,14 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+
if (empty($pconfig['sdf_alert_data_type']))
$pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
$pconfig['sdf_mask_output'] = 'off';
+
if (empty($pconfig['smtp_preprocessor']))
$pconfig['smtp_preprocessor'] = 'on';
if (empty($pconfig['dce_rpc_2']))
@@ -340,36 +185,56 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['pscan_sense_level'] = 'medium';
}
-/* Define the "disabled_preproc_rules.log" file for this interface */
-$iface = snort_get_friendly_interface($pconfig['interface']);
-$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
-if ($_GET['act'] && isset($_GET['eng_id'])) {
+/* Define the "disabled_preproc_rules.log" file for this interface */
+$disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log";
- $natent = array();
- $natent = $pconfig;
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
- if ($_GET['act'] == "del_frag3")
- unset($natent['frag3_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_stream5_tcp")
- unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_http_inspect")
- unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_ftp_server")
- unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]);
-
- if (isset($id) && $a_nat[$id]) {
- $a_nat[$id] = $natent;
+// Handle deleting of any of the multiple configuration engines
+if ($_POST['del_http_inspect']) {
+ if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) {
+ unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]);
write_config();
+ header("Location: snort_preprocessors.php?id=$id#httpinspect_row");
+ exit;
}
-
- header("Location: snort_preprocessors.php?id=$id");
- exit;
}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+elseif ($_POST['del_frag3']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]);
+ write_config();
+ header("Location: snort_preprocessors.php?id=$id#frag3_row");
+ exit;
+ }
+}
+elseif ($_POST['del_stream5_tcp']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]);
+ write_config();
+ header("Location: snort_preprocessors.php?id=$id#stream5_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_client']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]);
+ write_config();
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_server']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]);
+ write_config();
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
}
if ($_POST['ResetAll']) {
@@ -434,7 +299,8 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All preprocessor settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -509,7 +375,7 @@ elseif ($_POST['Submit']) {
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
write_config();
}
@@ -524,7 +390,7 @@ elseif ($_POST['Submit']) {
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off')
- @unlink("{$disabled_rules_log}");
+ unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
@@ -543,14 +409,19 @@ elseif ($_POST['Submit']) {
header("Location: snort_preprocessors.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-elseif ($_POST['btn_import']) {
+
+if ($_POST['btn_import']) {
if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) {
$data = file_get_contents($_FILES['host_attribute_file']['tmp_name']);
- if ($data === false)
+ if ($data === false) {
$input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!");
+ $pconfig = $_POST;
+ }
else {
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['host_attribute_data'] = base64_encode($data);
$pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
@@ -567,11 +438,14 @@ elseif ($_POST['btn_import']) {
exit;
}
}
- else
+ else {
$input_errors[] = gettext("No filename specified for import!");
+ $pconfig = $_POST;
+ }
}
-elseif ($_POST['btn_edit_hat']) {
- if (isset($id) && $a_nat[$id]) {
+
+if ($_POST['btn_edit_hat']) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
@@ -586,26 +460,21 @@ elseif ($_POST['btn_edit_hat']) {
if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data']))
$input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file.");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
+<?php include("fbegin.inc");
- /* Display Alert message */
-
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<script type="text/javascript" src="/javascript/autosuggest.js">
@@ -613,8 +482,9 @@ include_once("head.inc");
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<form action="snort_preprocessors.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input name="eng_id" id="eng_id" type="hidden" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -622,23 +492,25 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -694,7 +566,7 @@ include_once("head.inc");
"disabled preprocessors, but can substantially compromise the level of protection by " .
"automatically disabling detection rules."); ?></td>
</tr>
- <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?>
+ <?php if (file_exists("{$snortlogdir}/{$disabled_rules_log}") && filesize("{$snortlogdir}/{$disabled_rules_log}") > 0): ?>
<tr>
<td width="3%">&nbsp;</td>
<td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);">
@@ -718,8 +590,8 @@ include_once("head.inc");
<tr id="host_attrib_table_data_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td>
<td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/>
- <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40">&nbsp;&nbsp;
- <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/>
+ <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"/>&nbsp;&nbsp;
+ <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"/><br/>
<?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/>
<span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span>
<?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank">
@@ -744,7 +616,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") .
"<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("524288") . "</strong>"; ?>.</td>
@@ -761,7 +633,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") .
"<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("65535") . "</strong>"; ?>.</td>
@@ -868,10 +740,10 @@ include_once("head.inc");
<td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
- <?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <input type="image" name="del_http_inspect[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -937,9 +809,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this engine configuration");?>"></a>
+ <input type="image" name="del_frag3[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1094,9 +966,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this TCP engine configuration");?>"></a>
+ <input type="image" name="del_stream5_tcp[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this TCP engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1329,9 +1201,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP client configuration");?>"></a>
+ <input type="image" name="del_ftp_client[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP client configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default client configuration cannot be deleted");?>">
@@ -1371,9 +1243,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP server configuration");?>"></a>
+ <input type="image" name="del_ftp_server[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -1399,7 +1271,7 @@ include_once("head.inc");
<?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?>
<br/>
<span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") .
- "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
+ "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\">" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
</td>
</tr>
<tr id="sdf_alert_data_row">
@@ -1533,9 +1405,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save preprocessor settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -1582,8 +1454,6 @@ include_once("head.inc");
function createAutoSuggest() {
<?php
echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
?>
}
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index afc764fc..158999f9 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -37,38 +37,28 @@ global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$rules_map = array();
+$categories = array();
$pconfig = array();
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_rule = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
-if (isset($id) && $a_rule[$id]) {
+if (isset($id) && isset($a_rule[$id])) {
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 2)) . "...";
- return $string;
-}
-
function add_title_attribute($tag, $title) {
/********************************
@@ -102,15 +92,19 @@ function add_title_attribute($tag, $title) {
}
/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
$etprodownload = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$categories = explode("||", $pconfig['rulesets']);
-// add the standard rules files to the categories list
+// Add any previously saved rules files to the categories array
+if (!empty($pconfig['rulesets']))
+ $categories = explode("||", $pconfig['rulesets']);
+
+// add the standard rules files to the categories array
$categories[] = "custom.rules";
$categories[] = "decoder.rules";
$categories[] = "preprocessor.rules";
@@ -121,20 +115,19 @@ if ($a_rule[$id]['autoflowbitrules'] == 'on')
$categories[] = "Auto-Flowbit Rules";
natcasesort($categories);
-if ($_GET['openruleset'])
- $currentruleset = $_GET['openruleset'];
-else if ($_POST['openruleset'])
+if (isset($_POST['openruleset']))
$currentruleset = $_POST['openruleset'];
+elseif (isset($_GET['openruleset']))
+ $currentruleset = htmlspecialchars($_GET['openruleset']);
else
- $currentruleset = $categories[0];
+ $currentruleset = $categories[key($categories)];
/* One last sanity check -- if the rules directory is empty, default to loading custom rules */
$tmp = glob("{$snortdir}/rules/*.rules");
if (empty($tmp))
$currentruleset = "custom.rules";
-$ruledir = "{$snortdir}/rules";
-$rulefile = "{$ruledir}/{$currentruleset}";
+$rulefile = "{$snortdir}/rules/{$currentruleset}";
if ($currentruleset != 'custom.rules') {
// Read the current rules file into our rules map array.
// If it is the auto-flowbits file, set the full path.
@@ -157,13 +150,11 @@ if ($currentruleset != 'custom.rules') {
$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
-if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
-
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gid'];
+if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['ids'];
+ // Get the GID:SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gid'];
+ $sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
@@ -207,11 +198,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
- $_GET['openruleset'] = $currentruleset;
$anchor = "rule_{$gid}_{$sid}";
}
-
-if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
+elseif ($_POST['disable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
@@ -248,13 +237,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
+elseif ($_POST['enable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
@@ -290,13 +274,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
+elseif ($_POST['resetcategory'] && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
@@ -334,13 +313,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetall" && !empty($rules_map)) {
+elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
@@ -348,23 +322,20 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_POST['clear']) {
+else if ($_POST['cancel']) {
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+}
+elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ $pconfig['customrules'] = '';
}
-
-if ($_POST['submit']) {
+elseif ($_POST['save']) {
+ $pconfig['customrules'] = $_POST['customrules'];
if ($_POST['customrules'])
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
else
@@ -385,11 +356,12 @@ if ($_POST['submit']) {
$input_errors[] = "Custom rules have errors:\n {$error}";
}
else {
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_rule[$id]);
+ $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. ");
+ $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules.");
}
}
-
else if ($_POST['apply']) {
/* Save new configuration */
write_config();
@@ -404,29 +376,18 @@ else if ($_POST['apply']) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
-
- /* Return to this same page */
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
-}
-else if ($_POST['cancel']) {
-
- /* Return to this same page */
- header("Location: /snort/snort_rules.php?id={$id}");
- exit;
}
require_once("guiconfig.inc");
include_once("head.inc");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -440,6 +401,10 @@ if ($savemsg) {
?>
<form action="/snort/snort_rules.php" method="post" name="iform" id="iform">
+<input type='hidden' name='id' id='id' value='<?=$id;?>'/>
+<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
+<input type='hidden' name='sid' id='sid' value=''/>
+<input type='hidden' name='gid' id='gid' value=''/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -447,12 +412,13 @@ if ($savemsg) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array,true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -461,9 +427,10 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -471,20 +438,21 @@ if ($savemsg) {
<tr>
<td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td>
</tr>
-
<tr>
<td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
<?php
foreach ($categories as $value) {
- if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_")
+ if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
+ continue;
+ if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
continue;
- if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging")
+ if ($etprodownload != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
continue;
- if ($etprodownload != 'on' && substr($value, 0, 6) == "etpro-")
+ if ($snortcommunitydownload != 'on' && substr($value, 0, mb_strlen(GPL_FILE_PREFIX)) == GPL_FILE_PREFIX)
continue;
if (empty($value))
continue;
- echo "<option value='?id={$id}&openruleset={$value}' ";
+ echo "<option value='{$value}' ";
if ($value == $currentruleset)
echo "selected";
echo ">{$value}</option>\n";
@@ -493,21 +461,18 @@ if ($savemsg) {
</select>&nbsp;&nbsp;&nbsp;<?php echo gettext("Select the rule category to view"); ?>
</td>
</tr>
-
<?php if ($currentruleset == 'custom.rules'): ?>
<tr>
<td class="listtopic"><?php echo gettext("Defined Custom Rules"); ?></td>
</tr>
<tr>
<td valign="top" class="vtable">
- <input type='hidden' name='openruleset' value='custom.rules'>
- <input type='hidden' name='id' value='<?=$id;?>'>
<textarea wrap="soft" cols="90" rows="40" name="customrules"><?=base64_decode($a_rule[$id]['customrules']);?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
<input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
@@ -520,43 +485,50 @@ if ($savemsg) {
<td class="vncell">
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td rowspan="4" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/>
- <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
+ <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
- gettext("Snort must be restarted to activate any rule enable/disable changes made on this tab."); ?></span></td>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ gettext("When finished, click APPLY to save and send any SID enable/disable changes made on this tab to Snort."); ?></span></td>
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?>
+ title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?>
+ title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Disable all rules in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0'
- title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
+ <tr>
+ <td class="vexpl" valign="middle"><a href="javascript: void(0)"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" width="15" height="15" <?php
+ echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
+ onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
+ title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a>
+ &nbsp;&nbsp;<?php echo gettext("View full file contents for the current Category"); ?></td>
+ </tr>
<?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
<tr>
<td colspan="3">&nbsp;</td>
@@ -564,14 +536,13 @@ if ($savemsg) {
<tr>
<td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" .
gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") .
- "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
+ "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
gettext("clicking here") . ".</a>";?></td>
</tr>
<?php endif;?>
</table>
</td>
</tr>
-
<tr>
<td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td>
</tr>
@@ -579,18 +550,18 @@ if ($savemsg) {
<td>
<?php if ($currentruleset != 'decoder.rules' && $currentruleset != 'preprocessor.rules'): ?>
+
<table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="15" align="left" valign="middle">
+ <col width="14" align="left" valign="middle">
<col width="6%" align="center" axis="number">
- <col width="8%" align="center" axis="number">
- <col width="54" align="center" axis="string">
+ <col width="9%" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="14%" align="center" axis="string">
- <col width="11%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col width="14%" align="center" axis="string">
- <col width="11%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col axis="string">
- <col width="22" align="right" valign="middle">
</colgroup>
<thead>
<tr>
@@ -599,20 +570,13 @@ if ($savemsg) {
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr"><?php echo gettext("Source"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("SPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Destination"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
- <th class="list"><a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
- echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
- onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
- title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
</tr>
</thead>
<tbody>
-
<?php
$counter = $enable_cnt = $disable_cnt = 0;
foreach ($rules_map as $k1 => $rulem) {
@@ -660,51 +624,47 @@ if ($savemsg) {
$dstspan = add_title_attribute($textss, $rule_content[5]);
$dstprtspan = add_title_attribute($textss, $rule_content[6]);
- $protocol = $rule_content[1]; //protocol field
- $source = truncate($rule_content[2], 14); //source field
- $source_port = truncate($rule_content[3], 10); //source port field
- $destination = truncate($rule_content[5], 14); //destination field
- $destination_port = truncate($rule_content[6], 10); //destination port field
- $message = snort_get_msg($v['rule']);
-
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$gid}_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&gid={$gid}&ids={$sid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}'></a>
- $textse
+ $protocol = $rule_content[1]; //protocol field
+ $source = $rule_content[2]; //source field
+ $source_port = $rule_content[3]; //source port field
+ $destination = $rule_content[5]; //destination field
+ $destination_port = $rule_content[6]; //destination port field
+ $message = snort_get_msg($v['rule']); // description field
+ $sid_tooltip = gettext("View the raw text for this rule");
+
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/></a>{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
- {$textss}{$sid}{$textse}
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ <a href=\"javascript: void(0)\"
+ onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
+ title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$protocol}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcspan}{$source}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcprtspan}{$source_port}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstspan}{$destination}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstprtspan}{$destination_port}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
- {$textss}{$message}{$textse}</font>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ {$textss}{$message}{$textse}
</td>";
?>
- <td align="right" valign="middle" nowrap class="listt">
- <a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
- title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
- </td>
</tr>
<?php
$counter++;
@@ -725,7 +685,6 @@ if ($savemsg) {
<col width="22%" align="center" axis="string">
<col width="15%" align="center" axis="string">
<col align="left" axis="string">
- <col width="22" align="right" valign="middle">
</colgroup>
<thead>
<tr>
@@ -735,12 +694,6 @@ if ($savemsg) {
<th class="listhdrr"><?php echo gettext("Classification"); ?></th>
<th class="listhdrr"><?php echo gettext("IPS Policy"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
- <th class="list"><a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
- echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
- onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
- title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
</tr>
</thead>
<tbody>
@@ -788,35 +741,30 @@ if ($savemsg) {
else
$policy = "none";
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}&gid={$gid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}'></a>
- $textse
- </td>
- <td class=\"listlr\" align=\"center\">
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/>{$textse}
+ </td>
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
- {$textss}{$sid}{$textse}
- </td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ <a href=\"javascript: void(0)\"
+ onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
+ title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
+ </td>
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$classtype}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$policy}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
- {$textss}{$message}{$textse}</font>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ {$textss}{$message}{$textse}
</td>";
?>
- <td align="right" valign="middle" nowrap class="listt">
- <a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
- title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
- </td>
</tr>
<?php
$counter++;
@@ -826,7 +774,9 @@ if ($savemsg) {
?>
</tbody>
</table>
+
<?php endif;?>
+
</td>
</tr>
<tr>
@@ -875,10 +825,11 @@ if ($savemsg) {
<script language="javascript" type="text/javascript">
function go()
{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
+ var box = document.getElementById("selectbox");
+ var ruleset = box.options[box.selectedIndex].value;
+ if (ruleset)
+ document.getElementById("openruleset").value = ruleset;
+ document.getElementById("iform").submit();
}
function wopen(url, name, w, h)
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 61a9574a..49423440 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -41,28 +41,30 @@ require_once("/usr/local/pkg/snort/snort.inc");
$flowbit_rules_file = FLOWBITS_FILENAME;
$snortdir = SNORTDIR;
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_rule = &$config['installedpackages']['snortglobal']['rule'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-$id = $_GET['id'];
+// If we were not passed a valid index ID, close the pop-up and exit
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
+ echo '<html><body link="#000000" vlink="#000000" alink="#000000">';
+ echo '<script language="javascript" type="text/javascript">';
+ echo 'window.close();</script>';
+ echo '</body></html>';
exit;
}
-if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
- $pconfig['interface'] = $a_rule[$id]['interface'];
- $pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
}
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$a_rule = &$config['installedpackages']['snortglobal']['rule'];
+
+$if_real = get_real_interface($a_rule[$id]['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
-$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
-$file = $_GET['openruleset'];
+$snortlogdir = SNORTLOGDIR;
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/";
+
+$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
$contents = '';
$wrap_flag = "off";
@@ -77,13 +79,13 @@ else
// a standard rules file, or a complete file name.
// Test for the special case of an IPS Policy file.
if (substr($file, 0, 10) == "IPS Policy") {
- $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
- if (isset($_GET['ids'])) {
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $rules_map = snort_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1))));
+ if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
else {
- $contents = "# Snort IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n";
+ $contents = "# Snort IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n";
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
$contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n";
@@ -94,7 +96,7 @@ if (substr($file, 0, 10) == "IPS Policy") {
unset($rules_map);
}
// Is it a SID to load the rule text from?
-elseif (isset($_GET['ids'])) {
+elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
@@ -102,7 +104,7 @@ elseif (isset($_GET['ids'])) {
$rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}");
else
$rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
// Is it our special flowbit rules file?
@@ -114,16 +116,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}"))
// Is it a rules file in the ../preproc_rules/ directory?
elseif (file_exists("{$snortdir}/preproc_rules/{$file}"))
$contents = file_get_contents("{$snortdir}/preproc_rules/{$file}");
-// Is it a fully qualified path and file?
-elseif (file_exists($file)) {
- if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
- else
- $contents = file_get_contents($file);
-}
+// Is it a disabled preprocessor auto-rules-disable file?
+elseif (file_exists("{$snortlogdir}/{$file}"))
+ $contents = file_get_contents("{$snortlogdir}/{$file}");
// It is not something we can display, so exit.
else
- $input_errors[] = gettext("Unable to open file: {$displayfile}");
+ $contents = gettext("Unable to open file: {$displayfile}");
$pgtitle = array(gettext("Snort"), gettext("File Viewer"));
?>
@@ -131,10 +129,8 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
<?php // include("fbegin.inc");?>
-<form action="snort_rules_edit.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
@@ -161,7 +157,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
</td>
</tr>
</table>
-</form>
<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 325276ee..de5bdc6b 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_rules_flowbits.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -41,40 +41,34 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-// Set who called us so we can return to the correct page with
-// the RETURN button. Save the original referrer and the query
-// string in session variables.
-session_start();
-if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) {
- $_SESSION['org_referrer'] = urldecode($_GET['returl']);
- $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING'];
-}
-$referrer = $_SESSION['org_referrer'];
-$querystr = $_SESSION['org_querystr'];
-session_write_close();
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-if ($_POST['cancel']) {
- session_start();
- unset($_SESSION['org_referrer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
- header("Location: {$referrer}?{$querystr}");
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
exit;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- session_start();
- unset($_SESSION['org_referrer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
- header("Location: /snort/snort_interfaces.php");
+// Set who called us so we can return to the correct page with
+// the RETURN ('cancel') button.
+if ($_POST['referrer'])
+ $referrer = $_POST['referrer'];
+else
+ $referrer = $_SERVER['HTTP_REFERER'];
+
+// Make sure a rule index ID is appended to the return URL
+if (strpos($referrer, "?id={$id}") === FALSE)
+ $referrer .= "?id={$id}";
+
+// If RETURN button clicked, exit to original calling page
+if ($_POST['cancel']) {
+ header("Location: {$referrer}");
exit;
}
-$if_real = snort_get_real_interface($a_nat[$id]['interface']);
+$if_real = get_real_interface($a_nat[$id]['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */
@@ -89,12 +83,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') {
else
$input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- $descr = snort_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']);
+if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) {
+ $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']);
+ $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n");
if (empty($descr))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
else
- $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
+ $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
if (!is_array($config['installedpackages']['snortglobal']['suppress']))
$config['installedpackages']['snortglobal']['suppress'] = array();
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
@@ -134,7 +129,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
$rebuild_rules = false;
sync_snort_package_config();
snort_reload_config($a_nat[$id]);
- $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
+ $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
else {
/* We did not find the defined list, so notify the user with an error */
@@ -142,23 +137,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 3)) . "...";
- return $string;
-}
-
/* Load up an array with the current Suppression List GID,SID values */
$supplist = snort_load_suppress_sigs($a_nat[$id]);
-$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Flowbit Rules");
include_once("head.inc");
@@ -168,12 +150,16 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="snort_rules_flowbits.php" method="post" name="iform" id="iform">
+<input type="hidden" name="id" value="<?=$id;?>"/>
+<input type="hidden" name="referrer" value="<?=$referrer;?>"/>
+<input type="hidden" name="sid" id="sid" value=""/>
+<input type="hidden" name="gid" id="gid" value=""/>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -203,7 +189,7 @@ if ($savemsg)
<td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td>
<td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" /></td>
+ </td>
</tr>
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td>
@@ -220,13 +206,13 @@ if ($savemsg)
</tr>
<tr>
<td>
- <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="11%" axis="number">
- <col width="10%" axis="string">
+ <col width="54" axis="string">
<col width="14%" axis="string">
<col width="14%" axis="string">
- <col width="20%" axis="string">
+ <col width="24%" axis="string">
<col axis="string">
</colgroup>
<thead>
@@ -253,19 +239,20 @@ if ($savemsg)
$tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp));
$rule_content = preg_split('/[\s]+/', $tmp);
- $protocol = $rule_content[1]; //protocol
- $source = truncate($rule_content[2], 14); //source
- $destination = truncate($rule_content[5], 14); //destination
- $message = snort_get_msg($v['rule']);
+ $protocol = $rule_content[1]; //protocol
+ $source = $rule_content[2]; //source
+ $destination = $rule_content[5]; //destination
+ $message = snort_get_msg($v['rule']); // description
$flowbits = implode("; ", snort_get_flowbits($v['rule']));
if (strstr($flowbits, "noalert"))
$supplink = "";
else {
if (!isset($supplist[$gid][$sid])) {
- $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">";
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
+ $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';";
+ $supplink .= "document.getElementById('gid').value='{$gid}';\" ";
+ $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
- $supplink .= gettext("Click to add to Suppress List") . "'/></a>";
+ $supplink .= gettext("Click to add to Suppress List") . "'/>";
}
else {
$supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" ";
@@ -276,12 +263,12 @@ if ($savemsg)
// Use "echo" to write the table HTML row-by-row.
echo "<tr>" .
- "<td class=\"listr\">{$sid}&nbsp;{$supplink}</td>" .
- "<td class=\"listr\">{$protocol}</td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
+ "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
+ "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" .
+ "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
+ "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
"<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" .
- "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
+ "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
"</tr>";
$count++;
}
@@ -297,7 +284,6 @@ if ($savemsg)
<td align="center" valign="middle">
<input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" />
</td>
</tr>
<?php endif; ?>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 9c14392d..46a67913 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -5,6 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,12 +43,14 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
if (isset($id) && $a_nat[$id]) {
@@ -59,12 +62,12 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ips_policy'] = $a_nat[$id]['ips_policy'];
}
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
-$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off';
+$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off';
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off';
+$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
$no_emerging_files = false;
$no_snort_files = false;
@@ -118,7 +121,12 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-if ($_POST["Submit"]) {
+if (!empty($a_nat[$id]['rulesets']))
+ $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
+else
+ $enabled_rulesets_array = array();
+
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -158,8 +166,10 @@ if ($_POST["Submit"]) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_nat[$id]);
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
+ $pconfig = $_POST;
+ $enabled_rulesets_array = explode("||", $enabled_items);
+ if (snort_is_running($snort_uuid, $if_real))
+ $savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
if ($_POST['unselectall']) {
@@ -174,61 +184,47 @@ if ($_POST['unselectall']) {
unset($a_nat[$id]['ips_policy']);
}
- write_config();
- sync_snort_package_config();
+ $pconfig['autoflowbits'] = $_POST['autoflowbits'];
+ $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable'];
+ $pconfig['ips_policy'] = $_POST['ips_policy'];
+ $enabled_rulesets_array = array();
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
+ $savemsg = gettext("All rule categories have been de-selected. ");
+ if ($a_nat[$id]['ips_policy_enable'] = 'on')
+ $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used.");
+ else
+ $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!");
}
if ($_POST['selectall']) {
- $rulesets = array();
-
- if ($_POST['ips_policy_enable'] == "on") {
- $a_nat[$id]['ips_policy_enable'] = 'on';
- $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
- }
- else {
- $a_nat[$id]['ips_policy_enable'] = 'off';
- unset($a_nat[$id]['ips_policy']);
- }
+ $enabled_rulesets_array = array();
if ($emergingdownload == 'on') {
$files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
elseif ($etpro == 'on') {
$files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
if ($snortcommunitydownload == 'on') {
$files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
/* Include the Snort VRT rules only if enabled and no IPS policy is set */
if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') {
$files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
-
- $a_nat[$id]['rulesets'] = implode("||", $rulesets);
-
- write_config();
- sync_snort_package_config();
-
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
}
-$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
-
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Categories");
include_once("head.inc");
?>
@@ -237,11 +233,10 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -259,12 +254,13 @@ if ($savemsg) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -273,9 +269,10 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -392,9 +389,9 @@ if ($savemsg) {
<td colspan="6">
<table width=90% align="center" border="0" cellpadding="2" cellspacing="0">
<tr height="45px">
- <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
- <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all categories to enforcing rules"); ?>"/></td>
+ <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove categories all from enforcing rules"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -426,14 +423,14 @@ if ($savemsg) {
<?php endif; ?>
<?php endif; ?>
- <?php if ($no_emerging_files)
- $msg_emerging = "downloaded.";
+ <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on'))
+ $msg_emerging = "have not been downloaded.";
else
- $msg_emerging = "enabled.";
- if ($no_snort_files)
- $msg_snort = "downloaded.";
+ $msg_emerging = "are not enabled.";
+ if ($no_snort_files && $snortdownload == 'on')
+ $msg_snort = "have not been downloaded.";
else
- $msg_snort = "enabled.";
+ $msg_snort = "are not enabled.";
?>
<tr id="frheader">
<?php if ($emergingdownload == 'on' && !$no_emerging_files): ?>
@@ -443,7 +440,7 @@ if ($savemsg) {
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td>
<?php else: ?>
- <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules not {$msg_emerging}"); ?></td>
+ <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td>
<?php endif; ?>
<?php if ($snortdownload == 'on' && !$no_snort_files): ?>
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
@@ -451,7 +448,7 @@ if ($savemsg) {
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Snort SO Rules');?></td>
<?php else: ?>
- <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules have not been {$msg_snort}"); ?></td>
+ <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td>
<?php endif; ?>
</tr>
<?php
@@ -561,7 +558,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="6" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title="<?php echo gettext("Click to Save changes and rebuild rules");?>"/></td>
</tr>
<?php endif; ?>
</table>
diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php
index c5c6347e..c632b388 100644
--- a/config/snort/snort_select_alias.php
+++ b/config/snort/snort_select_alias.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
snort_select_alias.php
- Copyright (C) 2013 Bill Meeks
+ Copyright (C) 2013, 2014 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -42,22 +42,29 @@ require_once("/usr/local/pkg/snort/snort.inc");
// overwrite it on subsequent POST-BACKs to this page.
if (!isset($_POST['org_querystr']))
$querystr = $_SERVER['QUERY_STRING'];
+else
+ $querystr = $_POST['org_querystr'];
// Retrieve any passed QUERY STRING or POST variables
-$type = $_GET['type'];
-$varname = $_GET['varname'];
-$multi_ip = $_GET['multi_ip'];
-$referrer = urldecode($_GET['returl']);
if (isset($_POST['type']))
$type = $_POST['type'];
+elseif (isset($_GET['type']))
+ $type = htmlspecialchars($_GET['type']);
+
if (isset($_POST['varname']))
$varname = $_POST['varname'];
+elseif (isset($_GET['varname']))
+ $varname = htmlspecialchars($_GET['varname']);
+
if (isset($_POST['multi_ip']))
$multi_ip = $_POST['multi_ip'];
+elseif (isset($_GET['multi_ip']))
+ $multi_ip = htmlspecialchars($_GET['multi_ip']);
+
if (isset($_POST['returl']))
$referrer = urldecode($_POST['returl']);
-if (isset($_POST['org_querystr']))
- $querystr = $_POST['org_querystr'];
+elseif (isset($_GET['returl']))
+ $referrer = urldecode($_GET['returl']);
// Make sure we have a valid VARIABLE name
// and ALIAS TYPE, or else bail out.
@@ -122,11 +129,11 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="snort_select_alias.php" method="post">
-<input type="hidden" name="varname" value="<?=$varname;?>">
-<input type="hidden" name="type" value="<?=$type;?>">
-<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>">
-<input type="hidden" name="returl" value="<?=$referrer;?>">
-<input type="hidden" name="org_querystr" value="<?=$querystr;?>">
+<input type="hidden" name="varname" value="<?=$varname;?>"/>
+<input type="hidden" name="type" value="<?=$type;?>"/>
+<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/>
+<input type="hidden" name="returl" value="<?=$referrer;?>"/>
+<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index b3d81f37..9a91e0d6 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_stream5_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -36,14 +36,16 @@ $snortdir = SNORTDIR;
/* Retrieve required array index values from QUERY string if available. */
/* 'id' is the [rule] array index, and 'eng_id' is the index for the */
/* stream5_tcp_engine's [item] array. */
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-
/* See if values are in our form's POST content */
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
/* If we don't have a [rule] index specified, exit */
if (is_null($id)) {
@@ -131,7 +133,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['stream5_client_import']))
$_SESSION['stream5_client_import'] = array();
@@ -165,7 +167,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
unset($_SESSION['org_referer']);
@@ -333,7 +335,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine");
include_once("head.inc");
@@ -586,7 +588,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo