diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 6 | ||||
-rw-r--r-- | config/snort/snort_alerts.php | 48 | ||||
-rw-r--r-- | config/snort/snort_interfaces_global.php | 32 |
3 files changed, 37 insertions, 49 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 814cd017..5eb20ff9 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -246,7 +246,7 @@ function Running_Stop($snort_uuid, $if_real, $id) { if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); - exec("/bin/rm {$g['varrun_path']}/barnyard2_{$snort_uuid}_{$if_real}*"); + @unlink("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; @@ -1003,7 +1003,7 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { /* TODO: add support for the other 5 output plugins */ $snortconf = $config['installedpackages']['snortglobal']['rule'][$id]; $snortbarnyardlog_database_info_chk = $snortconf['barnyard_mysql']; - $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); + $snortbarnyardlog_hostname_info_chk = php_uname("n"); /* user add arguments */ $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortconf['barnconfigpassthru'])); @@ -1020,7 +1020,7 @@ config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.m config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map config hostname: $snortbarnyardlog_hostname_info_chk -config interface: {$snort_uuid}_{$if_real} +config interface: {$if_real} config decode_data_link config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 645a3f8d..806d4738 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -121,8 +121,8 @@ if ($_POST['download']) { function get_snort_alert_date($fileline) { /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ - if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) - $alert_date = "$matches1[0]"; + if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches)) + $alert_date = "$matches[0]"; return $alert_date; } @@ -139,8 +139,8 @@ function get_snort_alert_disc($fileline) function get_snort_alert_class($fileline) { /* class */ - if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) - $alert_class = "$matches2[0]"; + if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches)) + $alert_class = "$matches[0]"; return $alert_class; } @@ -148,8 +148,8 @@ function get_snort_alert_class($fileline) function get_snort_alert_priority($fileline) { /* Priority */ - if (preg_match('/Priority:\s\d/', $fileline, $matches3)) - $alert_priority = "$matches3[0]"; + if (preg_match('/Priority:\s\d/', $fileline, $matches)) + $alert_priority = "$matches[0]"; return $alert_priority; } @@ -157,8 +157,8 @@ function get_snort_alert_priority($fileline) function get_snort_alert_proto($fileline) { /* Priority */ - if (preg_match('/\{.+\}/', $fileline, $matches3)) - $alert_proto = "$matches3[0]"; + if (preg_match('/\{.+\}/', $fileline, $matches)) + $alert_proto = "$matches[0]"; return $alert_proto; } @@ -166,8 +166,8 @@ function get_snort_alert_proto($fileline) function get_snort_alert_proto_full($fileline) { /* Protocal full */ - if (preg_match('/.+\sTTL/', $fileline, $matches2)) - $alert_proto_full = "$matches2[0]"; + if (preg_match('/.+\sTTL/', $fileline, $matches)) + $alert_proto_full = "$matches[0]"; return $alert_proto_full; } @@ -178,8 +178,8 @@ function get_snort_alert_ip_src($fileline) $re1='.*?'; # Non-greedy match on filler $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - $alert_ip_src = $matches4[1][0]; + if (preg_match_all ("/".$re1.$re2."/is", $fileline, $matches)) + $alert_ip_src = $matches[1][0]; return $alert_ip_src; } @@ -187,8 +187,8 @@ function get_snort_alert_ip_src($fileline) function get_snort_alert_src_p($fileline) { /* source port */ - if (preg_match('/:\d+\s-/', $fileline, $matches5)) - $alert_src_p = "$matches5[0]"; + if (preg_match('/:\d+\s-/', $fileline, $matches)) + $alert_src_p = "$matches[0]"; return $alert_src_p; } @@ -196,8 +196,8 @@ function get_snort_alert_src_p($fileline) function get_snort_alert_flow($fileline) { /* source port */ - if (preg_match('/(->|<-)/', $fileline, $matches5)) - $alert_flow = "$matches5[0]"; + if (preg_match('/(->|<-)/', $fileline, $matches)) + $alert_flow = "$matches[0]"; return $alert_flow; } @@ -210,8 +210,8 @@ function get_snort_alert_ip_dst($fileline) $re3dp='.*?'; # Non-greedy match on filler $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) - $alert_ip_dst = $matches6[1][0]; + if (preg_match_all("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches)) + $alert_ip_dst = $matches[1][0]; return $alert_ip_dst; } @@ -219,8 +219,8 @@ function get_snort_alert_ip_dst($fileline) function get_snort_alert_dst_p($fileline) { /* dst port */ - if (preg_match('/:\d+$/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; + if (preg_match('/:\d+$/', $fileline, $matches)) + $alert_dst_p = "$matches[0]"; return $alert_dst_p; } @@ -228,8 +228,8 @@ function get_snort_alert_dst_p($fileline) function get_snort_alert_dst_p_full($fileline) { /* dst port full */ - if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) - $alert_dst_p = "$matches7[0]"; + if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches)) + $alert_dst_p = "$matches[0]"; return $alert_dst_p; } @@ -237,8 +237,8 @@ function get_snort_alert_dst_p_full($fileline) function get_snort_alert_sid($fileline) { /* SID */ - if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) - $alert_sid = "$matches8[0]"; + if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches)) + $alert_sid = "$matches[0]"; return $alert_sid; } diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index a328012a..3131f774 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -41,8 +41,6 @@ global $g; $snortdir = SNORTDIR; -$d_snort_global_dirty_path = '/var/run/snort_global.dirty'; - /* make things short */ $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; @@ -172,21 +170,11 @@ include_once("fbegin.inc"); if($pfsense_stable == 'yes') echo '<p class="pgtitle">' . $pgtitle . '</p>'; -?> -<?php - /* Display Alert message, under form tag or no refresh */ - if ($input_errors) - print_input_errors($input_errors); // TODO: add checks - - if (!$input_errors) { - if (file_exists($d_snort_global_dirty_path)) { - print_info_box_np(' - The Snort configuration has changed and snort needs to be restarted on this interface.<br> - You must apply the changes in order for them to take effect.<br> - '); - } - } +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); // TODO: add checks + ?> <form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> @@ -345,12 +333,12 @@ if($pfsense_stable == 'yes') <td width="78%" class="vtable"> <select name="snortalertlogtype" class="formselect" id="snortalertlogtype"> <?php - $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" - <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?></option> - <?php endforeach; ?> + $logtype = array('full' => 'FULL', 'fast' => 'SHORT'); + foreach ($logtype as $logt => $logdescr): ?> + <option value="<?=$logt;?>" + <?php if ($logt == $pconfig['snortalertlogtype']) echo "selected"; ?>> + <?=htmlspecialchars($logdescr);?></option> + <?php endforeach; ?> </select><br> <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> |