diff options
Diffstat (limited to 'config/snort')
25 files changed, 7170 insertions, 6835 deletions
diff --git a/config/snort/help_and_info.php b/config/snort/help_and_info.php index 2a66657c..215a055e 100644 --- a/config/snort/help_and_info.php +++ b/config/snort/help_and_info.php @@ -1,6 +1,6 @@ <?php - require_once("guiconfig.inc"); +require_once("guiconfig.inc"); echo ' diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 21f06c21..f8798812 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1,33 +1,33 @@ <?php /* $Id$ */ /* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009-2010 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort.inc + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009-2010 Robert Zelaya + part of pfSense + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("pfsense-utils.inc"); require_once("config.inc"); @@ -63,13 +63,13 @@ $pfsense_theme_is = $config['theme']; /* func builds custom white lists */ function find_whitelist_key($find_wlist_number) { - global $config, $g; + global $config, $g; $whitelist_array = $config['installedpackages']['snortglobal']['whitelist']['item']; $w_key = -1; foreach ($whitelist_array as $value) { - $w_key += 1; + $w_key += 1; if ($config['installedpackages']['snortglobal']['whitelist']['item'][$w_key]['uuid'] == $find_wlist_number) { return $w_key; } @@ -78,13 +78,13 @@ function find_whitelist_key($find_wlist_number) { /* func builds custom suppress lists */ function find_suppress_key($find_slist_number) { - global $config, $g; + global $config, $g; $suppresslist_array = $config['installedpackages']['snortglobal']['suppress']['item']; $s_key = -1; foreach ($suppresslist_array as $value2) { - $s_key += 1; + $s_key += 1; if ($config['installedpackages']['snortglobal']['suppress']['item'][$s_key]['uuid'] == $find_slist_number) { return $s_key; } @@ -93,126 +93,126 @@ function find_suppress_key($find_slist_number) { /* func builds custom whitelests */ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { -global $config, $g; - - /* build an interface array list */ - $int_array = array('lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(!$config['interfaces']['opt' . $j]['gateway']) - $int_array[] = "opt{$j}"; - - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. - */ - foreach($int_array as $int) { - /* calculate interface subnet information */ - $ifcfg = &$config['interfaces'][$int]; - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe" or $subnet == "dhcp") { - $subnet = find_interface_ip("ng0"); - if($subnet) - $home_net .= "{$subnet} "; - } else { - if ($subnet) - if($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; - } - } + global $config, $g; + + /* build an interface array list */ + $int_array = array('lan'); + for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) + if(isset($config['interfaces']['opt' . $j]['enable'])) + if(!$config['interfaces']['opt' . $j]['gateway']) + $int_array[] = "opt{$j}"; + + /* iterate through interface list and write out whitelist items + * and also compile a home_net list for snort. + */ + foreach($int_array as $int) { + /* calculate interface subnet information */ + $ifcfg = &$config['interfaces'][$int]; + $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); + $subnetmask = gen_subnet_mask($ifcfg['subnet']); + if($subnet == "pppoe" or $subnet == "dhcp") { + $subnet = find_interface_ip("ng0"); + if($subnet) + $home_net .= "{$subnet} "; + } else { + if ($subnet) + if($ifcfg['subnet']) + $home_net .= "{$subnet}/{$ifcfg['subnet']} "; + } + } if($wanip == 'yes') { - /* add all WAN ips to the whitelist */ - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if($ip) - $home_net .= "{$ip} "; + /* add all WAN ips to the whitelist */ + $wan_if = get_real_wan_interface(); + $ip = find_interface_ip($wan_if); + if($ip) + $home_net .= "{$ip} "; } if($wangw == 'yes') { - /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name2("WAN"); - $gw = get_interface_gateway($int); - if($gw) - $home_net .= "{$gw} "; + /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ + $int = convert_friendly_interface_to_real_interface_name2("WAN"); + $gw = get_interface_gateway($int); + if($gw) + $home_net .= "{$gw} "; } if($wandns == 'yes') { - /* Add DNS server for WAN interface to whitelist */ - $dns_servers = get_dns_servers(); - foreach($dns_servers as $dns) { - if($dns) - $home_net .= "{$dns} "; - } - } - - if($vips == 'yes') { - /* iterate all vips and add to whitelist */ - if($config['virtualip']) - foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) - $home_net .= $vip['subnet'] . " "; - } - - /* Add loopback to whitelist (ftphelper) */ - if($userwips > -1 && $build_netlist == 'netlist') { - $home_net .= "127.0.0.1 "; - }elseif ($userwips > -1 && $build_netlist == 'whitelist') { - $home_net .= "127.0.0.1 "; - }else{ - $home_net .= "127.0.0.1"; + /* Add DNS server for WAN interface to whitelist */ + $dns_servers = get_dns_servers(); + foreach($dns_servers as $dns) { + if($dns) + $home_net .= "{$dns} "; } - - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ - if($vpns == 'yes') - { - if ($pfsense_stable == 'yes') // chk what pfsense version were on - { - $vpns_list = get_vpns_list(); - } - - if ($pfsense_stable == 'no') // chk what pfsense version were on - { - $vpns_list = filter_get_vpns_list(); - } - if ($vpns_list != '') { - $home_net .= "$vpns_list "; - } - } + } + + if($vips == 'yes') { + /* iterate all vips and add to whitelist */ + if($config['virtualip']) + foreach($config['virtualip']['vip'] as $vip) + if($vip['subnet']) + $home_net .= $vip['subnet'] . " "; + } - /* never ever compair numbers to words */ - if($userwips > -1) - { - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + /* Add loopback to whitelist (ftphelper) */ + if($userwips > -1 && $build_netlist == 'netlist') { + $home_net .= "127.0.0.1 "; + }elseif ($userwips > -1 && $build_netlist == 'whitelist') { + $home_net .= "127.0.0.1 "; + }else{ + $home_net .= "127.0.0.1"; + } - $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address']; + /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ + if($vpns == 'yes') + { + if ($pfsense_stable == 'yes') // chk what pfsense version were on + { + $vpns_list = get_vpns_list(); + } + + if ($pfsense_stable == 'no') // chk what pfsense version were on + { + $vpns_list = filter_get_vpns_list(); } + if ($vpns_list != '') { + $home_net .= "$vpns_list "; + } + } + + /* never ever compair numbers to words */ + if($userwips > -1) + { + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - /* this foe whitelistfile, convert spaces to carriage returns */ - $whitelist_home_net = str_replace(" ", "\n", $home_net); - $whitelist_home_net = str_replace(" ", "\n", $home_net); + $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address']; + } - /* this is for snort.conf */ - $home_net = trim($home_net); - // $home_net = str_replace(" ", ",", $home_net); // old code - $home_net = str_replace(",,", ",", $home_net); // by Thrae, helps people with more than one gateway - $home_net = "[{$home_net}]"; + /* this foe whitelistfile, convert spaces to carriage returns */ + $whitelist_home_net = str_replace(" ", "\n", $home_net); + $whitelist_home_net = str_replace(" ", "\n", $home_net); - if($build_netlist == 'netlist') { - return $home_net; - } + /* this is for snort.conf */ + $home_net = trim($home_net); + // $home_net = str_replace(" ", ",", $home_net); // old code + $home_net = str_replace(",,", ",", $home_net); // by Thrae, helps people with more than one gateway + $home_net = "[{$home_net}]"; - if($build_netlist == 'whitelist') { - return $whitelist_home_net; - } -} + if($build_netlist == 'netlist') { + return $home_net; + } + + if($build_netlist == 'whitelist') { + return $whitelist_home_net; + } +} /* checks to see if snort is running yes/no and stop/start */ - function Running_Ck($snort_uuid, $if_real, $id) { - global $config; - +function Running_Ck($snort_uuid, $if_real, $id) { + global $config; + $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); if(snort_up_ck == ''){ @@ -222,28 +222,28 @@ global $config, $g; if(snort_up_ck != ''){ - //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); - //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); - /* use ob_clean to clear output buffer, this code needs to be watched */ - ob_clean(); - $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'", $retval); + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); + $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'", $retval); - if ($snort_up_prell != "") { - $snort_uph = 'yes'; - }else{ - $snort_uph = 'no'; + if ($snort_up_prell != "") { + $snort_uph = 'yes'; + }else{ + $snort_uph = 'no'; } } return $snort_uph; - } +} /* checks to see if barnyard2 is running yes/no */ - function Running_Ck_b($snort_uuid, $if_real, $id) { - global $config; - +function Running_Ck_b($snort_uuid, $if_real, $id) { + global $config; + $snort_up_ck_b = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$2;}' | sed 1q"); if($snort_up_ck_b == ''){ @@ -252,115 +252,115 @@ global $config, $g; } if(snort_up_ck_b != ''){ - - //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); - //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - /* use ob_clean to clear output buffer, this code needs to be watched */ - ob_clean(); - $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); - if ($snort_up_pre_b != '') { - $snort_up_b = 'yes'; - }else{ - $snort_up_b = 'no'; + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); + $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + + if ($snort_up_pre_b != '') { + $snort_up_b = 'yes'; + }else{ + $snort_up_b = 'no'; } } return $snort_up_b; - } +} + +function Running_Stop($snort_uuid, $if_real, $id) { + global $config; + + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); - function Running_Stop($snort_uuid, $if_real, $id) { - global $config; - - /* if snort.sh crashed this will remove the pid */ - exec('/bin/rm /tmp/snort.sh.pid'); - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}\" | awk '{print \$1;}'"); $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - + $start2_upb_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + if ($start_up_s != "") { - if ($start_up_s != "") - { - exec("/bin/kill {$start_up_s}"); - exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); - exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != "") - { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - if ($start_up_r != "") - { - exec("/bin/kill {$start_up_r}"); - exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); - exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != "") - { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); + exec("/bin/kill {$start_up_s}"); + exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); + exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); } - } - - function Running_Start($snort_uuid, $if_real, $id) { - global $config; - - /* if snort.sh crashed this will remove the pid */ - exec('/bin/rm /tmp/snort.sh.pid'); + if ($start2_upb_s != "") + { + exec("/bin/kill {$start2_upb_s}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } - $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; - if ($snort_info_chk == 'on') { - exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); + exec("rm /var/log/snort/snort_{$snort_uuid}_{$if_real}*"); } - /* define snortbarnyardlog_chk */ - /* top will have trouble if the uuid is to far back */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; - if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') { - exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q"); + + if ($start2_upb_r != "") + { + exec("/bin/kill {$start2_upb_r}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); } - + /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); } +} + + +function Running_Start($snort_uuid, $if_real, $id) { + global $config; + + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); + + $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; + if ($snort_info_chk == 'on') { + exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + } + /* define snortbarnyardlog_chk */ + /* top will have trouble if the uuid is to far back */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; + if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') { + exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q"); + } + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); +} /* get the real iface name of wan */ function convert_friendly_interface_to_real_interface_name2($interface) { - global $config; - - $lc_interface = strtolower($interface); - if($lc_interface == "lan") return $config['interfaces']['lan']['if']; - if($lc_interface == "wan") return $config['interfaces']['wan']['if']; - $ifdescrs = array(); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) - $ifdescrs['opt' . $j] = "opt" . $j; - foreach ($ifdescrs as $ifdescr => $ifname) - { - if(strtolower($ifname) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - } - - return $interface; + global $config; + + $lc_interface = strtolower($interface); + if($lc_interface == "lan") return $config['interfaces']['lan']['if']; + if($lc_interface == "wan") return $config['interfaces']['wan']['if']; + $ifdescrs = array(); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) + $ifdescrs['opt' . $j] = "opt" . $j; + foreach ($ifdescrs as $ifdescr => $ifname) + { + if(strtolower($ifname) == $lc_interface) + return $config['interfaces'][$ifname]['if']; + if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface) + return $config['interfaces'][$ifname]['if']; + } + + return $interface; } @@ -370,158 +370,158 @@ ini_set('max_input_time', '9999'); /* define oinkid */ if($config['installedpackages']['snortglobal']) - $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; - -/* -this code block is for deleteing logs while keeping the newest file, -snort is linked to these files while running, do not take the easy way out -by touch and rm, snort will lose sync and not log. -this code needs to be watched. -*/ +/* + this code block is for deleteing logs while keeping the newest file, + snort is linked to these files while running, do not take the easy way out + by touch and rm, snort will lose sync and not log. + + this code needs to be watched. + */ /* list dir files */ function snort_file_list($snort_log_dir, $snort_log_file) { - $dir = opendir ("$snort_log_dir"); - while (false !== ($file = readdir($dir))) { - if (strpos($file, "$snort_log_file",1) ) { - $file_list[] = $file; - } - } - return $file_list; + $dir = opendir ("$snort_log_dir"); + while (false !== ($file = readdir($dir))) { + if (strpos($file, "$snort_log_file",1) ) { + $file_list[] = $file; + } + } + return $file_list; } /* snort dir files */ function snort_file_sort($snort_file1, $snort_file2) { - if ($snort_file1 == $snort_file2) { - return 0; - } - return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array + if ($snort_file1 == $snort_file2) { + return 0; + } + return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array } /* build files newest first array */ function snort_build_order($snort_list) { - foreach ($snort_list as $value_list) { - $list_order[] = $value_list; - } - return $list_order; + foreach ($snort_list as $value_list) { + $list_order[] = $value_list; + } + return $list_order; } /* keep the newest remove the rest */ function snort_remove_files($snort_list_rm, $snort_file_safe) { - foreach ($snort_list_rm as $value_list) - { - if ($value_list != $snort_file_safe) { - exec("/bin/rm /var/log/snort/$value_list"); - }else{ - exec("/bin/echo '' > /var/log/snort/$snort_file_safe"); - } - } + foreach ($snort_list_rm as $value_list) + { + if ($value_list != $snort_file_safe) { + exec("/bin/rm /var/log/snort/$value_list"); + }else{ + exec("/bin/echo '' > /var/log/snort/$snort_file_safe"); + } + } } function post_delete_logs() { global $config, $g; - + $snort_log_dir = '/var/log/snort'; /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) + if (!empty($config['installedpackages']['snortglobal']['rule'])) { - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) - { + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { - if ($id == '') { + if ($id == '') { $id = 0; - } + } - $id += 1; + $id += 1; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - if ($if_real != '' && $snort_uuid != '') + if ($if_real != '' && $snort_uuid != '') + { + if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') { - if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') - { - $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2."; - $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); - if (is_array($snort_list_u2)) { - usort($snort_list_u2, "snort_file_sort"); - $snort_u2_rm_list = snort_build_order($snort_list_u2); - snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); - } - }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*"); + $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2."; + $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); + if (is_array($snort_list_u2)) { + usort($snort_list_u2, "snort_file_sort"); + $snort_u2_rm_list = snort_build_order($snort_list_u2); + snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); } + }else{ + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*"); + } - if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') - { - $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump."; - $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); - if (is_array($snort_list_tcpd)) { - usort($snort_list_tcpd, "snort_file_sort"); - $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); - snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); - } - }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*"); + if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') + { + $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump."; + $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); + if (is_array($snort_list_tcpd)) { + usort($snort_list_tcpd, "snort_file_sort"); + $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); + snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); } + }else{ + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*"); + } - /* create barnyard2 configuration file */ - //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') - //create_barnyard2_conf($id, $if_real, $snort_uuid); + /* create barnyard2 configuration file */ + //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') + //create_barnyard2_conf($id, $if_real, $snort_uuid); - if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) - { - exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats"); - } + if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) + { + exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats"); } } + } } } - + function snort_postinstall() { global $config; conf_mount_rw(); - -/* find out if were in 1.2.3-RELEASE */ -$pfsense_ver_chk = exec('/bin/cat /etc/version'); -if ($pfsense_ver_chk == '1.2.3-RELEASE') -{ - $pfsense_stable = 'yes'; -}else{ - $pfsense_stable = 'no'; -} -/* find out what arch where in x86 , x64 */ -$snort_arch_ck = ''; -exec('/usr/bin/uname -m', $snort_arch_ck); -if($snort_arch_ck[0] == 'i386') { - $snort_arch = 'x86'; -}else{ - $snort_arch = 'x64'; -} - + /* find out if were in 1.2.3-RELEASE */ + $pfsense_ver_chk = exec('/bin/cat /etc/version'); + if ($pfsense_ver_chk == '1.2.3-RELEASE') + { + $pfsense_stable = 'yes'; + }else{ + $pfsense_stable = 'no'; + } + + /* find out what arch where in x86 , x64 */ + $snort_arch_ck = ''; + exec('/usr/bin/uname -m', $snort_arch_ck); + if($snort_arch_ck[0] == 'i386') { + $snort_arch = 'x86'; + }else{ + $snort_arch = 'x64'; + } + /* snort -> advanced features */ $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; /* cleanup default files */ - if(file_exists('/usr/local/etc/snort/snort.conf-sample')) + if(file_exists('/usr/local/etc/snort/snort.conf-sample')) { exec('/bin/rm /usr/local/etc/snort/snort.conf-sample'); exec('/bin/rm /usr/local/etc/snort/threshold.conf-sample'); @@ -535,45 +535,45 @@ if($snort_arch_ck[0] == 'i386') { exec('/bin/rm /usr/local/etc/rc.d/snort'); exec('/bin/rm /usr/local/etc/rc.d/bardyard2'); } - + /* remove example files */ if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) { exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); } - + if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) { exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); } - + /* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */ exec('/usr/sbin/pw groupadd snort -g 920'); exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin'); - /* create a few directories and ensure the sample files are in place */ + /* create a few directories and ensure the sample files are in place */ if(!file_exists('/usr/local/etc/snort')) { exec('/bin/mkdir -p /usr/local/etc/snort'); } - + if(!file_exists('/usr/local/etc/snort/custom_rules')) { exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules/'); } - + if(!file_exists('/usr/local/etc/snort/whitelist')) { exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); } - + if(!file_exists('/var/log/snort/run')) { exec('/bin/mkdir -p /var/log/snort/run'); } - + if(!file_exists('/var/log/snort/barnyard2')) { exec('/bin/mkdir -p /var/log/snort/barnyard2/'); @@ -583,7 +583,7 @@ if($snort_arch_ck[0] == 'i386') { { exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); } - + if(!file_exists('/var/db/whitelist')) { touch('/var/db/whitelist'); @@ -596,12 +596,12 @@ if($snort_arch_ck[0] == 'i386') { exec('/bin/rm -rf /var/log/snort/*'); touch('/var/log/snort/alert'); } - + /* rm barnyard2 important */ if(!file_exists('/usr/local/bin/barnyard2')) { exec('/bin/rm /usr/local/bin/barnyard2'); } - + /* important */ exec('/usr/sbin/chown -R snort:snort /var/log/snort'); exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); @@ -625,7 +625,7 @@ if($snort_arch_ck[0] == 'i386') { exec('/bin/mkdir -p /usr/local/www/snort/css'); exec('/bin/mkdir -p /usr/local/www/snort/images'); exec('/bin/mkdir -p /usr/local/www/snort/javascript'); - + chdir ("/usr/local/www/snort/css/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/colorbox.css'); @@ -656,10 +656,10 @@ if($snort_arch_ck[0] == 'i386') { exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/sortableTable.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/row_helper.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/prototype.js'); - + /* install barnyard2 for 2.0 x86 x64 and 1.2.3 x86 */ chdir ("/usr/local/bin/"); - + update_status(gettext("Installing Barnyard2 for $snort_arch...")); update_output_window(gettext("Please wait...")); if ($pfsense_stable == 'yes') { @@ -669,24 +669,24 @@ if($snort_arch_ck[0] == 'i386') { if ($pfsense_stable == 'no' && $snort_arch == 'x86') { exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1x86/barnyard2'); } - + if ($pfsense_stable == 'no' && $snort_arch == 'x64') { exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.1x64/barnyard2'); } update_output_window(gettext("Finnished Installing Barnyard2...")); - + exec('/bin/chmod 755 /usr/local/bin/barnyard2'); - - + + /* install perl-threaded */ /* TODO: invoke this through pkg_util.inc */ if(!file_exists('/tmp/pkg_s')) { exec('/bin/mkdir -p /tmp/pkg_s'); } - + chdir ('/tmp/pkg_s'); - + update_status(gettext("Installing perl-threaded for $snort_arch...")); update_output_window(gettext("Please wait downloading...")); if ($pfsense_stable == 'yes') { @@ -696,7 +696,7 @@ if($snort_arch_ck[0] == 'i386') { if ($pfsense_stable == 'no' && $snort_arch == 'x86') { exec('/usr/bin/fetch http://files.pfsense.org/packages/snort//8.1x86/perl-threaded-5.12.1_1.tbz'); } - + if ($pfsense_stable == 'no' && $snort_arch == 'x64') { exec('/usr/bin/fetch http://files.pfsense.org/packages/snort/8.1x64/perl-threaded-5.12.1_1.tbz'); } @@ -705,17 +705,17 @@ if($snort_arch_ck[0] == 'i386') { if(file_exists('/tmp/pkg_s/perl-threaded-5.12.1_1.tbz')){ exec('/usr/sbin/pkg_add -f /tmp/pkg_s/perl-threaded-5.12.1_1.tbz'); } - + update_output_window(gettext("Please wait Cleaning Up...")); if(file_exists('/tmp/pkg_s/')){ exec('/bin/rm -r /tmp/pkg_s/'); - } - - update_output_window(gettext("Finnished Installing perl-threaded...")); - + } + + update_output_window(gettext("Finnished Installing perl-threaded...")); + /* back to default */ chdir ('/root/'); - + /* make sure snort-old is deinstalled */ /* remove when snort-old is removed */ unset($config['installedpackages']['snort']); @@ -725,7 +725,7 @@ if($snort_arch_ck[0] == 'i386') { unset($config['installedpackages']['snortadvanced']); write_config(); conf_mount_rw(); - + /* remake saved settings */ if($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { update_status(gettext("Saved settings detected...")); @@ -733,318 +733,318 @@ if($snort_arch_ck[0] == 'i386') { sync_snort_package_empty(); update_output_window(gettext("Finnished Rebuilding files...")); } - + conf_mount_ro(); - -} - -function sync_package_snort_reinstall() + +} + +function sync_package_snort_reinstall() { global $config; conf_mount_rw(); - + if(!$config['installedpackages']['snortglobal']) - return; - + return; + /* create snort configuration file */ create_snort_conf(); - + /* start snort service */ // start_service("snort"); // do not start, may be needed latter. - + conf_mount_ro(); } function snort_Getdirsize($node) { - if(!is_readable($node)) - return false; + if(!is_readable($node)) + return false; - $blah = exec( "/usr/bin/du -kd $node" ); - return substr( $blah, 0, strpos($blah, 9) ); + $blah = exec( "/usr/bin/du -kd $node" ); + return substr( $blah, 0, strpos($blah, 9) ); } /* func for log dir size limit cron */ function snort_snortloglimit_install_cron($should_install) { - global $config, $g; - - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) { - $is_installed = true; - break; - } - $x++; - } - - $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; - $snort_snortloglimitsize_info_ck = $config['installedpackages']['snortglobal']['snortloglimitsize']; - - switch($should_install) { - case true: - if(!$is_installed) { - - $cron_item = array(); - $cron_item['minute'] = "*/5"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc"; - $config['cron']['item'][] = $cron_item; - write_config('Installed snort log limit size'); - configure_cron(); - exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable - } - break; - case false: - if($is_installed == true) { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable - } - break; - } + global $config, $g; + + if ($g['booting']==true) + return; + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) { + $is_installed = true; + break; + } + $x++; + } + + $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; + $snort_snortloglimitsize_info_ck = $config['installedpackages']['snortglobal']['snortloglimitsize']; + + switch($should_install) { + case true: + if(!$is_installed) { + + $cron_item = array(); + $cron_item['minute'] = "*/5"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc"; + $config['cron']['item'][] = $cron_item; + write_config('Installed snort log limit size'); + configure_cron(); + exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable + } + break; + case false: + if($is_installed == true) { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable + } + break; + } } /* func for updating cron */ -function snort_rm_blocked_install_cron($should_install) +function snort_rm_blocked_install_cron($should_install) { - global $config, $g; + global $config, $g; - if ($g['booting']==true) - return; + if ($g['booting']==true) + return; - $is_installed = false; + $is_installed = false; - if(!$config['cron']['item']) - return; + if(!$config['cron']['item']) + return; - $x=0; - foreach($config['cron']['item'] as $item) - { - if (strstr($item['command'], "snort2c")) - { - $is_installed = true; - break; - } - $x++; - } - - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($snort_rm_blocked_info_ck == "1h_b") - { - $snort_rm_blocked_min = "*/5"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "3600"; - } - if ($snort_rm_blocked_info_ck == "3h_b") - { - $snort_rm_blocked_min = "*/15"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "10800"; - } - if ($snort_rm_blocked_info_ck == "6h_b") - { - $snort_rm_blocked_min = "*/30"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "21600"; - } - if ($snort_rm_blocked_info_ck == "12h_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/1"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "43200"; - } - if ($snort_rm_blocked_info_ck == "1d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/2"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "86400"; - } - if ($snort_rm_blocked_info_ck == "4d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/8"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "345600"; - } - if ($snort_rm_blocked_info_ck == "7d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/14"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "604800"; - } - if ($snort_rm_blocked_info_ck == "28d_b") - { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "0"; - $snort_rm_blocked_mday = "*/2"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "2419200"; - } - switch($should_install) + $x=0; + foreach($config['cron']['item'] as $item) + { + if (strstr($item['command'], "snort2c")) { - case true: - if(!$is_installed) - { - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - $config['cron']['item'][] = $cron_item; - write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules"); - configure_cron(); - exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable - } - break; - case false: - if($is_installed == true) - { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable - } - break; + $is_installed = true; + break; } + $x++; + } + + $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + if ($snort_rm_blocked_info_ck == "1h_b") + { + $snort_rm_blocked_min = "*/5"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "3600"; + } + if ($snort_rm_blocked_info_ck == "3h_b") + { + $snort_rm_blocked_min = "*/15"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "10800"; + } + if ($snort_rm_blocked_info_ck == "6h_b") + { + $snort_rm_blocked_min = "*/30"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "21600"; + } + if ($snort_rm_blocked_info_ck == "12h_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/1"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "43200"; + } + if ($snort_rm_blocked_info_ck == "1d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/2"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "86400"; + } + if ($snort_rm_blocked_info_ck == "4d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/8"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "345600"; + } + if ($snort_rm_blocked_info_ck == "7d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/14"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "604800"; + } + if ($snort_rm_blocked_info_ck == "28d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "0"; + $snort_rm_blocked_mday = "*/2"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "2419200"; + } + switch($should_install) + { + case true: + if(!$is_installed) + { + $cron_item = array(); + $cron_item['minute'] = "$snort_rm_blocked_min"; + $cron_item['hour'] = "$snort_rm_blocked_hr"; + $cron_item['mday'] = "$snort_rm_blocked_mday"; + $cron_item['month'] = "$snort_rm_blocked_month"; + $cron_item['wday'] = "$snort_rm_blocked_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + $config['cron']['item'][] = $cron_item; + write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules"); + configure_cron(); + exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable + } + break; + case false: + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable + } + break; + } } /* func to install snort update */ function snort_rules_up_install_cron($should_install) { - global $config, $g; + global $config, $g; - if ($g['booting']==true) - return; + if ($g['booting']==true) + return; - $is_installed = false; + $is_installed = false; - if(!$config['cron']['item']) - return; + if(!$config['cron']['item']) + return; - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; - if ($snort_rules_up_info_ck == "6h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/6"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "12h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/12"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "1d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/1"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "4d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/4"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "7d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/7"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "28d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/28"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - configure_cron(); - exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable - } - break; + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; } + $x++; + } + $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; + if ($snort_rules_up_info_ck == "6h_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "*/6"; + $snort_rules_up_mday = "*"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "12h_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "*/12"; + $snort_rules_up_mday = "*"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "1d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/1"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "4d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/4"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "7d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/7"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "28d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/28"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "$snort_rules_up_min"; + $cron_item['hour'] = "$snort_rules_up_hr"; + $cron_item['mday'] = "$snort_rules_up_mday"; + $cron_item['month'] = "$snort_rules_up_month"; + $cron_item['wday'] = "$snort_rules_up_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; + $config['cron']['item'][] = $cron_item; + write_config("Installed 15 minute filter reload for Time Based Rules"); + configure_cron(); + exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable + } + break; + case false: + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable + } + break; + } } function sync_snort_package_remove_old() @@ -1052,44 +1052,44 @@ function sync_snort_package_remove_old() global $config, $g; -$snort_dir_scan = '/usr/local/etc/snort'; + $snort_dir_scan = '/usr/local/etc/snort'; -// scan dirm might have to make this into a funtion -$dh_scan = opendir($snort_dir_scan); -while (false !== ($dir_filename = readdir($dh_scan))) { - $list_dir_files[] = $dir_filename; -} + // scan dirm might have to make this into a funtion + $dh_scan = opendir($snort_dir_scan); + while (false !== ($dir_filename = readdir($dh_scan))) { + $list_dir_files[] = $dir_filename; + } -// find patern in a array, very cool code -class array_ereg { - function array_ereg($pattern) { $this->pattern = $pattern; } - function ereg($string) { - return ereg($this->pattern, $string); - } -} + // find patern in a array, very cool code + class array_ereg { + function array_ereg($pattern) { $this->pattern = $pattern; } + function ereg($string) { + return ereg($this->pattern, $string); + } + } - $rule_array2 = $config['installedpackages']['snortglobal']['rule']; - $id2 = -1; - foreach ($rule_array2 as $value) - { + $rule_array2 = $config['installedpackages']['snortglobal']['rule']; + $id2 = -1; + foreach ($rule_array2 as $value) + { - $id += 1; + $id += 1; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - $snort_rules_list[] = "snort_$id$if_real"; + $snort_rules_list[] = "snort_$id$if_real"; - } + } -$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg')); -$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list); + $snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg')); + $snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list); - foreach ($snort_dir_filter_search_result as $value) - { - exec("rm -r /usr/local/etc/snort/$value"); - } + foreach ($snort_dir_filter_search_result as $value) + { + exec("rm -r /usr/local/etc/snort/$value"); + } } @@ -1102,25 +1102,25 @@ function sync_snort_package() /* all new files are for the user snort nologin */ if(!file_exists('/var/log/snort')) { - exec('/bin/mkdir -p /var/log/snort'); + exec('/bin/mkdir -p /var/log/snort'); } - + if(!file_exists('/var/log/snort/run')) { exec('/bin/mkdir -p /var/log/snort/run'); } - + if(!file_exists('/var/log/snort/barnyard2')) { exec('/bin/mkdir -p /var/log/snort/barnyard2'); } - + /* all new files are for the user snort nologin */ if(!file_exists('/var/log/snort/alert')) { exec('/usr/bin/touch /var/log/snort/alert'); } - + /* important */ exec('/usr/sbin/chown -R snort:snort /var/log/snort'); exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); @@ -1134,22 +1134,30 @@ function sync_snort_package() exec('/bin/chmod -R 770 /var/log/snort'); exec('/bin/chmod -R 770 /usr/local/lib/snort'); exec('/bin/chmod -R 770 /usr/local/etc/snort/'); - + /* auto install loglimit dfault if value not set */ $snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize']; + $snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit']; + + if ($snortloglimit == '') { + /* code will set limit to 21% of slice that is unused */ + $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; + write_config(); + conf_mount_rw(); + } if ($snortloglimitsize == '') { /* code will set limit to 21% of slice that is unused */ - $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .21 / 1024); + $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; write_config(); - conf_mount_rw(); + conf_mount_rw(); } - + $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; if ($snort_snortloglimit_info_ck == '') { - snort_snortloglimit_install_cron(''); - snort_snortloglimit_install_cron('true'); + snort_snortloglimit_install_cron(''); + snort_snortloglimit_install_cron('true'); } conf_mount_ro(); @@ -1161,54 +1169,54 @@ function sync_snort_package_all($id, $if_real, $snort_uuid) //global $config, $g, $id, $if_real, $snort_uuid, $interface_fake; global $config, $g; -/* RedDevil suggested code */ -/* TODO: more testing needs to be done */ -/* may cause voip to fail */ -//exec("/sbin/sysctl net.bpf.bufsize=8388608"); -//exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); -//exec("/sbin/sysctl net.bpf.maxinsns=512"); -//exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); + /* RedDevil suggested code */ + /* TODO: more testing needs to be done */ + /* may cause voip to fail */ + //exec("/sbin/sysctl net.bpf.bufsize=8388608"); + //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); + //exec("/sbin/sysctl net.bpf.maxinsns=512"); + //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); -# Error checking -if ($id != '' && $if_real != '') //new -{ - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) + # Error checking + if ($id != '' && $if_real != '') //new { + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { - conf_mount_rw(); + conf_mount_rw(); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* only build whitelist when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ - create_snort_whitelist($id, $if_real); - } - - /* only build threshold when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ - create_snort_suppress($id, $if_real); - } - - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); - /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') - create_barnyard2_conf($id, $if_real, $snort_uuid); + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + + /* only build whitelist when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ + create_snort_whitelist($id, $if_real); + } - sync_snort_package(); + /* only build threshold when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ + create_snort_suppress($id, $if_real); + } - conf_mount_ro(); + /* create snort bootup file snort.sh only create once */ + create_snort_sh(); + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') + create_barnyard2_conf($id, $if_real, $snort_uuid); + + sync_snort_package(); + + conf_mount_ro(); } } } @@ -1218,19 +1226,19 @@ function sync_snort_package_empty() { global $config, $g; conf_mount_rw(); - -/* RedDevil suggested code */ -/* TODO: more testing needs to be done */ -/* may cause voip to fail */ -//exec("/sbin/sysctl net.bpf.bufsize=8388608"); -//exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); -//exec("/sbin/sysctl net.bpf.maxinsns=512"); -//exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); + + /* RedDevil suggested code */ + /* TODO: more testing needs to be done */ + /* may cause voip to fail */ + //exec("/sbin/sysctl net.bpf.bufsize=8388608"); + //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); + //exec("/sbin/sysctl net.bpf.maxinsns=512"); + //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) + if (!empty($config['installedpackages']['snortglobal']['rule'])) { - if ($id == "") + if ($id == "") { $rule_array = $config['installedpackages']['snortglobal']['rule']; @@ -1239,7 +1247,7 @@ function sync_snort_package_empty() { if ($id == '') { - $id = 0; + $id = 0; } $id += 1; @@ -1249,36 +1257,36 @@ function sync_snort_package_empty() $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); + + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - - /* only build whitelist when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ - create_snort_whitelist($id, $if_real); - } - - /* only build threshold when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ - create_snort_suppress($id, $if_real); - } + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); - /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') + /* only build whitelist when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ + create_snort_whitelist($id, $if_real); + } + + /* only build threshold when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ + create_snort_suppress($id, $if_real); + } + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); } } - /* create snort bootup file snort.sh only create once */ - create_snort_sh(); + /* create snort bootup file snort.sh only create once */ + create_snort_sh(); - sync_snort_package(); - - conf_mount_ro(); + sync_snort_package(); + + conf_mount_ro(); } } @@ -1289,19 +1297,19 @@ function sync_snort_package_config() { global $config, $g; conf_mount_rw(); - -/* RedDevil suggested code */ -/* TODO: more testing needs to be done */ -/* may cause voip to fail */ -//exec("/sbin/sysctl net.bpf.bufsize=8388608"); -//exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); -//exec("/sbin/sysctl net.bpf.maxinsns=512"); -//exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); + + /* RedDevil suggested code */ + /* TODO: more testing needs to be done */ + /* may cause voip to fail */ + //exec("/sbin/sysctl net.bpf.bufsize=8388608"); + //exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); + //exec("/sbin/sysctl net.bpf.maxinsns=512"); + //exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) + if (!empty($config['installedpackages']['snortglobal']['rule'])) { - if ($id == "") + if ($id == "") { $rule_array = $config['installedpackages']['snortglobal']['rule']; @@ -1310,7 +1318,7 @@ function sync_snort_package_config() { if ($id == '') { - $id = 0; + $id = 0; } $id += 1; @@ -1320,30 +1328,30 @@ function sync_snort_package_config() $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* only build whitelist when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ - create_snort_whitelist($id, $if_real); - } - - /* only build threshold when needed */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ - create_snort_suppress($id, $if_real); - } - - /* create barnyard2 configuration file */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - if ($snortbarnyardlog_info_chk == 'on') + + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* only build whitelist when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ + create_snort_whitelist($id, $if_real); + } + + /* only build threshold when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ + create_snort_suppress($id, $if_real); + } + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); } } - sync_snort_package(); - - conf_mount_ro(); + sync_snort_package(); + + conf_mount_ro(); } } @@ -1356,158 +1364,158 @@ function sync_snort_package_config() /* create threshold file */ /* TODO: other func should mirror this code */ function create_snort_suppress($id, $if_real) { - - global $config, $g; - conf_mount_rw(); - - /* make sure dir is there */ - if (!file_exists('/usr/local/etc/snort/suppress/')) { - exec('/bin/mkdir -p /usr/local/etc/snort/suppress/'); - } - - if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { - - preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt); - - $whitelist_key_s = find_suppress_key($slist_num_wrt[0]); - - /* file name */ - $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - - /* Message */ - $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; - - /* user added arguments */ - $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); - - /* open snort's whitelist for writing */ - $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w"); - if(!$suppresslist_w) { - log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing."); - return; - } - - fwrite($suppresslist_w, $s_data); - fclose($suppresslist_w); - conf_mount_ro(); - - } - + + global $config, $g; + conf_mount_rw(); + + /* make sure dir is there */ + if (!file_exists('/usr/local/etc/snort/suppress/')) { + exec('/bin/mkdir -p /usr/local/etc/snort/suppress/'); + } + + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { + + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt); + + $whitelist_key_s = find_suppress_key($slist_num_wrt[0]); + + /* file name */ + $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; + + /* Message */ + $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; + + /* user added arguments */ + $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); + + /* open snort's whitelist for writing */ + $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w"); + if(!$suppresslist_w) { + log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing."); + return; + } + + fwrite($suppresslist_w, $s_data); + fclose($suppresslist_w); + conf_mount_ro(); + + } + } function create_snort_whitelist($id, $if_real) { - - global $config, $g; - conf_mount_rw(); - - /* make sure dir is there */ - if (!file_exists('/usr/local/etc/snort/whitelist/')) { - exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); - } - - if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { - - /* open snort's whitelist for writing */ - $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w"); - if(!$whitelist_w) { - log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing."); - return; - } - - $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - - }else{ - - preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt); - preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt); - - $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]); - - $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype']; - $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips']; - $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips']; - $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips']; - $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips']; - $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips']; - - /* open snort's whitelist for writing */ - $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w"); - if(!$whitelist_w) { - log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing."); - return; - } - - $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w); - - } - - fwrite($whitelist_w, $w_data); - fclose($whitelist_w); - conf_mount_ro(); - + + global $config, $g; + conf_mount_rw(); + + /* make sure dir is there */ + if (!file_exists('/usr/local/etc/snort/whitelist/')) { + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); + } + + if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { + + /* open snort's whitelist for writing */ + $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w"); + if(!$whitelist_w) { + log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing."); + return; + } + + $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); + + }else{ + + preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt); + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt); + + $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]); + + $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype']; + $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips']; + $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips']; + $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips']; + $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips']; + $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips']; + + /* open snort's whitelist for writing */ + $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w"); + if(!$whitelist_w) { + log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing."); + return; + } + + $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w); + + } + + fwrite($whitelist_w, $w_data); + fclose($whitelist_w); + conf_mount_ro(); + } function create_snort_homenet($id, $if_real) { - - global $config, $g; - conf_mount_rw(); - - if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') { - return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - }else{ - preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt); - - $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]); - - $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype']; - $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips']; - $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips']; - $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips']; - $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips']; - $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips']; - - return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h); - - } - - conf_mount_ro(); - + + global $config, $g; + conf_mount_rw(); + + if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') { + return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); + }else{ + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt); + + $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]); + + $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype']; + $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips']; + $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips']; + $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips']; + $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips']; + $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips']; + + return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h); + + } + + conf_mount_ro(); + } function create_snort_externalnet($id, $if_real) { - - global $config, $g; - conf_mount_rw(); - - preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt); - - $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]); - - $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype']; - $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips']; - $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips']; - $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips']; - $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips']; - $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips']; - - return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex); - - conf_mount_ro(); - + + global $config, $g; + conf_mount_rw(); + + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt); + + $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]); + + $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype']; + $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips']; + $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips']; + $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips']; + $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips']; + $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips']; + + return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex); + + conf_mount_ro(); + } /* open snort.sh for writing" */ function create_snort_sh() { - # Don not add $id or this will break + # Don not add $id or this will break - global $config, $g; - conf_mount_rw(); + global $config, $g; + conf_mount_rw(); /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) + if (!empty($config['installedpackages']['snortglobal']['rule'])) { - if ($id == "") + if ($id == "") { $rule_array = $config['installedpackages']['snortglobal']['rule']; @@ -1515,23 +1523,23 @@ function create_snort_sh() foreach ($rule_array as $value) { - $id += 1; + $id += 1; - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - /* define snortbarnyardlog_chk */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; - $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; - - if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') { - $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q"; - } - -/* Get all interface startup commands ready */ + /* define snortbarnyardlog_chk */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; -$snort_sh_text2[] = <<<EOD + if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') { + $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort -D -q"; + } + + /* Get all interface startup commands ready */ + + $snort_sh_text2[] = <<<EOD ###### For Each Iface # If Snort proc is NOT running @@ -1551,7 +1559,7 @@ $snort_sh_text2[] = <<<EOD fi EOD; -$snort_sh_text3[] = <<<EOE + $snort_sh_text3[] = <<<EOE ###### For Each Iface @@ -1570,7 +1578,7 @@ $snort_sh_text3[] = <<<EOE EOE; -$snort_sh_text4[] = <<<EOF + $snort_sh_text4[] = <<<EOF pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}{$if_real}" | /usr/bin/awk '{print \$2;}'` sleep 3 @@ -1597,16 +1605,16 @@ EOF; } -$start_snort_iface_start = implode("\n\n", $snort_sh_text2); + $start_snort_iface_start = implode("\n\n", $snort_sh_text2); -$start_snort_iface_restart = implode("\n\n", $snort_sh_text3); + $start_snort_iface_restart = implode("\n\n", $snort_sh_text3); -$start_snort_iface_stop = implode("\n\n", $snort_sh_text4); + $start_snort_iface_stop = implode("\n\n", $snort_sh_text4); -/* open snort.sh for writing" */ -conf_mount_rw(); + /* open snort.sh for writing" */ + conf_mount_rw(); -$snort_sh_text = <<<EOD + $snort_sh_text = <<<EOD #!/bin/sh ######## # This file was automatically generated @@ -1630,7 +1638,7 @@ rc_start() { /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php & /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." -$start_snort_iface_restart + $start_snort_iface_restart /bin/rm /tmp/snort.sh.pid @@ -1650,7 +1658,7 @@ rc_start_real() { exit 0 fi -$start_snort_iface_start + $start_snort_iface_start /bin/rm /tmp/snort.sh.pid @@ -1664,7 +1672,7 @@ rc_stop() { exit 0 fi -$start_snort_iface_stop + $start_snort_iface_stop /bin/rm /tmp/snort.sh.pid /bin/rm /var/run/snort* @@ -1689,15 +1697,15 @@ esac EOD; - /* write out snort.sh */ - $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); - exit; - } - /* write snort.sh */ - fwrite($bconf, $snort_sh_text); - fclose($bconf); + /* write out snort.sh */ + $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); + if(!$bconf) { + log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); + exit; + } + /* write snort.sh */ + fwrite($bconf, $snort_sh_text); + fclose($bconf); } @@ -1708,65 +1716,65 @@ EOD; function create_rules_iface($id, $if_real, $snort_uuid) { - global $config, $g; - conf_mount_rw(); + global $config, $g; + conf_mount_rw(); - $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"; - $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full'; + $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"; + $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full'; - if ($folder_chk == "empty") + if ($folder_chk == "empty") + { + exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) { - exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) - { - exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules"); - } + exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules"); } - + } + } /* open barnyard2.conf for writing */ function create_barnyard2_conf($id, $if_real, $snort_uuid) { - global $bconfig, $g; - /* write out barnyard2_conf */ + global $bconfig, $g; + /* write out barnyard2_conf */ - if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) - { - exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); - } + if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) + { + exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + } - if(!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) - { - exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); - exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); - exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); - } - - $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); - $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); - if(!$bconf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing."); - exit; - } - fwrite($bconf, $barnyard2_conf_text); - fclose($bconf); + if(!file_exists("/var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo")) + { + exec("/usr/bin/touch /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); + exec("/usr/sbin/chown snort:snort /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); + exec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo"); + } + + $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); + $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); + if(!$bconf) { + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing."); + exit; + } + fwrite($bconf, $barnyard2_conf_text); + fclose($bconf); } /* open barnyard2.conf for writing" */ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { - global $config, $g; - conf_mount_rw(); + global $config, $g; + conf_mount_rw(); -/* define snortbarnyardlog */ -/* TODO: add support for the other 5 output plugins */ + /* define snortbarnyardlog */ + /* TODO: add support for the other 5 output plugins */ -$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; -$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); -/* user add arguments */ -$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru'])); + $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; + $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); + /* user add arguments */ + $snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru'])); -$barnyard2_conf_text = <<<EOD + $barnyard2_conf_text = <<<EOD # barnyard2.conf # barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php @@ -1808,7 +1816,7 @@ config waldo_file: /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo ## START user pass through ## -{$snortbarnyardlog_config_pass_thru} + {$snortbarnyardlog_config_pass_thru} ## END user pass through ## @@ -1820,11 +1828,11 @@ config logdir: /var/log/snort # database: log to a variety of databases # output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx -$snortbarnyardlog_database_info_chk + $snortbarnyardlog_database_info_chk EOD; - return $barnyard2_conf_text; + return $barnyard2_conf_text; } @@ -1832,24 +1840,24 @@ function create_snort_conf($id, $if_real, $snort_uuid) { global $config, $g; /* write out snort.conf */ - + if ($if_real != '' && $snort_uuid != '') { - - if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) { - exec("/bin/mkdir /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/"); - exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); - } - $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); - conf_mount_rw(); - $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); - if(!$conf) { - log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); - exit; - } - fwrite($conf, $snort_conf_text); - fclose($conf); - conf_mount_ro(); + if (!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) { + exec("/bin/mkdir /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/"); + exec("/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); + } + + $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); + conf_mount_rw(); + $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); + if(!$conf) { + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); + exit; + } + fwrite($conf, $snort_conf_text); + fclose($conf); + conf_mount_ro(); } } @@ -1881,97 +1889,97 @@ function snort_deinstall() exec("cd /var/db/pkg && pkg_delete `ls | grep perl-threaded`"); exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client-5.1.50_1`"); exec('rm -r /usr/local/bin/barnyard2'); - + /* TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall */ //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); - //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); + //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break /* Remove snort cron entries Ugly code needs smoothness*/ -function snort_rm_blocked_deinstall_cron($should_install) -{ - global $config, $g; + function snort_rm_blocked_deinstall_cron($should_install) + { + global $config, $g; conf_mount_rw(); - $is_installed = false; + $is_installed = false; - if(!$config['cron']['item']) - return; + if(!$config['cron']['item']) + return; - $x=0; - foreach($config['cron']['item'] as $item) + $x=0; + foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) + if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } + $is_installed = true; + break; + } + + $x++; - $x++; - } - if($is_installed == true) - { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - - configure_cron(); - - } - conf_mount_ro(); + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + + configure_cron(); + + } + conf_mount_ro(); + + } -} - function snort_rules_up_deinstall_cron($should_install) -{ - global $config, $g; + { + global $config, $g; conf_mount_rw(); - $is_installed = false; + $is_installed = false; - if(!$config['cron']['item']) - return; + if(!$config['cron']['item']) + return; - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); + $x++; + } + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); } -} + configure_cron(); + } + } + + snort_rm_blocked_deinstall_cron(""); + snort_rules_up_deinstall_cron(""); -snort_rm_blocked_deinstall_cron(""); -snort_rules_up_deinstall_cron(""); - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ /* Keep this as a last step */ if($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') { unset($config['installedpackages']['snortglobal']); } - write_config(); + write_config(); conf_mount_rw(); - + exec('rm -rf /usr/local/www/snort'); exec('rm -rf /usr/local/lib/snort/'); exec('rm -rf /var/log/snort/'); exec('rm -rf /usr/local/pkg/snort'); - + conf_mount_ro(); } @@ -1979,25 +1987,25 @@ snort_rules_up_deinstall_cron(""); function generate_snort_conf($id, $if_real, $snort_uuid) { global $config, $g; - + conf_mount_rw(); - + /* custom home nets */ $home_net = create_snort_homenet($id, $if_real); - + if ($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'] == 'default'){ $external_net = '!$HOME_NET'; }else{ $external_net = create_snort_externalnet($id, $if_real); } - + /* obtain external interface */ /* XXX: make multi wan friendly */ $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; /* user added arguments */ $snort_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['configpassthru'])); - + /* create basic files */ if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) { @@ -2019,309 +2027,309 @@ function generate_snort_conf($id, $if_real, $snort_uuid) } -/* define basic log filename */ -$snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; - -/* define snortalertlogtype */ -$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype']; -if ($snortalertlogtype == fast) - $snortalertlogtype_type = "output alert_fast: alert"; -else - $snortalertlogtype_type = "output alert_full: alert"; - -/* define alertsystemlog */ -$alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog']; -if ($alertsystemlog_info_chk == on) - $alertsystemlog_type = "output alert_syslog: log_alert"; - -/* define tcpdumplog */ -$tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog']; -if ($tcpdumplog_info_chk == on) - $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump"; - -/* define snortunifiedlog */ -$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog']; -if ($snortunifiedlog_info_chk == on) - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; - -/* define spoink */ -$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7']; -if ($spoink_info_chk == on) { - - preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_file); + /* define basic log filename */ + $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; + + /* define snortalertlogtype */ + $snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype']; + if ($snortalertlogtype == fast) + $snortalertlogtype_type = "output alert_fast: alert"; + else + $snortalertlogtype_type = "output alert_full: alert"; + + /* define alertsystemlog */ + $alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog']; + if ($alertsystemlog_info_chk == on) + $alertsystemlog_type = "output alert_syslog: log_alert"; + + /* define tcpdumplog */ + $tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog']; + if ($tcpdumplog_info_chk == on) + $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump"; + + /* define snortunifiedlog */ + $snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog']; + if ($snortunifiedlog_info_chk == on) + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; + + /* define spoink */ + $spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7']; + if ($spoink_info_chk == on) { + + preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_file); + + if ($wlist_name_file[0] == 'default') { + $spoink_whitelist_name = 'defaultwlist'; + }else{ + $spoink_whitelist_name = $wlist_name_file[0]; + } + + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c"; - if ($wlist_name_file[0] == 'default') { - $spoink_whitelist_name = 'defaultwlist'; - }else{ - $spoink_whitelist_name = $wlist_name_file[0]; } - - $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c"; - -} -/* define threshold file */ -$threshold_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']; -if ($threshold_info_chk != 'default') { - - preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_name_file2); + /* define threshold file */ + $threshold_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']; + if ($threshold_info_chk != 'default') { - $threshold_name = $slist_name_file2[0]; - - $threshold_file_name = "include /usr/local/etc/snort/suppress/$threshold_name"; - -} - -/* define servers and ports snortdefservers */ -/* def DNS_SERVSERS */ -$def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers']; -if ($def_dns_servers_info_chk == "") + preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_name_file2); + + $threshold_name = $slist_name_file2[0]; + + $threshold_file_name = "include /usr/local/etc/snort/suppress/$threshold_name"; + + } + + /* define servers and ports snortdefservers */ + /* def DNS_SERVSERS */ + $def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers']; + if ($def_dns_servers_info_chk == "") $def_dns_servers_type = "\$HOME_NET"; -else + else $def_dns_servers_type = "$def_dns_servers_info_chk"; -/* def DNS_PORTS */ -$def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports']; -if ($def_dns_ports_info_chk == "") + /* def DNS_PORTS */ + $def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports']; + if ($def_dns_ports_info_chk == "") $def_dns_ports_type = "53"; -else + else $def_dns_ports_type = "$def_dns_ports_info_chk"; -/* def SMTP_SERVSERS */ -$def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers']; -if ($def_smtp_servers_info_chk == "") + /* def SMTP_SERVSERS */ + $def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers']; + if ($def_smtp_servers_info_chk == "") $def_smtp_servers_type = "\$HOME_NET"; -else + else $def_smtp_servers_type = "$def_smtp_servers_info_chk"; -/* def SMTP_PORTS */ -$def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports']; -if ($def_smtp_ports_info_chk == "") + /* def SMTP_PORTS */ + $def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports']; + if ($def_smtp_ports_info_chk == "") $def_smtp_ports_type = "25"; -else + else $def_smtp_ports_type = "$def_smtp_ports_info_chk"; -/* def MAIL_PORTS */ -$def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports']; -if ($def_mail_ports_info_chk == "") + /* def MAIL_PORTS */ + $def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports']; + if ($def_mail_ports_info_chk == "") $def_mail_ports_type = "25,143,465,691"; -else + else $def_mail_ports_type = "$def_mail_ports_info_chk"; - -/* def HTTP_SERVSERS */ -$def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers']; -if ($def_http_servers_info_chk == "") + + /* def HTTP_SERVSERS */ + $def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers']; + if ($def_http_servers_info_chk == "") $def_http_servers_type = "\$HOME_NET"; -else + else $def_http_servers_type = "$def_http_servers_info_chk"; -/* def WWW_SERVSERS */ -$def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers']; -if ($def_www_servers_info_chk == "") + /* def WWW_SERVSERS */ + $def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers']; + if ($def_www_servers_info_chk == "") $def_www_servers_type = "\$HOME_NET"; -else + else $def_www_servers_type = "$def_www_servers_info_chk"; -/* def HTTP_PORTS */ -$def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports']; -if ($def_http_ports_info_chk == "") + /* def HTTP_PORTS */ + $def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports']; + if ($def_http_ports_info_chk == "") $def_http_ports_type = "80"; -else + else $def_http_ports_type = "$def_http_ports_info_chk"; - -/* def SQL_SERVSERS */ -$def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers']; -if ($def_sql_servers_info_chk == "") + + /* def SQL_SERVSERS */ + $def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers']; + if ($def_sql_servers_info_chk == "") $def_sql_servers_type = "\$HOME_NET"; -else + else $def_sql_servers_type = "$def_sql_servers_info_chk"; -/* def ORACLE_PORTS */ -$def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports']; -if ($def_oracle_ports_info_chk == "") + /* def ORACLE_PORTS */ + $def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports']; + if ($def_oracle_ports_info_chk == "") $def_oracle_ports_type = "1521"; -else + else $def_oracle_ports_type = "$def_oracle_ports_info_chk"; -/* def MSSQL_PORTS */ -$def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports']; -if ($def_mssql_ports_info_chk == "") + /* def MSSQL_PORTS */ + $def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports']; + if ($def_mssql_ports_info_chk == "") $def_mssql_ports_type = "1433"; -else + else $def_mssql_ports_type = "$def_mssql_ports_info_chk"; -/* def TELNET_SERVSERS */ -$def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers']; -if ($def_telnet_servers_info_chk == "") + /* def TELNET_SERVSERS */ + $def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers']; + if ($def_telnet_servers_info_chk == "") $def_telnet_servers_type = "\$HOME_NET"; -else + else $def_telnet_servers_type = "$def_telnet_servers_info_chk"; - -/* def TELNET_PORTS */ -$def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports']; -if ($def_telnet_ports_info_chk == "") + + /* def TELNET_PORTS */ + $def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports']; + if ($def_telnet_ports_info_chk == "") $def_telnet_ports_type = "23"; -else + else $def_telnet_ports_type = "$def_telnet_ports_info_chk"; - -/* def SNMP_SERVSERS */ -$def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers']; -if ($def_snmp_servers_info_chk == "") + + /* def SNMP_SERVSERS */ + $def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers']; + if ($def_snmp_servers_info_chk == "") $def_snmp_servers_type = "\$HOME_NET"; -else + else $def_snmp_servers_type = "$def_snmp_servers_info_chk"; - -/* def SNMP_PORTS */ -$def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports']; -if ($def_snmp_ports_info_chk == "") + + /* def SNMP_PORTS */ + $def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports']; + if ($def_snmp_ports_info_chk == "") $def_snmp_ports_type = "161"; -else + else $def_snmp_ports_type = "$def_snmp_ports_info_chk"; - -/* def FTP_SERVSERS */ -$def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers']; -if ($def_ftp_servers_info_chk == "") + + /* def FTP_SERVSERS */ + $def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers']; + if ($def_ftp_servers_info_chk == "") $def_ftp_servers_type = "\$HOME_NET"; -else + else $def_ftp_servers_type = "$def_ftp_servers_info_chk"; - -/* def FTP_PORTS */ -$def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports']; -if ($def_ftp_ports_info_chk == "") + + /* def FTP_PORTS */ + $def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports']; + if ($def_ftp_ports_info_chk == "") $def_ftp_ports_type = "21"; -else + else $def_ftp_ports_type = "$def_ftp_ports_info_chk"; - -/* def SSH_SERVSERS */ -$def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers']; -if ($def_ssh_servers_info_chk == "") + + /* def SSH_SERVSERS */ + $def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers']; + if ($def_ssh_servers_info_chk == "") $def_ssh_servers_type = "\$HOME_NET"; -else + else $def_ssh_servers_type = "$def_ssh_servers_info_chk"; - -/* if user has defined a custom ssh port, use it */ -if($config['system']['ssh']['port']) + + /* if user has defined a custom ssh port, use it */ + if($config['system']['ssh']['port']) $ssh_port = $config['system']['ssh']['port']; -else + else $ssh_port = "22"; - -/* def SSH_PORTS */ -$def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports']; -if ($def_ssh_ports_info_chk == "") + + /* def SSH_PORTS */ + $def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports']; + if ($def_ssh_ports_info_chk == "") $def_ssh_ports_type = "{$ssh_port}"; -else + else $def_ssh_ports_type = "$def_ssh_ports_info_chk"; - -/* def POP_SERVSERS */ -$def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers']; -if ($def_pop_servers_info_chk == "") + + /* def POP_SERVSERS */ + $def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers']; + if ($def_pop_servers_info_chk == "") $def_pop_servers_type = "\$HOME_NET"; -else + else $def_pop_servers_type = "$def_pop_servers_info_chk"; - -/* def POP2_PORTS */ -$def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports']; -if ($def_pop2_ports_info_chk == "") + + /* def POP2_PORTS */ + $def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports']; + if ($def_pop2_ports_info_chk == "") $def_pop2_ports_type = "109"; -else + else $def_pop2_ports_type = "$def_pop2_ports_info_chk"; - -/* def POP3_PORTS */ -$def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports']; -if ($def_pop3_ports_info_chk == "") + + /* def POP3_PORTS */ + $def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports']; + if ($def_pop3_ports_info_chk == "") $def_pop3_ports_type = "110"; -else + else $def_pop3_ports_type = "$def_pop3_ports_info_chk"; - -/* def IMAP_SERVSERS */ -$def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers']; -if ($def_imap_servers_info_chk == "") + + /* def IMAP_SERVSERS */ + $def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers']; + if ($def_imap_servers_info_chk == "") $def_imap_servers_type = "\$HOME_NET"; -else + else $def_imap_servers_type = "$def_imap_servers_info_chk"; - -/* def IMAP_PORTS */ -$def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports']; -if ($def_imap_ports_info_chk == "") + + /* def IMAP_PORTS */ + $def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports']; + if ($def_imap_ports_info_chk == "") $def_imap_ports_type = "143"; -else + else $def_imap_ports_type = "$def_imap_ports_info_chk"; - -/* def SIP_PROXY_IP */ -$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip']; -if ($def_sip_proxy_ip_info_chk == "") + + /* def SIP_PROXY_IP */ + $def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip']; + if ($def_sip_proxy_ip_info_chk == "") $def_sip_proxy_ip_type = "\$HOME_NET"; -else + else $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; - -/* def SIP_PROXY_PORTS */ -$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports']; -if ($def_sip_proxy_ports_info_chk == "") + + /* def SIP_PROXY_PORTS */ + $def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports']; + if ($def_sip_proxy_ports_info_chk == "") $def_sip_proxy_ports_type = "5060:5090,16384:32768"; -else + else $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; - -/* def AUTH_PORTS */ -$def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports']; -if ($def_auth_ports_info_chk == "") + + /* def AUTH_PORTS */ + $def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports']; + if ($def_auth_ports_info_chk == "") $def_auth_ports_type = "113"; -else + else $def_auth_ports_type = "$def_auth_ports_info_chk"; - -/* def FINGER_PORTS */ -$def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports']; -if ($def_finger_ports_info_chk == "") + + /* def FINGER_PORTS */ + $def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports']; + if ($def_finger_ports_info_chk == "") $def_finger_ports_type = "79"; -else + else $def_finger_ports_type = "$def_finger_ports_info_chk"; - -/* def IRC_PORTS */ -$def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports']; -if ($def_irc_ports_info_chk == "") + + /* def IRC_PORTS */ + $def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports']; + if ($def_irc_ports_info_chk == "") $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; -else + else $def_irc_ports_type = "$def_irc_ports_info_chk"; - -/* def NNTP_PORTS */ -$def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports']; -if ($def_nntp_ports_info_chk == "") + + /* def NNTP_PORTS */ + $def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports']; + if ($def_nntp_ports_info_chk == "") $def_nntp_ports_type = "119"; -else + else $def_nntp_ports_type = "$def_nntp_ports_info_chk"; - -/* def RLOGIN_PORTS */ -$def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports']; -if ($def_rlogin_ports_info_chk == "") + + /* def RLOGIN_PORTS */ + $def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports']; + if ($def_rlogin_ports_info_chk == "") $def_rlogin_ports_type = "513"; -else + else $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; - -/* def RSH_PORTS */ -$def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports']; -if ($def_rsh_ports_info_chk == "") + + /* def RSH_PORTS */ + $def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports']; + if ($def_rsh_ports_info_chk == "") $def_rsh_ports_type = "514"; -else + else $def_rsh_ports_type = "$def_rsh_ports_info_chk"; - -/* def SSL_PORTS */ -$def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports']; -if ($def_ssl_ports_info_chk == "") + + /* def SSL_PORTS */ + $def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports']; + if ($def_ssl_ports_info_chk == "") $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995"; -else + else $def_ssl_ports_type = "$def_ssl_ports_info_chk"; - + /* should we install a automatic update crontab entry? */ $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7']; /* if user is on pppoe, we really want to use ng0 interface */ if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe") - $snort_ext_int = "ng0"; + $snort_ext_int = "ng0"; /* set the snort performance model */ if($config['installedpackages']['snortglobal']['rule'][$id]['performance']) - $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance']; + $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance']; else - $snort_performance = "ac-bnfa"; + $snort_performance = "ac-bnfa"; /* generate rule sections to load */ @@ -2330,17 +2338,17 @@ else $selected_rules_sections = ""; $enabled_rulesets_array = split("\|\|", $enabled_rulesets); foreach($enabled_rulesets_array as $enabled_item) - $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; + $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; } conf_mount_ro(); -///////////////////////////// - -/* preprocessor code */ - -/* def perform_stat */ -$snort_perform_stat = <<<EOD + ///////////////////////////// + + /* preprocessor code */ + + /* def perform_stat */ + $snort_perform_stat = <<<EOD ########################## # # NEW # @@ -2352,22 +2360,22 @@ preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_ EOD; -$def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat']; -if ($def_perform_stat_info_chk == "on") + $def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat']; + if ($def_perform_stat_info_chk == "on") $def_perform_stat_type = "$snort_perform_stat"; -else + else $def_perform_stat_type = ""; - -$def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; + + $def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; if ($def_flow_depth_info_chk == '') { $def_flow_depth_type = '0'; - }else{ + }else{ $def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; } -/* def http_inspect */ -$snort_http_inspect = <<<EOD + /* def http_inspect */ + $snort_http_inspect = <<<EOD ################# # # HTTP Inspect # @@ -2395,14 +2403,14 @@ preprocessor http_inspect_server: server default \ EOD; -$def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect']; -if ($def_http_inspect_info_chk == "on") + $def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect']; + if ($def_http_inspect_info_chk == "on") $def_http_inspect_type = "$snort_http_inspect"; -else + else $def_http_inspect_type = ""; - -/* def other_preprocs */ -$snort_other_preprocs = <<<EOD + + /* def other_preprocs */ + $snort_other_preprocs = <<<EOD ################## # # Other preprocs # @@ -2414,14 +2422,14 @@ preprocessor bo EOD; -$def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs']; -if ($def_other_preprocs_info_chk == "on") + $def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs']; + if ($def_other_preprocs_info_chk == "on") $def_other_preprocs_type = "$snort_other_preprocs"; -else + else $def_other_preprocs_type = ""; - -/* def ftp_preprocessor */ -$snort_ftp_preprocessor = <<<EOD + + /* def ftp_preprocessor */ + $snort_ftp_preprocessor = <<<EOD ##################### # # ftp preprocessor # @@ -2473,14 +2481,14 @@ preprocessor ftp_telnet_protocol: ftp client default \ EOD; -$def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor']; -if ($def_ftp_preprocessor_info_chk == "on") + $def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor']; + if ($def_ftp_preprocessor_info_chk == "on") $def_ftp_preprocessor_type = "$snort_ftp_preprocessor"; -else + else $def_ftp_preprocessor_type = ""; -/* def smtp_preprocessor */ -$snort_smtp_preprocessor = <<<EOD + /* def smtp_preprocessor */ + $snort_smtp_preprocessor = <<<EOD ##################### # # SMTP preprocessor # @@ -2508,14 +2516,14 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB EOD; -$def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor']; -if ($def_smtp_preprocessor_info_chk == "on") + $def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor']; + if ($def_smtp_preprocessor_info_chk == "on") $def_smtp_preprocessor_type = "$snort_smtp_preprocessor"; -else + else $def_smtp_preprocessor_type = ""; - -/* def sf_portscan */ -$snort_sf_portscan = <<<EOD + + /* def sf_portscan */ + $snort_sf_portscan = <<<EOD ################ # # sf Portscan # @@ -2530,14 +2538,14 @@ preprocessor sfportscan: scan_type { all } \ EOD; -$def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan']; -if ($def_sf_portscan_info_chk == "on") + $def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan']; + if ($def_sf_portscan_info_chk == "on") $def_sf_portscan_type = "$snort_sf_portscan"; -else + else $def_sf_portscan_type = ""; - -/* def dce_rpc_2 */ -$snort_dce_rpc_2 = <<<EOD + + /* def dce_rpc_2 */ + $snort_dce_rpc_2 = <<<EOD ############### # # NEW # @@ -2553,14 +2561,14 @@ preprocessor dcerpc2_server: default, policy WinXP, \ EOD; -$def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2']; -if ($def_dce_rpc_2_info_chk == "on") + $def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2']; + if ($def_dce_rpc_2_info_chk == "on") $def_dce_rpc_2_type = "$snort_dce_rpc_2"; -else + else $def_dce_rpc_2_type = ""; - -/* def dns_preprocessor */ -$snort_dns_preprocessor = <<<EOD + + /* def dns_preprocessor */ + $snort_dns_preprocessor = <<<EOD #################### # # DNS preprocessor # @@ -2573,41 +2581,41 @@ preprocessor dns: \ EOD; -$def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor']; -if ($def_dns_preprocessor_info_chk == "on") + $def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor']; + if ($def_dns_preprocessor_info_chk == "on") $def_dns_preprocessor_type = "$snort_dns_preprocessor"; -else + else $def_dns_preprocessor_type = ""; - -/* def SSL_PORTS IGNORE */ -$def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore']; -if ($def_ssl_ports_ignore_info_chk == "") + + /* def SSL_PORTS IGNORE */ + $def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore']; + if ($def_ssl_ports_ignore_info_chk == "") $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; -else + else $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; - -/* stream5 queued settings */ + /* stream5 queued settings */ -$def_max_queued_bytes_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes']; + + $def_max_queued_bytes_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes']; if ($def_max_queued_bytes_info_chk == '') { $def_max_queued_bytes_type = ''; - }else{ + }else{ $def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ','; } - -$def_max_queued_segs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs']; + + $def_max_queued_segs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs']; if ($def_max_queued_segs_info_chk == '') { $def_max_queued_segs_type = ''; - }else{ + }else{ $def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ','; } - - + + /* build snort configuration file */ - /* TODO; feed back from pfsense users to reduce false positives */ + /* TODO; feed back from pfsense users to reduce false positives */ $snort_conf_text = <<<EOD # snort configuration file @@ -2768,17 +2776,17 @@ preprocessor stream5_tcp: policy BSD, ports both all,{$def_max_queued_bytes_type preprocessor stream5_udp: preprocessor stream5_icmp: -{$def_perform_stat_type} + {$def_perform_stat_type} -{$def_http_inspect_type} + {$def_http_inspect_type} -{$def_other_preprocs_type} + {$def_other_preprocs_type} -{$def_ftp_preprocessor_type} + {$def_ftp_preprocessor_type} -{$def_smtp_preprocessor_type} + {$def_smtp_preprocessor_type} -{$def_sf_portscan_type} + {$def_sf_portscan_type} ############################ # @@ -2790,9 +2798,9 @@ preprocessor stream5_icmp: # ############################ -{$def_dce_rpc_2_type} + {$def_dce_rpc_2_type} -{$def_dns_preprocessor_type} + {$def_dns_preprocessor_type} ############################## # @@ -2809,13 +2817,13 @@ preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspec # ##################### -$snortunifiedlogbasic_type -$snortalertlogtype_type -$alertsystemlog_type -$tcpdumplog_type -$snortmysqllog_info_chk -$snortunifiedlog_type -$spoink_type + $snortunifiedlogbasic_type + $snortalertlogtype_type + $alertsystemlog_type + $tcpdumplog_type + $snortmysqllog_info_chk + $snortunifiedlog_type + $spoink_type ################# # @@ -2825,10 +2833,10 @@ $spoink_type include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -$threshold_file_name + $threshold_file_name # Snort user pass through configuration -{$snort_config_pass_thru} + {$snort_config_pass_thru} ################### # @@ -2836,7 +2844,7 @@ $threshold_file_name # ################### -{$selected_rules_sections} + {$selected_rules_sections} EOD; @@ -2851,7 +2859,7 @@ EOD; function check_for_common_errors($filename) { global $snort_filename, $snort_filename_md5, $console_mode; -// ob_flush(); + // ob_flush(); $contents = file_get_contents($filename); if(stristr($contents, "You don't have permission")) { if(!$console_mode) { @@ -2877,7 +2885,7 @@ function scroll_down_to_bottom_of_page() { global $snort_filename, $console_mode; ob_flush(); if(!$console_mode) - echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; + echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>"; } /* ensure downloaded file looks sane */ @@ -2913,14 +2921,14 @@ function extract_snort_rules_md5($tmpfname) { update_all_status($static_output); } if(!is_dir("/usr/local/etc/snort/rules/")) - mkdir("/usr/local/etc/snort/rules/"); + mkdir("/usr/local/etc/snort/rules/"); $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/"; $handle = popen("{$cmd} 2>&1", 'r'); while(!feof($handle)) { $buffer = fgets($handle); update_output_window($buffer); } - pclose($handle); + pclose($handle); if(!$console_mode) { $static_output = gettext("Snort rules extracted."); @@ -2940,8 +2948,8 @@ function verify_snort_rules_md5($tmpfname) { update_all_status($static_output); } - $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; + $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; if($md5 == $file_md5_ondisk) { if(!$console_mode) { @@ -2961,15 +2969,15 @@ function hide_progress_bar_status() { global $snort_filename, $snort_filename_md5, $console_mode; ob_flush(); if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; + echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; } /* unhide progress bar */ function unhide_progress_bar_status() { - global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); - if(!$console_mode) - echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; + global $snort_filename, $snort_filename_md5, $console_mode; + ob_flush(); + if(!$console_mode) + echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>"; } /* update both top and bottom text box during an operation */ @@ -2986,21 +2994,21 @@ function update_all_status($status) { function get_snort_alert($ip) { global $snort_alert_file_split, $snort_config; if(!file_exists("/var/log/snort/alert")) - return; + return; if(!$snort_config) - $snort_config = read_snort_config_cache(); + $snort_config = read_snort_config_cache(); if($snort_config[$ip]) - return $snort_config[$ip]; + return $snort_config[$ip]; if(!$snort_alert_file_split) - $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")); + $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")); foreach($snort_alert_file_split as $fileline) { if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - $alert_title = $matches[2]; + $alert_title = $matches[2]; if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) - $alert_ip = $matches[$id]; + $alert_ip = $matches[$id]; if($alert_ip == $ip) { if(!$snort_config[$ip]) - $snort_config[$ip] = $alert_title; + $snort_config[$ip] = $alert_title; return $alert_title; } } @@ -3008,24 +3016,24 @@ function get_snort_alert($ip) { } function make_clickable($buffer) { - global $config, $g; - /* if clickable urls is disabled, simply return buffer back to caller */ - $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode']; - if(!$clickablalerteurls) - return $buffer; - $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer); - $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer); - - return $buffer; + global $config, $g; + /* if clickable urls is disabled, simply return buffer back to caller */ + $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode']; + if(!$clickablalerteurls) + return $buffer; + $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); + $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); + $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer); + $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer); + $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer); + + return $buffer; } function read_snort_config_cache() { global $g, $config, $snort_config; if($snort_config) - return $snort_config; + return $snort_config; if(file_exists($g['tmp_path'] . '/snort_config.cache')) { $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache')); return $snort_config; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 3621f06d..5d0a7b09 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -2,7 +2,7 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> + <copyright> <![CDATA[ /* $Id$ */ /* ========================================================================== */ @@ -41,10 +41,10 @@ */ /* ========================================================================== */ ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.8.6</version> <title>Services:2.8.6 pkg v. 1.30</title> @@ -59,7 +59,8 @@ <name>snort</name> <rcfile>snort.sh</rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> + <description>Snort is the most widely deployed IDS/IPS technology + worldwide.</description> </service> <tabs> </tabs> @@ -81,7 +82,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item> + <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> @@ -107,7 +108,7 @@ <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> - </additional_files_needed> + </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 0ee6a707..d6313933 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -1,38 +1,38 @@ <?php /* $Id$ */ /* - snort_alerts.php - part of pfSense - - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_alerts.php + part of pfSense + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Modified for the Pfsense snort package v. 1.8+ + Copyright (C) 2009 Robert Zelaya Sr. Developer + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -65,28 +65,28 @@ if ($_POST['save']) if ($_POST['save']) { - // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; - // } - + // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { + // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; + // } + } - - /* no errors */ - if (!$input_errors) - { - + + /* no errors */ + if (!$input_errors) + { + $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off; $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - + conf_mount_rw(); write_config(); //conf_mount_ro(); sleep(2); header("Location: /snort/snort_alerts.php"); - - } - + + } + } if ($_POST['delete']) @@ -99,7 +99,7 @@ if ($_POST['delete']) exec('/usr/sbin/chown snort:snort /var/log/snort/*'); exec('/bin/chmod 660 /var/log/snort/*'); sleep(2); - exec('/usr/bin/killall -HUP snort'); + exec('/usr/bin/killall -HUP snort'); } conf_mount_ro(); } @@ -126,7 +126,7 @@ if ($_POST['download']) exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz"); od_end_clean(); //importanr or other post will fail }else{ - echo 'Error no saved file.'; + echo 'Error no saved file.'; } } @@ -140,10 +140,10 @@ function get_snort_alert_date($fileline) /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) { - $alert_date = "$matches1[0]"; + $alert_date = "$matches1[0]"; } -return $alert_date; + return $alert_date; } @@ -152,10 +152,10 @@ function get_snort_alert_disc($fileline) /* disc */ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) { - $alert_disc = "$matches[2]"; + $alert_disc = "$matches[2]"; } -return $alert_disc; + return $alert_disc; } @@ -164,10 +164,10 @@ function get_snort_alert_class($fileline) /* class */ if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) { - $alert_class = "$matches2[0]"; + $alert_class = "$matches2[0]"; } -return $alert_class; + return $alert_class; } @@ -176,10 +176,10 @@ function get_snort_alert_priority($fileline) /* Priority */ if (preg_match('/Priority:\s\d/', $fileline, $matches3)) { - $alert_priority = "$matches3[0]"; + $alert_priority = "$matches3[0]"; } -return $alert_priority; + return $alert_priority; } @@ -188,22 +188,22 @@ function get_snort_alert_proto($fileline) /* Priority */ if (preg_match('/\{.+\}/', $fileline, $matches3)) { - $alert_proto = "$matches3[0]"; + $alert_proto = "$matches3[0]"; } -return $alert_proto; + return $alert_proto; } function get_snort_alert_proto_full($fileline) { - /* Protocal full */ - if (preg_match('/.+\sTTL/', $fileline, $matches2)) - { - $alert_proto_full = "$matches2[0]"; - } + /* Protocal full */ + if (preg_match('/.+\sTTL/', $fileline, $matches2)) + { + $alert_proto_full = "$matches2[0]"; + } -return $alert_proto_full; + return $alert_proto_full; } @@ -215,10 +215,10 @@ function get_snort_alert_ip_src($fileline) if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) { - $alert_ip_src = $matches4[1][0]; + $alert_ip_src = $matches4[1][0]; } -return $alert_ip_src; + return $alert_ip_src; } @@ -227,10 +227,10 @@ function get_snort_alert_src_p($fileline) /* source port */ if (preg_match('/:\d+\s-/', $fileline, $matches5)) { - $alert_src_p = "$matches5[0]"; + $alert_src_p = "$matches5[0]"; } -return $alert_src_p; + return $alert_src_p; } @@ -239,10 +239,10 @@ function get_snort_alert_flow($fileline) /* source port */ if (preg_match('/(->|<-)/', $fileline, $matches5)) { - $alert_flow = "$matches5[0]"; + $alert_flow = "$matches5[0]"; } -return $alert_flow; + return $alert_flow; } @@ -256,46 +256,46 @@ function get_snort_alert_ip_dst($fileline) if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) { - $alert_ip_dst = $matches6[1][0]; + $alert_ip_dst = $matches6[1][0]; } - -return $alert_ip_dst; + + return $alert_ip_dst; } - + function get_snort_alert_dst_p($fileline) -{ +{ /* dst port */ if (preg_match('/:\d+$/', $fileline, $matches7)) { - $alert_dst_p = "$matches7[0]"; + $alert_dst_p = "$matches7[0]"; } -return $alert_dst_p; + return $alert_dst_p; } function get_snort_alert_dst_p_full($fileline) -{ +{ /* dst port full */ if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) { - $alert_dst_p = "$matches7[0]"; + $alert_dst_p = "$matches7[0]"; } -return $alert_dst_p; + return $alert_dst_p; } function get_snort_alert_sid($fileline) -{ +{ /* SID */ if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) { - $alert_sid = "$matches8[0]"; + $alert_sid = "$matches8[0]"; } -return $alert_sid; + return $alert_sid; } @@ -306,9 +306,10 @@ include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -317,7 +318,7 @@ include("/usr/local/pkg/snort/snort_head.inc"); }); </script> -<?php +<?php include("fbegin.inc"); echo $snort_general_css; @@ -330,279 +331,278 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> -<div class="body2"> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - -</td> -</tr> <tr> - <td> - <div id="mainarea2"> - <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0"> - <tr> - <td width="22%" colspan="0" class="listtopic"> - Last <?=$anentries;?> Alert Entries. - </td> - <td width="78%" class="listtopic"> - Latest Alert Entries Are Listed First. - </td> - </tr> - <tr> - <td width="22%" class="vncell">Save or Remove Logs</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_alerts.php" method="post"> - <input name="download" type="submit" class="formbtn" value="Download"> - All log files will be saved. - <input name="delete" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')"> - <span class="red"><strong>Warning:</strong></span> all log files will be deleted. - </form> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_alerts.php" method="post"> - <input name="save" type="submit" class="formbtn" value="Save"> - Refresh - <input name="arefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. - <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> - Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>. - </form> + <td> + + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li class="snorttabs_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + </td> - </tr> + </tr> + <tr> + <td> + <div id="mainarea2"> + <table class="tabcont" width="100%" border="1" cellspacing="0" + cellpadding="0"> + <tr> + <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?> + Alert Entries.</td> + <td width="78%" class="listtopic">Latest Alert Entries Are Listed + First.</td> + </tr> + <tr> + <td width="22%" class="vncell">Save or Remove Logs</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_alerts.php" method="post"><input + name="download" type="submit" class="formbtn" value="Download"> All + log files will be saved. <input name="delete" type="submit" + class="formbtn" value="Clear" + onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')"> + <span class="red"><strong>Warning:</strong></span> all log files + will be deleted.</form> + </td> + </tr> + <tr> + <td width="22%" class="vncell">Auto Refresh and Log View</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_alerts.php" method="post"><input + name="save" type="submit" class="formbtn" value="Save"> Refresh <input + name="arefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> + <strong>Default</strong> is <strong>ON</strong>. <input + name="alertnumber" type="text" class="formfld" id="alertnumber" + size="5" value="<?=htmlspecialchars($anentries);?>"> Enter the + number of log entries to view. <strong>Default</strong> is <strong>250</strong>. + </form> + </td> + </tr> </table> - </div> - </td> - </tr> + </div> + </td> + </tr> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <td width="100%"> - <br> - <div class="tableFilter"> - <form id="tableFilter" onsubmit="myTable.filter(this.id); return false;">Filter: - <select id="column"> - <option value="1">PRIORITY</option> - <option value="2">PROTO</option> - <option value="3">DESCRIPTION</option> - <option value="4">CLASS</option> - <option value="5">SRC</option> - <option value="6">SRC PORT</option> - <option value="7">FLOW</option> - <option value="8">DST</option> - <option value="9">DST PORT</option> - <option value="10">SID</option> - <option value="11">Date</option> - </select> - <input type="text" id="keyword" /> - <input type="submit" value="Submit" /> - <input type="reset" value="Clear" /> - </form> - </div> -<table class="allRow" id="myTable" width="100%" border="2" cellpadding="1" cellspacing="1"> - <thead> - <th axis="number">#</th> - <th axis="string">PRI</th> - <th axis="string">PROTO</th> - <th axis="string">DESCRIPTION</th> - <th axis="string">CLASS</th> - <th axis="string">SRC</th> - <th axis="string">SPORT</th> - <th axis="string">FLOW</th> - <th axis="string">DST</th> - <th axis="string">DPORT</th> - <th axis="string">SID</th> - <th axis="date">Date</th> - </thead> - <tbody> -<?php - - /* make sure alert file exists */ - if(!file_exists('/var/log/snort/alert')) - { - conf_mount_rw(); - exec('/usr/bin/touch /var/log/snort/alert'); - conf_mount_ro(); - } - - $logent = $anentries; - - /* detect the alert file type */ - if ($snortalertlogt == 'full') - { - $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); - }else{ - $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert')))); - } - - - -if (is_array($alerts_array)) -{ + <td width="100%"><br> + <div class="tableFilter"> + <form id="tableFilter" + onsubmit="myTable.filter(this.id); return false;">Filter: <select + id="column"> + <option value="1">PRIORITY</option> + <option value="2">PROTO</option> + <option value="3">DESCRIPTION</option> + <option value="4">CLASS</option> + <option value="5">SRC</option> + <option value="6">SRC PORT</option> + <option value="7">FLOW</option> + <option value="8">DST</option> + <option value="9">DST PORT</option> + <option value="10">SID</option> + <option value="11">Date</option> + </select> <input type="text" id="keyword" /> <input type="submit" + value="Submit" /> <input type="reset" value="Clear" /></form> + </div> + <table class="allRow" id="myTable" width="100%" border="2" + cellpadding="1" cellspacing="1"> + <thead> + <th axis="number">#</th> + <th axis="string">PRI</th> + <th axis="string">PROTO</th> + <th axis="string">DESCRIPTION</th> + <th axis="string">CLASS</th> + <th axis="string">SRC</th> + <th axis="string">SPORT</th> + <th axis="string">FLOW</th> + <th axis="string">DST</th> + <th axis="string">DPORT</th> + <th axis="string">SID</th> + <th axis="date">Date</th> + </thead> + <tbody> + <?php + + /* make sure alert file exists */ + if(!file_exists('/var/log/snort/alert')) + { + conf_mount_rw(); + exec('/usr/bin/touch /var/log/snort/alert'); + conf_mount_ro(); + } - $counter = 0; - foreach($alerts_array as $fileline) - { - - if($logent <= $counter) - continue; - - $counter++; - - /* Date */ - $alert_date_str = get_snort_alert_date($fileline); - - if($alert_date_str != '') - { - $alert_date = $alert_date_str; - }else{ - $alert_date = 'empty'; - } + $logent = $anentries; - /* Discription */ - $alert_disc_str = get_snort_alert_disc($fileline); - - if($alert_disc_str != '') - { - $alert_disc = $alert_disc_str; - }else{ - $alert_disc = 'empty'; - } - - /* Classification */ - $alert_class_str = get_snort_alert_class($fileline); - - if($alert_class_str != '') - { + /* detect the alert file type */ + if ($snortalertlogt == 'full') + { + $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); + }else{ + $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert')))); + } - $alert_class_match = array('[Classification:',']'); - $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); - }else{ - $alert_class = 'Prep'; - } - - /* Priority */ - $alert_priority_str = get_snort_alert_priority($fileline); - - if($alert_priority_str != '') - { - $alert_priority_match = array('Priority: ',']'); - $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); - }else{ - $alert_priority = 'empty'; - } - /* Protocol */ - /* Detect alert file type */ - if ($snortalertlogt == 'full') - { - $alert_proto_str = get_snort_alert_proto_full($fileline); - }else{ - $alert_proto_str = get_snort_alert_proto($fileline); - } - if($alert_proto_str != '') - { - $alert_proto_match = array(" TTL",'{','}'); - $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); - }else{ - $alert_proto = 'empty'; - } - - /* IP SRC */ - $alert_ip_src_str = get_snort_alert_ip_src($fileline); - - if($alert_ip_src_str != '') + if (is_array($alerts_array)) { - $alert_ip_src = $alert_ip_src_str; - }else{ - $alert_ip_src = 'empty'; - } - - /* IP SRC Port */ - $alert_src_p_str = get_snort_alert_src_p($fileline); - - if($alert_src_p_str != '') - { - $alert_src_p_match = array(' -',':'); - $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); - }else{ - $alert_src_p = 'empty'; - } - - /* Flow */ - $alert_flow_str = get_snort_alert_flow($fileline); - - if($alert_flow_str != '') - { - $alert_flow = $alert_flow_str; - }else{ - $alert_flow = 'empty'; - } - - /* IP Destination */ - $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); - - if($alert_ip_dst_str != '') - { - $alert_ip_dst = $alert_ip_dst_str; - }else{ - $alert_ip_dst = 'empty'; - } - - /* IP DST Port */ - if ($snortalertlogt == 'full') - { - $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); - }else{ - $alert_dst_p_str = get_snort_alert_dst_p($fileline); - } - - if($alert_dst_p_str != '') - { - $alert_dst_p_match = array(':',"\n"," TTL"); - $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); - $alert_dst_p_match2 = array('/[A-Z]/'); - $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); - }else{ - $alert_dst_p = 'empty'; - } - /* SID */ - $alert_sid_str = get_snort_alert_sid($fileline); - - if($alert_sid_str != '') + $counter = 0; + foreach($alerts_array as $fileline) { - $alert_sid_match = array('[',']'); - $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); - }else{ - $alert_sid_str = 'empty'; - } - - /* NOTE: using one echo improves performance by 2x */ - if ($alert_disc != 'empty') - { - echo "<tr id=\"{$counter}\"> + + if($logent <= $counter) + continue; + + $counter++; + + /* Date */ + $alert_date_str = get_snort_alert_date($fileline); + + if($alert_date_str != '') + { + $alert_date = $alert_date_str; + }else{ + $alert_date = 'empty'; + } + + /* Discription */ + $alert_disc_str = get_snort_alert_disc($fileline); + + if($alert_disc_str != '') + { + $alert_disc = $alert_disc_str; + }else{ + $alert_disc = 'empty'; + } + + /* Classification */ + $alert_class_str = get_snort_alert_class($fileline); + + if($alert_class_str != '') + { + + $alert_class_match = array('[Classification:',']'); + $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); + }else{ + $alert_class = 'Prep'; + } + + /* Priority */ + $alert_priority_str = get_snort_alert_priority($fileline); + + if($alert_priority_str != '') + { + $alert_priority_match = array('Priority: ',']'); + $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); + }else{ + $alert_priority = 'empty'; + } + + /* Protocol */ + /* Detect alert file type */ + if ($snortalertlogt == 'full') + { + $alert_proto_str = get_snort_alert_proto_full($fileline); + }else{ + $alert_proto_str = get_snort_alert_proto($fileline); + } + + if($alert_proto_str != '') + { + $alert_proto_match = array(" TTL",'{','}'); + $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); + }else{ + $alert_proto = 'empty'; + } + + /* IP SRC */ + $alert_ip_src_str = get_snort_alert_ip_src($fileline); + + if($alert_ip_src_str != '') + { + $alert_ip_src = $alert_ip_src_str; + }else{ + $alert_ip_src = 'empty'; + } + + /* IP SRC Port */ + $alert_src_p_str = get_snort_alert_src_p($fileline); + + if($alert_src_p_str != '') + { + $alert_src_p_match = array(' -',':'); + $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); + }else{ + $alert_src_p = 'empty'; + } + + /* Flow */ + $alert_flow_str = get_snort_alert_flow($fileline); + + if($alert_flow_str != '') + { + $alert_flow = $alert_flow_str; + }else{ + $alert_flow = 'empty'; + } + + /* IP Destination */ + $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); + + if($alert_ip_dst_str != '') + { + $alert_ip_dst = $alert_ip_dst_str; + }else{ + $alert_ip_dst = 'empty'; + } + + /* IP DST Port */ + if ($snortalertlogt == 'full') + { + $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); + }else{ + $alert_dst_p_str = get_snort_alert_dst_p($fileline); + } + + if($alert_dst_p_str != '') + { + $alert_dst_p_match = array(':',"\n"," TTL"); + $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); + $alert_dst_p_match2 = array('/[A-Z]/'); + $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); + }else{ + $alert_dst_p = 'empty'; + } + + /* SID */ + $alert_sid_str = get_snort_alert_sid($fileline); + + if($alert_sid_str != '') + { + $alert_sid_match = array('[',']'); + $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); + }else{ + $alert_sid_str = 'empty'; + } + + /* NOTE: using one echo improves performance by 2x */ + if ($alert_disc != 'empty') + { + echo "<tr id=\"{$counter}\"> <td class=\"centerAlign\">{$counter}</td> <td class=\"centerAlign\">{$alert_priority}</td> <td class=\"centerAlign\">{$alert_proto}</td> @@ -616,36 +616,36 @@ if (is_array($alerts_array)) <td class=\"centerAlign\">{$alert_sid}</td> <td>{$alert_date}</td> </tr>\n"; + } + + // <script type="text/javascript"> + // var myTable = {}; + // window.addEvent('domready', function(){ + // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); + // }); + // </script> + + } } - -// <script type="text/javascript"> -// var myTable = {}; -// window.addEvent('domready', function(){ -// myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); -// }); -// </script> - - } -} -?> - </tbody> - </table> + ?> + </tbody> + </table> </td> </table> </div> -<?php + <?php -include("fend.inc"); + include("fend.inc"); -echo $snort_custom_rnd_box; + echo $snort_custom_rnd_box; -?> + ?> - <script type="text/javascript"> +<script type="text/javascript"> var myTable = {}; window.addEvent('domready', function(){ myTable = new sortableTable('myTable', {overCls: 'over'}); diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 72c488f3..33be4268 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -1,36 +1,36 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ -/* +/* TODO: Nov 12 09 Clean this code up its ugly @@ -50,11 +50,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_nat[$id]) { @@ -79,7 +79,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; @@ -121,124 +121,124 @@ if (isset($id) && $a_nat[$id]) { $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; $pconfig['configpassthru'] = $a_nat[$id]['configpassthru']; - $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); + $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - + if (!$pconfig['interface']) - $pconfig['interface'] = "wan"; + $pconfig['interface'] = "wan"; } else { $pconfig['interface'] = "wan"; } if (isset($_GET['dup'])) - unset($id); - +unset($id); + $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - /* alert file */ +/* alert file */ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { + +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { - write_config(); + write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); - unlink($d_snortconfdirty_path); + unlink($d_snortconfdirty_path); - } - } +} + - if ($_POST["Submit"]) { +if ($_POST["Submit"]) { /* check for overlaps */ foreach ($a_nat as $natent) { if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; + continue; if ($natent['interface'] != $_POST['interface']) - continue; + continue; } -/* if no errors write to conf */ + /* if no errors write to conf */ if (!$input_errors) { $natent = array(); - /* repost the options already in conf */ - - if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } - if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } - if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } - if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } - if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } - if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } - if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } - if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } - if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } - if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } - + /* repost the options already in conf */ + + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } + if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } + if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } + if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } + /* post new options */ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; @@ -246,16 +246,16 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; } if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; + $a_nat[$id] = $natent; else { if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); + array_splice($a_nat, $after+1, 0, array($natent)); else - $a_nat[] = $natent; + $a_nat[] = $natent; } write_config(); - + /* after click go to this page */ touch($d_snortconfdirty_path); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -273,7 +273,8 @@ $pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> @@ -284,11 +285,17 @@ echo "{$snort_general_css}\n"; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <div class="body2"> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> <script language="JavaScript"> <!-- @@ -313,21 +320,20 @@ echo " //--> </script> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php +<form action="snort_barnyard.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box2($savemsg); } if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; + echo '<p>'; if($savemsg) { print_info_box_np2("{$savemsg}"); @@ -339,39 +345,38 @@ echo " } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if($id != "") -{ - -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; - echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; - echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; + <tr> + <td class="tabnavtbl"><?php + if($id != "") + { + + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; + echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; + echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; -} -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " + } + ?></td> + </tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " <style type=\"text/css\"> .noid { position:absolute; @@ -386,85 +391,90 @@ echo '</div>' . "\n"; } </style> <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td colspan="2" valign="top" class="listtopic">General Barnyard2 Settings</td> - </tr> - <tr> + + } + ?> + <tr> + <td colspan="2" valign="top" class="listtopic">General Barnyard2 + Settings</td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq2">Enable</td> - <td width="78%" class="vtable"> - <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['barnyard_enable'] == "on") - $checked = checked; - if($id != "") - { + <td width="78%" class="vtable"><?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['barnyard_enable'] == "on") + $checked = checked; + if($id != "") + { $onclick_enable = "onClick=\"enable_change(false)\">"; - } - echo " + } + echo " <input name=\"barnyard_enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable <strong>Enable Barnyard2 on this Interface</strong><br> This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>\n\n"; - ?> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> - <td width="78%" class="vtable"> - <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> - <br> <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br> - Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td> - <td width="78%" class="vtable"> - <textarea name="barnconfigpassthru" cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> - <br> - Arguments here will be automatically inserted into the running barnyard2 configuration.</td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"><input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings befor you click start. </td> - </tr> - </table> - </table> + ?> + + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Interface</td> + <td width="78%" class="vtable"><select name="interface" + class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" + <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Mysql Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log to a Mysql Database</td> + <td width="78%" class="vtable"><input name="barnyard_mysql" + type="text" class="formfld" id="barnyard_mysql" size="100" + value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br> + <span class="vexpl">Example: output database: alert, mysql, + dbname=snort user=snort host=localhost password=xyz<br> + Example: output database: log, mysql, dbname=snort user=snort + host=localhost password=xyz</span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Advanced Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Advanced configuration + pass through</td> + <td width="78%" class="vtable"><textarea name="barnconfigpassthru" + cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea> + <br> + Arguments here will be automatically inserted into the running + barnyard2 configuration.</td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save"><input type="button" class="formbtn" value="Cancel" + onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings befor you click start. </td> + </tr> + </table> + +</table> </form> </div> @@ -474,6 +484,6 @@ echo '</div>' . "\n"; enable_change(false); //--> </script> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 557ef4a4..87c41b67 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -1,34 +1,34 @@ <?php /* $Id$ */ /* - snort_blocked.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Modified for the Pfsense snort package v. 1.8+ - Copyright (C) 2009 Robert Zelaya Sr. Developer - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_blocked.php + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Modified for the Pfsense snort package v. 1.8+ + Copyright (C) 2009 Robert Zelaya Sr. Developer + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -46,17 +46,17 @@ if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0') if($_POST['todelete'] or $_GET['todelete']) { if($_POST['todelete']) - $ip = $_POST['todelete']; + $ip = $_POST['todelete']; if($_GET['todelete']) - $ip = $_GET['todelete']; + $ip = $_GET['todelete']; exec("/sbin/pfctl -t snort2c -T delete {$ip}"); } if ($_POST['remove']) { -exec("/sbin/pfctl -t snort2c -T flush"); -sleep(1); -header("Location: /snort/snort_blocked.php"); + exec("/sbin/pfctl -t snort2c -T flush"); + sleep(1); + header("Location: /snort/snort_blocked.php"); } @@ -67,11 +67,11 @@ if ($_POST['download']) ob_start(); //important or other posts will fail $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir /tmp/snort_blocked'); + exec('/bin/mkdir /tmp/snort_blocked'); exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); - + $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); - + if ($blocked_ips_array_save[0] != '') { @@ -82,8 +82,8 @@ if ($_POST['download']) $counter++; - exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); - + exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); + } } @@ -105,7 +105,7 @@ if ($_POST['download']) exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); od_end_clean(); //importanr or other post will fail }else{ - echo 'Error no saved file.'; + echo 'Error no saved file.'; } } @@ -117,114 +117,114 @@ if ($_POST['save']) if ($_POST['save']) { - + } - - /* no errors */ - if (!$input_errors) - { - + + /* no errors */ + if (!$input_errors) + { + $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - + conf_mount_rw(); write_config(); //conf_mount_ro(); sleep(2); header("Location: /snort/snort_blocked.php"); - - } - + + } + } /* build filter funcs */ function get_snort_alert_ip_src($fileline) { - /* SRC IP */ - $re1='.*?'; # Non-greedy match on filler - $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + /* SRC IP */ + $re1='.*?'; # Non-greedy match on filler + $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 - if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) - { - $alert_ip_src = $matches4[1][0]; - } + if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) + { + $alert_ip_src = $matches4[1][0]; + } -return $alert_ip_src; + return $alert_ip_src; } function get_snort_alert_disc($fileline) { - /* disc */ - if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) - { - $alert_disc = "$matches[2]"; - } + /* disc */ + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + { + $alert_disc = "$matches[2]"; + } -return $alert_disc; + return $alert_disc; } /* build sec filters */ function get_snort_block_ip($fileline) { - /* ip */ - if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) - { - $alert_block_ip = "$matches[0]"; - } + /* ip */ + if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) + { + $alert_block_ip = "$matches[0]"; + } -return $alert_block_ip; + return $alert_block_ip; } function get_snort_block_disc($fileline) { - /* disc */ - if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) - { - $alert_block_disc = "$matches[0]"; - } + /* disc */ + if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) + { + $alert_block_disc = "$matches[0]"; + } -return $alert_block_disc; + return $alert_block_disc; } /* tell the user what settings they have */ $blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; - if ($blockedtab_msg_chk == "1h_b") { - $blocked_msg = "hour"; - } - if ($blockedtab_msg_chk == "3h_b") { - $blocked_msg = "3 hours"; - } - if ($blockedtab_msg_chk == "6h_b") { - $blocked_msg = "6 hours"; - } - if ($blockedtab_msg_chk == "12h_b") { - $blocked_msg = "12 hours"; - } - if ($blockedtab_msg_chk == "1d_b") { - $blocked_msg = "day"; - } - if ($blockedtab_msg_chk == "4d_b") { - $blocked_msg = "4 days"; - } - if ($blockedtab_msg_chk == "7d_b") { - $blocked_msg = "7 days"; - } - if ($blockedtab_msg_chk == "28d_b") { - $blocked_msg = "28 days"; - } +if ($blockedtab_msg_chk == "1h_b") { + $blocked_msg = "hour"; +} +if ($blockedtab_msg_chk == "3h_b") { + $blocked_msg = "3 hours"; +} +if ($blockedtab_msg_chk == "6h_b") { + $blocked_msg = "6 hours"; +} +if ($blockedtab_msg_chk == "12h_b") { + $blocked_msg = "12 hours"; +} +if ($blockedtab_msg_chk == "1d_b") { + $blocked_msg = "day"; +} +if ($blockedtab_msg_chk == "4d_b") { + $blocked_msg = "4 days"; +} +if ($blockedtab_msg_chk == "7d_b") { + $blocked_msg = "7 days"; +} +if ($blockedtab_msg_chk == "28d_b") { + $blocked_msg = "28 days"; +} if ($blockedtab_msg_chk != "never_b") { -$blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; + $blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; }else{ -$blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; + $blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; } - + $pgtitle = "Services: Snort Blocked Hosts"; include("/usr/local/pkg/snort/snort_head.inc"); @@ -232,7 +232,7 @@ include("/usr/local/pkg/snort/snort_head.inc"); <body link="#000000" vlink="#000000" alink="#000000"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -241,7 +241,7 @@ include("/usr/local/pkg/snort/snort_head.inc"); }); </script> -<?php +<?php include("fbegin.inc"); echo $snort_general_css; @@ -254,225 +254,222 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '') ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<div class="body2"> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <!-- not needed maybe <script src="/javascript/row_toggle.js" type="text/javascript"></script> <script src="/javascript/sorttable.js" type="text/javascript"></script> ---> - -<?php if ($savemsg) print_info_box($savemsg); ?> +--> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - - </td> - </tr> - - <tr> + <tr> <td> - <div id="mainarea2"> - - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="22%" colspan="0" class="listtopic"> - Last <?=$bnentries;?> Blocked. - </td> - <td width="78%" class="listtopic"> - This page lists hosts that have been blocked by Snort. <?=$blocked_msg_txt;?> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Save or Remove Hosts</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"> - <input name="download" type="submit" class="formbtn" value="Download"> - All blocked hosts will be saved. - <input name="remove" type="submit" class="formbtn" value="Clear"> - <span class="red"><strong>Warning:</strong></span> all hosts will be removed. - </form> - </td> - </tr> - <tr> - <td width="22%" class="vncell">Auto Refresh and Log View</td> - <td width="78%" class="vtable"> - <form action="/snort/snort_blocked.php" method="post"> - <input name="save" type="submit" class="formbtn" value="Save"> - Refresh - <input name="brefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> - <strong>Default</strong> is <strong>ON</strong>. - <input name="blertnumber" type="text" class="formfld" id="blertnumber" size="5" value="<?=htmlspecialchars($bnentries);?>"> - Enter the number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. - </form> - </td> - </tr> - </table> - </div> - <br> - </td> - </tr> - - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Remove</td> - <td class="listhdrr">#</td> - <td class="listhdrr">IP</td> - <td class="listhdrr">Alert Description</td> - </tr> -<?php -/* set the arrays */ -exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); -$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); -$blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li class="snorttabs_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> -$logent = $bnentries; - -if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') -{ - - /* build the list and compare blocks to alerts */ - $counter = 0; - foreach($alerts_array as $fileline) - { - - $counter++; - - $alert_ip_src = get_snort_alert_ip_src($fileline); - $alert_ip_disc = get_snort_alert_disc($fileline); - $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); - - if (in_array("$alert_ip_src", $blocked_ips_array)) - { - $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; - } - } - - foreach($blocked_ips_array as $alert_block_ip) - { - - if (!in_array($alert_block_ip, $alert_ip_src_array)) - { - $input[] = "[$alert_block_ip] " . "[N\A]\n"; - } - } - - /* reduce double occurrences */ - $result = array_unique($input); - - /* buil final list, preg_match, buld html */ - $counter2 = 0; - - foreach($result as $fileline2) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_ip_str = get_snort_block_ip($fileline2); - - if($alert_block_ip_str != '') - { - $alert_block_ip_match = array('[',']'); - $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); - }else{ - $alert_block_ip = 'empty'; - } + </td> + </tr> - $alert_block_disc_str = get_snort_block_disc($fileline2); + <tr> + <td> + <div id="mainarea2"> - if($alert_block_disc_str != '') - { - $alert_block_disc_match = array('] [',']'); - $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); - }else{ - $alert_block_disc = 'empty'; - } + <table id="maintable" class="tabcont" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td width="22%" colspan="0" class="listtopic">Last <?=$bnentries;?> + Blocked.</td> + <td width="78%" class="listtopic">This page lists hosts that have + been blocked by Snort. <?=$blocked_msg_txt;?></td> + </tr> + <tr> + <td width="22%" class="vncell">Save or Remove Hosts</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_blocked.php" method="post"><input + name="download" type="submit" class="formbtn" value="Download"> All + blocked hosts will be saved. <input name="remove" type="submit" + class="formbtn" value="Clear"> <span class="red"><strong>Warning:</strong></span> + all hosts will be removed.</form> + </td> + </tr> + <tr> + <td width="22%" class="vncell">Auto Refresh and Log View</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_blocked.php" method="post"><input + name="save" type="submit" class="formbtn" value="Save"> Refresh <input + name="brefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> + <strong>Default</strong> is <strong>ON</strong>. <input + name="blertnumber" type="text" class="formfld" id="blertnumber" + size="5" value="<?=htmlspecialchars($bnentries);?>"> Enter the + number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. + </form> + </td> + </tr> + </table> + </div> + <br> + </td> + </tr> - /* use one echo to do the magic*/ - echo "<tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" + cellpadding="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Remove</td> + <td class="listhdrr">#</td> + <td class="listhdrr">IP</td> + <td class="listhdrr">Alert Description</td> + </tr> + <?php + + /* set the arrays */ + exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); + $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); + $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); + + $logent = $bnentries; + + if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') + { + + /* build the list and compare blocks to alerts */ + $counter = 0; + foreach($alerts_array as $fileline) + { + + $counter++; + + $alert_ip_src = get_snort_alert_ip_src($fileline); + $alert_ip_disc = get_snort_alert_disc($fileline); + $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); + + if (in_array("$alert_ip_src", $blocked_ips_array)) + { + $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; + } + } + + foreach($blocked_ips_array as $alert_block_ip) + { + + if (!in_array($alert_block_ip, $alert_ip_src_array)) + { + $input[] = "[$alert_block_ip] " . "[N\A]\n"; + } + } + + /* reduce double occurrences */ + $result = array_unique($input); + + /* buil final list, preg_match, buld html */ + $counter2 = 0; + + foreach($result as $fileline2) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_ip_str = get_snort_block_ip($fileline2); + + if($alert_block_ip_str != '') + { + $alert_block_ip_match = array('[',']'); + $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); + }else{ + $alert_block_ip = 'empty'; + } + + $alert_block_disc_str = get_snort_block_disc($fileline2); + + if($alert_block_disc_str != '') + { + $alert_block_disc_match = array('] [',']'); + $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); + }else{ + $alert_block_disc = 'empty'; + } + + /* use one echo to do the magic*/ + echo "<tr> <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> <td> {$counter2}</td> <td> {$alert_block_ip}</td> <td> {$alert_block_disc}</td> </tr>\n"; - - } -}else{ + } - /* if alerts file is empty and blocked table is not empty */ - $counter2 = 0; + }else{ - foreach($blocked_ips_array as $alert_block_ip) - { - if($logent <= $counter2) - continue; - - $counter2++; - - $alert_block_disc = 'N/A'; - - /* use one echo to do the magic*/ - echo "<tr> + /* if alerts file is empty and blocked table is not empty */ + $counter2 = 0; + + foreach($blocked_ips_array as $alert_block_ip) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_disc = 'N/A'; + + /* use one echo to do the magic*/ + echo "<tr> <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> <td> {$counter2}</td> <td> {$alert_block_ip}</td> <td> {$alert_block_disc}</td> </tr>\n"; - } -} + } + } -echo '</table>' . "\n"; + echo '</table>' . "\n"; -if ($blocked_ips_array[0] == '') -{ - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; -}else{ - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; -} + if ($blocked_ips_array[0] == '') + { + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; + }else{ + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; + } -?> - </td> - </tr> + ?> + </td> + </tr> </table> - </td> - </tr> -</table> -</div> + </td> + </tr> + </table> + </div> -<?php + <?php -include("fend.inc"); + include("fend.inc"); echo $snort_custom_rnd_box; ?> - </body> </html> diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index d5d5e095..0beff5dc 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -1,34 +1,34 @@ <?php
/* $Id$ */
/*
- snort_chk_log_dir_size.php
- part of pfSense
-
- Modified for the Pfsense snort package v. 1.8+
- Copyright (C) 2009-2010 Robert Zelaya Developer
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ snort_chk_log_dir_size.php
+ part of pfSense
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009-2010 Robert Zelaya Developer
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("/usr/local/pkg/snort/snort.inc");
@@ -41,7 +41,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); /* chk if snort log dir is full if so clear it */
-$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
+$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
if ($g['booting']==true) {
@@ -52,27 +52,27 @@ if ($snortloglimit == 'off') { exit(0);
}
-$snortloglimitDSKsize = exec('df -k /var | grep -v "Filesystem" | awk \'{print \$4}\'');
+$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\'');
-$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert');
+$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert');
$snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
$snortloglimitsizeKB = round($snortloglimitsize * 1024);
/* do I need HUP kill ? */
if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
- conf_mount_rw();
- if(file_exists('/var/log/snort/alert')) {
- if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
- exec('/bin/echo "" > /var/log/snort/alert');
- }
- post_delete_logs();
- exec('/usr/sbin/chown snort:snort /var/log/snort/*');
- exec('/bin/chmod 660 /var/log/snort/*');
- //sleep(2);
- //exec('/usr/bin/killall -HUP snort');
- }
- conf_mount_ro();
+ conf_mount_rw();
+ if(file_exists('/var/log/snort/alert')) {
+ if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
+ exec('/bin/echo "" > /var/log/snort/alert');
+ }
+ post_delete_logs();
+ exec('/usr/sbin/chown snort:snort /var/log/snort/*');
+ exec('/bin/chmod 660 /var/log/snort/*');
+ //sleep(2);
+ //exec('/usr/bin/killall -HUP snort');
+ }
+ conf_mount_ro();
}
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 31cdc42d..51d403d9 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -1,32 +1,32 @@ <?php /* $Id$ */ /* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_rulesets.php + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ /* Setup enviroment */ @@ -44,7 +44,7 @@ function read_header2($ch, $string) { $regs = ""; ereg("(Content-Length:) (.*)", $string, $regs); if($regs[2] <> "") { - $file_size = intval($regs[2]); + $file_size = intval($regs[2]); } ob_flush(); return $length; @@ -68,7 +68,7 @@ function read_body2($ch, $string) { $lastseen = $downloadProgress; } if($fout) - fwrite($fout, $string); + fwrite($fout, $string); ob_flush(); return $length; } @@ -76,57 +76,57 @@ function read_body2($ch, $string) { ////////////////////////////////>>>>>>>>>> function read_body_firmware($ch, $string) { - global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $a = $file_size; - $b = $downloaded; - $c = $downloadProgress; - $text = " Snort download in progress\\n"; - $text .= "----------------------------------------------------\\n"; - $text .= " Downloaded : {$b}\\n"; - $text .= "----------------------------------------------------\\n"; - $counter++; - if($counter > 150) { - update_output_window($text); - update_progress_bar($downloadProgress); - flush(); - $counter = 0; - } - fwrite($fout, $string); - return $length; + global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + $a = $file_size; + $b = $downloaded; + $c = $downloadProgress; + $text = " Snort download in progress\\n"; + $text .= "----------------------------------------------------\\n"; + $text .= " Downloaded : {$b}\\n"; + $text .= "----------------------------------------------------\\n"; + $counter++; + if($counter > 150) { + update_output_window($text); + update_progress_bar($downloadProgress); + flush(); + $counter = 0; + } + fwrite($fout, $string); + return $length; } function download_file_with_progress_bar2($url_file, $destination_file, $readbody = 'read_body') { - global $ch, $fout, $file_size, $downloaded; - $file_size = 1; - $downloaded = 1; - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; + global $ch, $fout, $file_size, $downloaded; + $file_size = 1; + $downloaded = 1; + /* open destination file */ + $fout = fopen($destination_file, "wb"); + + /* + * Originally by Author: Keyvan Minoukadeh + * Modified by Scott Ullrich to return Content-Length size + */ + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); + curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if($fout) + fclose($fout); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; } ////////////////////////////// @@ -148,16 +148,16 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' if ($oinkid == '' && $snortdownload == 'on') { - echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n"; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); - exit; + echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); + exit; } if ($snortdownload != "on" && $emergingthreats != "on") { - echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n'; - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'"); - exit; + echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n'; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'"); + exit; } /* Time stamps define */ @@ -197,8 +197,8 @@ conf_mount_rw(); /* remove old $tmpfname files */ if (file_exists("{$tmpfname}")) { - echo 'Removing old tmp files...' . "\n"; - exec("/bin/rm -r {$tmpfname}"); + echo 'Removing old tmp files...' . "\n"; + exec("/bin/rm -r {$tmpfname}"); apc_clear_cache(); } @@ -216,14 +216,14 @@ conf_mount_rw(); if (file_exists($tmpfname)) { echo 'The directory tmp exists...' . "\n"; } else { - mkdir("{$tmpfname}", 700); + mkdir("{$tmpfname}", 700); } /* download md5 sig from snort.org */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { + filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { echo 'snort.org md5 temp file exists...' . "\n"; } else { echo 'Downloading snort.org md5 file...' . "\n"; @@ -239,14 +239,14 @@ if ($snortdownload == 'on') /* download md5 sig from emergingthreats.net */ if ($emergingthreats == "on") { - echo 'Downloading emergingthreats md5 file...' . "\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - echo 'Done downloading emergingthreats md5' . "\n"; + echo 'Downloading emergingthreats md5 file...' . "\n"; + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); + // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); + $f = fopen("{$tmpfname}/version.txt", 'w'); + fwrite($f, $image); + fclose($f); + echo 'Done downloading emergingthreats md5' . "\n"; } /* download md5 sig from pfsense.org */ @@ -254,12 +254,12 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { echo 'Pfsense md5 temp file exists...' . "\n"; } else { echo 'Downloading pfsense md5 file...' . "\n"; - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); -// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); + // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); + $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); + fwrite($f, $image); + fclose($f); echo 'Done downloading pfsense md5.' . "\n"; } @@ -282,7 +282,7 @@ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ echo 'Please wait... You may only check for New Pfsense Rules every 15 minutes...' . "\n"; echo 'Rules are released to support Pfsense packages.' . "\n"; conf_mount_ro(); - exit(0); + exit(0); } /* Check if were up to date snort.org */ @@ -300,7 +300,7 @@ if ($snortdownload == 'on') if ($md5_check_new == $md5_check_old) { echo 'Your rules are up to date...' . "\n"; - echo 'You may start Snort now, check update.' . "\n"; + echo 'You may start Snort now, check update.' . "\n"; $snort_md5_check_ok = on; } } @@ -319,7 +319,7 @@ if ($emergingthreats == "on") // Will cause switch back to read-only on nanobsd write_config(); conf_mount_rw(); - if ($emerg_md5_check_new == $emerg_md5_check_old) + if ($emerg_md5_check_new == $emerg_md5_check_old) { $emerg_md5_check_ok = on; } @@ -327,21 +327,21 @@ if ($emergingthreats == "on") } /* Check if were up to date pfsense.org */ - if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) +if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) +{ + $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + // Will cause switch back to read-only on nanobsd + write_config(); + conf_mount_rw(); + if ($pfsense_md5_check_new == $pfsense_md5_check_old) { - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - /* Write out time of last sucsessful md5 to cache */ - // Will cause switch back to read-only on nanobsd - write_config(); - conf_mount_rw(); - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - $pfsense_md5_check_ok = on; - } + $pfsense_md5_check_ok = on; } +} /* Check if were up to date is so, exit */ /* WARNING This code needs constant checks */ @@ -349,10 +349,10 @@ if ($snortdownload == 'on' && $emergingthreats == 'on') { if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on') { - echo 'All your rules are up to date...' . "\n"; - echo 'You may start Snort now...' . "\n"; - conf_mount_ro(); - exit(0); + echo 'All your rules are up to date...' . "\n"; + echo 'You may start Snort now...' . "\n"; + conf_mount_ro(); + exit(0); } } @@ -360,10 +360,10 @@ if ($snortdownload == 'on' && $emergingthreats == 'off') { if ($snort_md5_check_ok == 'on') { - echo 'Your snort.org rules are up to date...' . "\n"; - echo 'You may start Snort now...' . "\n"; - conf_mount_ro(); - exit(0); + echo 'Your snort.org rules are up to date...' . "\n"; + echo 'You may start Snort now...' . "\n"; + conf_mount_ro(); + exit(0); } } @@ -371,13 +371,13 @@ if ($snortdownload == 'off' && $emergingthreats == 'on') { if ($emerg_md5_check_ok == 'on') { - echo 'Your Emergingthreats rules are up to date...' . "\n"; - echo 'You may start Snort now...' . "\n"; - conf_mount_ro(); - exit(0); + echo 'Your Emergingthreats rules are up to date...' . "\n"; + echo 'You may start Snort now...' . "\n"; + conf_mount_ro(); + exit(0); } } - + /* You are Not Up to date, always stop snort when updating rules for low end machines */; echo 'You are NOT up to date...' . "\n"; echo 'Stopping Snort service...' . "\n"; @@ -392,51 +392,51 @@ if ($chk_if_snort_up != "") { if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - echo 'Snortrule tar file exists...' . "\n"; - } else { - echo 'There is a new set of Snort.org rules posted. Downloading...' . "\n"; - echo 'May take 4 to 10 min...' . "\n"; - conf_mount_rw(); - download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - echo 'Done downloading rules file.' . "\n"; - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - echo 'Error with the snort rules download...' . "\n"; - echo 'Snort rules file downloaded failed...' . "\n"; - conf_mount_ro(); - exit(0); - } + if (file_exists("{$tmpfname}/{$snort_filename}")) { + echo 'Snortrule tar file exists...' . "\n"; + } else { + echo 'There is a new set of Snort.org rules posted. Downloading...' . "\n"; + echo 'May take 4 to 10 min...' . "\n"; + conf_mount_rw(); + download_file_with_progress_bar2("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + echo 'Done downloading rules file.' . "\n"; + if (150000 > filesize("{$tmpfname}/$snort_filename")){ + echo 'Error with the snort rules download...' . "\n"; + echo 'Snort rules file downloaded failed...' . "\n"; + conf_mount_ro(); + exit(0); + } } } } - + /* download emergingthreats rules file */ -if ($emergingthreats == "on") +if ($emergingthreats == "on") { if ($emerg_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - echo 'Emergingthreats tar file exists...' . "\n"; - }else{ - echo 'There is a new set of Emergingthreats rules posted. Downloading...' . "\n"; - echo 'May take 4 to 10 min...' . "\n"; - download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - echo 'Done downloading Emergingthreats rules file.' . "\n"; + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + echo 'Emergingthreats tar file exists...' . "\n"; + }else{ + echo 'There is a new set of Emergingthreats rules posted. Downloading...' . "\n"; + echo 'May take 4 to 10 min...' . "\n"; + download_file_with_progress_bar2("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); + echo 'Done downloading Emergingthreats rules file.' . "\n"; } } } /* download pfsense rules file */ if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo 'Snortrule tar file exists...' . "\n"; -} else { - echo 'There is a new set of Pfsense rules posted. Downloading...' . "\n"; - echo 'May take 4 to 10 min...' . "\n"; - download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - echo 'Done downloading rules file.' . "\n"; - } + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + echo 'Snortrule tar file exists...' . "\n"; + } else { + echo 'There is a new set of Pfsense rules posted. Downloading...' . "\n"; + echo 'May take 4 to 10 min...' . "\n"; + download_file_with_progress_bar2("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); + echo 'Done downloading rules file.' . "\n"; + } } /* Compair md5 sig to file sig */ @@ -471,30 +471,30 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - - if ($pfsense_stable == 'yes') - { - $freebsd_version_so = 'FreeBSD-7-2'; - }else{ - $freebsd_version_so = 'FreeBSD-8-0'; - } - - echo 'Extracting Snort.org rules...' . "\n"; - echo 'May take a while...' . "\n"; - /* extract snort.org rules and add prefix to all snort.org files*/ - exec("/bin/rm -r {$snortdir}/rules"); - sleep(2); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("/usr/local/etc/snort/rules"); - sleep(2); - exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - /* extract so rules */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/"); - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/* /usr/local/lib/snort/dynamicrules/"); - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . + if (file_exists("{$tmpfname}/{$snort_filename}")) { + + if ($pfsense_stable == 'yes') + { + $freebsd_version_so = 'FreeBSD-7-2'; + }else{ + $freebsd_version_so = 'FreeBSD-8-0'; + } + + echo 'Extracting Snort.org rules...' . "\n"; + echo 'May take a while...' . "\n"; + /* extract snort.org rules and add prefix to all snort.org files*/ + exec("/bin/rm -r {$snortdir}/rules"); + sleep(2); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); + chdir ("/usr/local/etc/snort/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + /* extract so rules */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/"); + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.0/* /usr/local/lib/snort/dynamicrules/"); + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . " so_rules/dos.rules/" . " so_rules/exploit.rules/" . @@ -511,37 +511,37 @@ if ($snortdownload == 'on') " so_rules/web-client.rules/" . " so_rules/web-iis.rules/" . " so_rules/web-misc.rules/"); - - exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - - /* extract base etc files */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - - echo 'Done extracting Snort.org Rules.' . "\n"; - }else{ - echo 'Error extracting Snort.org Rules...' . "\n"; - echo 'Error Line 755' . "\n"; - conf_mount_ro(); - exit(0); + + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + echo 'Done extracting Snort.org Rules.' . "\n"; + }else{ + echo 'Error extracting Snort.org Rules...' . "\n"; + echo 'Error Line 755' . "\n"; + conf_mount_ro(); + exit(0); } } } @@ -562,46 +562,46 @@ if ($emergingthreats == "on") /* Untar Pfsense rules to tmp */ if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - echo 'Extracting Pfsense rules...' . "\n"; - echo 'May take a while...' . "\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + echo 'Extracting Pfsense rules...' . "\n"; + echo 'May take a while...' . "\n"; + exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); + } } /* Untar snort signatures */ if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; -if ($premium_url_chk == on) { - echo 'Extracting Signatures...' . "\n"; - echo 'May take a while...' . "\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - echo 'Done extracting Signatures.' . "\n"; - } - } + if (file_exists("{$tmpfname}/{$snort_filename}")) { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == on) { + echo 'Extracting Signatures...' . "\n"; + echo 'May take a while...' . "\n"; + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); + echo 'Done extracting Signatures.' . "\n"; + } + } } /* Copy md5 sig to snort dir */ if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - echo 'Copying md5 sig to snort directory...' . "\n"; - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - echo 'The md5 file does not exist...' . "\n"; - echo 'Error copying config...' . "\n"; - conf_mount_ro(); - exit(0); + if (file_exists("{$tmpfname}/$snort_filename_md5")) { + echo 'Copying md5 sig to snort directory...' . "\n"; + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + }else{ + echo 'The md5 file does not exist...' . "\n"; + echo 'Error copying config...' . "\n"; + conf_mount_ro(); + exit(0); } } -} - +} + /* Copy emergingthreats md5 sig to snort dir */ if ($emergingthreats == "on") { - if ($emerg_md5_check_ok != on) + if ($emerg_md5_check_ok != on) { if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { @@ -612,24 +612,24 @@ if ($emergingthreats == "on") echo 'Error copying config...' . "\n"; conf_mount_ro(); exit(0); - } + } } } /* Copy Pfsense md5 sig to snort dir */ if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - echo 'Copying Pfsense md5 sig to snort directory...' . "\n"; - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - update_status(gettext("")); - echo 'The Pfsense md5 file does not exist...' . "\n"; - echo 'Error copying config...' . "\n"; - conf_mount_ro(); - exit(0); - } + if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { + echo 'Copying Pfsense md5 sig to snort directory...' . "\n"; + exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); + } else { + update_status(gettext("")); + echo 'The Pfsense md5 file does not exist...' . "\n"; + echo 'Error copying config...' . "\n"; + conf_mount_ro(); + exit(0); + } } - + /* Copy signatures dir to snort dir */ if ($snortdownload == 'on') { @@ -639,16 +639,16 @@ if ($snortdownload == 'on') if ($premium_url_chk == on) { if (file_exists("{$snortdir}/doc/signatures")) { - echo 'Copying signatures...' . "\n"; - echo 'May take a while...' . "\n"; - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - echo 'Done copying signatures.' . "\n"; - }else{ - echo 'Directory signatures exist...' . "\n"; - echo 'Error copying signature...' . "\n"; - conf_mount_ro(); - exit(0); + echo 'Copying signatures...' . "\n"; + echo 'May take a while...' . "\n"; + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + exec("/bin/rm -r {$snortdir}/doc/signatures"); + echo 'Done copying signatures.' . "\n"; + }else{ + echo 'Directory signatures exist...' . "\n"; + echo 'Error copying signature...' . "\n"; + conf_mount_ro(); + exit(0); } } } @@ -687,28 +687,28 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r function oinkmaster_conf($id, $if_real, $iface_uuid) { - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - conf_mount_rw(); - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } + /* enable disable setting will carry over with updates */ + /* TODO carry signature changes with the updates */ + if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { + $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; + $enabled_sid_on_array = split('\|\|', $enabled_sid_on); + foreach($enabled_sid_on_array as $enabled_item_on) + $selected_sid_on_sections .= "$enabled_item_on\n"; + } + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; + $enabled_sid_off_array = split('\|\|', $enabled_sid_off); + foreach($enabled_sid_off_array as $enabled_item_off) + $selected_sid_off_sections .= "$enabled_item_off\n"; + } -$snort_sid_text = <<<EOD + $snort_sid_text = <<<EOD ########################################### # # @@ -722,19 +722,19 @@ update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ url = dir:///usr/local/etc/snort/rules -$selected_sid_on_sections + $selected_sid_on_sections -$selected_sid_off_sections + $selected_sid_off_sections EOD; - /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); + /* open snort's oinkmaster.conf for writing */ + $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); - fwrite($oinkmasterlist, "$snort_sid_text"); + fwrite($oinkmasterlist, "$snort_sid_text"); - /* close snort's oinkmaster.conf file */ - fclose($oinkmasterlist); + /* close snort's oinkmaster.conf file */ + fclose($oinkmasterlist); } } @@ -745,38 +745,38 @@ EOD; function oinkmaster_run($id, $if_real, $iface_uuid) { - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - conf_mount_rw(); + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') { - echo 'Your first set of rules are being copied...' . "\n"; - echo 'May take a while...' . "\n"; - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + echo 'Your first set of rules are being copied...' . "\n"; + echo 'May take a while...' . "\n"; + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); }else{ - echo 'Your enable and disable changes are being applied to your fresh set of rules...' . "\n"; - echo 'May take a while...' . "\n"; - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); + echo 'Your enable and disable changes are being applied to your fresh set of rules...' . "\n"; + echo 'May take a while...' . "\n"; + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); } } } @@ -791,17 +791,17 @@ if (!empty($config['installedpackages']['snortglobal']['rule'])) $id = -1; foreach ($rule_array as $value) { - $id += 1; + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf($id, $if_real, $iface_uuid); - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); + /* run oinkmaster for each interface rule */ + oinkmaster_run($id, $if_real, $iface_uuid); } } @@ -842,8 +842,8 @@ if (file_exists("/tmp/snort_download_halt.pid")) { echo 'Snort has restarted with your new set of rules...' . "\n"; exec("/bin/rm /tmp/snort_download_halt.pid"); } else { - echo 'The Rules update finished...' . "\n"; - echo 'You may start snort now...' . "\n\n"; + echo 'The Rules update finished...' . "\n"; + echo 'You may start snort now...' . "\n\n"; } /* script finnished make system read only again */ diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index c9e06c91..2b3ade1a 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -1,36 +1,36 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ -/* +/* TODO: Nov 12 09 Clean this code up its ugly @@ -52,11 +52,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } @@ -82,7 +82,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; @@ -129,8 +129,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; -if (isset($_GET['dup'])) - unset($id); + if (isset($_GET['dup'])) + unset($id); } /* convert fake interfaces to real */ @@ -142,133 +142,134 @@ $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - if ($_POST["Submit"]) { +if ($_POST["Submit"]) { /* check for overlaps */ -/* if no errors write to conf */ + /* if no errors write to conf */ if (!$input_errors) { $natent = array(); - /* repost the options already in conf */ - if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } - if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } - if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } - if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } - if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } - if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } - if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } - if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } - if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } - if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } - if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } - - + /* repost the options already in conf */ + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } + if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } + if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } + if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } + if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } + + /* post new options */ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } - if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } + if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } - if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } + if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } - if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } + if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } - if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } + if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } - if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } + if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } - if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } + if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } - if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } - if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } + if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; + $a_nat[$id] = $natent; else { if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); + array_splice($a_nat, $after+1, 0, array($natent)); else - $a_nat[] = $natent; + $a_nat[] = $natent; } write_config(); - + /* after click go to this page */ - + touch($d_snortconfdirty_path); - + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); sleep(2); - + header("Location: snort_define_servers.php?id=$id"); - + exit; } } - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { + +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { - write_config(); + write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); - unlink($d_snortconfdirty_path); + unlink($d_snortconfdirty_path); - } - } +} + $pgtitle = "Snort: Interface $id$if_real Define Servers"; include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> @@ -278,29 +279,34 @@ echo "{$snort_general_css}\n"; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <div class="body2"> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> -<form action="snort_define_servers.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php +<form action="snort_define_servers.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box2($savemsg); } //if (file_exists($d_snortconfdirty_path)) { if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; + echo '<p>'; if($savemsg) { print_info_box_np2("{$savemsg}"); @@ -312,39 +318,38 @@ echo "{$snort_general_css}\n"; } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if($id != "") -{ - -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; - echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; - echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; + <tr> + <td class="tabnavtbl"><?php + if($id != "") + { + + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; + echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; + echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; -} -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " + } + ?></td> + </tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " <style type=\"text/css\"> .noid { position:absolute; @@ -359,239 +364,304 @@ echo '</div>' . "\n"; } </style> <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> - Please save your settings before you click start.<br> - Please make sure there are <strong>no spaces</strong> in your definitions. - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Define Servers</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> - <td width="78%" class="vtable"> - <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> - <td width="78%" class="vtable"> - <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> - <td width="78%" class="vtable"> - <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> - <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> - <td width="78%" class="vtable"> - <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> - <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - </table> + + } + ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> + Please save your settings before you click start.<br> + Please make sure there are <strong>no spaces</strong> in your + definitions. </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Define Servers</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define DNS_SERVERS</td> + <td width="78%" class="vtable"><input name="def_dns_servers" + type="text" class="formfld" id="def_dns_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define DNS_PORTS</td> + <td width="78%" class="vtable"><input name="def_dns_ports" + type="text" class="formfld" id="def_dns_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 53.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SMTP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_smtp_servers" + type="text" class="formfld" id="def_smtp_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SMTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_smtp_ports" + type="text" class="formfld" id="def_smtp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define Mail_Ports</td> + <td width="78%" class="vtable"><input name="def_mail_ports" + type="text" class="formfld" id="def_mail_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25,143,465,691.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define HTTP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_http_servers" + type="text" class="formfld" id="def_http_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define WWW_SERVERS</td> + <td width="78%" class="vtable"><input name="def_www_servers" + type="text" class="formfld" id="def_www_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define HTTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_http_ports" + type="text" class="formfld" id="def_http_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 80.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SQL_SERVERS</td> + <td width="78%" class="vtable"><input name="def_sql_servers" + type="text" class="formfld" id="def_sql_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define ORACLE_PORTS</td> + <td width="78%" class="vtable"><input name="def_oracle_ports" + type="text" class="formfld" id="def_oracle_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 1521.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define MSSQL_PORTS</td> + <td width="78%" class="vtable"><input name="def_mssql_ports" + type="text" class="formfld" id="def_mssql_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 1433.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define TELNET_SERVERS</td> + <td width="78%" class="vtable"><input name="def_telnet_servers" + type="text" class="formfld" id="def_telnet_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define TELNET_PORTS</td> + <td width="78%" class="vtable"><input name="def_telnet_ports" + type="text" class="formfld" id="def_telnet_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 23.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SNMP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_snmp_servers" + type="text" class="formfld" id="def_snmp_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SNMP_PORTS</td> + <td width="78%" class="vtable"><input name="def_snmp_ports" + type="text" class="formfld" id="def_snmp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 161.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define FTP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_ftp_servers" + type="text" class="formfld" id="def_ftp_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define FTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_ftp_ports" + type="text" class="formfld" id="def_ftp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 21.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSH_SERVERS</td> + <td width="78%" class="vtable"><input name="def_ssh_servers" + type="text" class="formfld" id="def_ssh_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSH_PORTS</td> + <td width="78%" class="vtable"><input name="def_ssh_ports" + type="text" class="formfld" id="def_ssh_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is Pfsense SSH port.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define POP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_pop_servers" + type="text" class="formfld" id="def_pop_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define POP2_PORTS</td> + <td width="78%" class="vtable"><input name="def_pop2_ports" + type="text" class="formfld" id="def_pop2_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 109.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define POP3_PORTS</td> + <td width="78%" class="vtable"><input name="def_pop3_ports" + type="text" class="formfld" id="def_pop3_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 110.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define IMAP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_imap_servers" + type="text" class="formfld" id="def_imap_servers" size="40" + value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define IMAP_PORTS</td> + <td width="78%" class="vtable"><input name="def_imap_ports" + type="text" class="formfld" id="def_imap_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 143.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_IP</td> + <td width="78%" class="vtable"><input name="def_sip_proxy_ip" + type="text" class="formfld" id="def_sip_proxy_ip" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PROXY_PORTS</td> + <td width="78%" class="vtable"><input name="def_sip_proxy_ports" + type="text" class="formfld" id="def_sip_proxy_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> + <td width="78%" class="vtable"><input name="def_auth_ports" + type="text" class="formfld" id="def_auth_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 113.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define FINGER_PORTS</td> + <td width="78%" class="vtable"><input name="def_finger_ports" + type="text" class="formfld" id="def_finger_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 79.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define IRC_PORTS</td> + <td width="78%" class="vtable"><input name="def_irc_ports" + type="text" class="formfld" id="def_irc_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define NNTP_PORTS</td> + <td width="78%" class="vtable"><input name="def_nntp_ports" + type="text" class="formfld" id="def_nntp_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 119.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define RLOGIN_PORTS</td> + <td width="78%" class="vtable"><input name="def_rlogin_ports" + type="text" class="formfld" id="def_rlogin_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 513.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define RSH_PORTS</td> + <td width="78%" class="vtable"><input name="def_rsh_ports" + type="text" class="formfld" id="def_rsh_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 514.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSL_PORTS</td> + <td width="78%" class="vtable"><input name="def_ssl_ports" + type="text" class="formfld" id="def_ssl_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save"> <input type="button" class="formbtn" value="Cancel" + onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + +</table> </form> </div> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index dc093015..d9652eb3 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -1,32 +1,32 @@ <?php /* $Id$ */ /* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_rulesets.php + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ /* Setup enviroment */ @@ -48,7 +48,7 @@ $pfsense_rules_filename = "pfsense_rules.tar.gz"; $id_d = $_GET['id_d']; if (isset($_POST['id_d'])) - $id_d = $_POST['id_d']; +$id_d = $_POST['id_d']; /* Time stamps define */ $last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; @@ -59,26 +59,26 @@ $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - if ($snortdownload == 'off' && $emergingthreats != 'on') - { - $snort_emrging_info = 'stop'; - } +if ($snortdownload == 'off' && $emergingthreats != 'on') +{ + $snort_emrging_info = 'stop'; +} - if ($oinkid == "" && $snortdownload != 'off') - { - $snort_oinkid_info = 'stop'; - } +if ($oinkid == "" && $snortdownload != 'off') +{ + $snort_oinkid_info = 'stop'; +} + + +/* check if main rule directory is empty */ +$if_mrule_dir = "/usr/local/etc/snort/rules"; +$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - - /* check if main rule directory is empty */ - $if_mrule_dir = "/usr/local/etc/snort/rules"; - $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - if (file_exists('/var/run/snort.conf.dirty')) { $snort_dirty_d = 'stop'; } - + $pgtitle = "Services: Snort: Update Rules"; include("/usr/local/pkg/snort/snort_head.inc"); @@ -92,81 +92,72 @@ include("/usr/local/pkg/snort/snort_head.inc"); <?php //include("./snort_fbegin.inc"); ?> -<div id="wrapper" style="top:200px"> - <div id="content"> - <div id="right" style="min-height:200px"> - -<br> - -<!-- after fbegin --> +<div id="wrapper" style="top: 200px"> +<div id="content"> +<div id="right" style="min-height: 200px"><br> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<!-- after fbegin --> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <form action="./snort_testing.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - -</td> -</tr> - <br> - <tr> + <tr> + <td></td> + </tr> + <br> + <tr> <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td align="center" valign="top"> - <!-- progress bar --> - <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'> - <tr> - <td> - <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' /> - </td> - </tr> - </table> - <br /> - <!-- status box --> - <textarea cols="60" rows="2" name="status" id="status" wrap="hard"> - <?=gettext("Initializing...");?> - </textarea> - <!-- command output box --> - <textarea cols="60" rows="2" name="output" id="output" wrap="hard"> - </textarea> - </td> - </tr> - </table> - </div> - </td> - </tr> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" + cellspacing="0"> + <tr> + <td align="center" valign="top"><!-- progress bar --> + <table id="progholder" width='420' + style='border-collapse: collapse; border: 1px solid #000000;' + cellpadding='2' cellspacing='2'> + <tr> + <td><img border='0' + src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' + width='280' height='23' name='progressbar' id='progressbar' + alt='' /></td> + </tr> + </table> + <br /> + <!-- status box --> <textarea cols="60" rows="2" name="status" + id="status" wrap="hard"> + <?=gettext("Initializing...");?> + </textarea> <!-- command output box --> <textarea + cols="60" rows="2" name="output" id="output" wrap="hard"> + </textarea></td> + </tr> + </table> + </div> + </td> + </tr> </table> <form> <style type="text/css"> - #footer { -position: relative; -background-color: transparent; -background-repeat: no-repeat; -background-attachment: scroll; -background-position: 0% 0%; -top: -18px; -left: 0px; -width: 810px; -height: 75px; -color: #ffffff; -text-align: center; -font-size: 0.9em; -padding-top: 0px; -margin-bottom: 0px; -clear: both; + position: relative; + background-color: transparent; + background-repeat: no-repeat; + background-attachment: scroll; + background-position: 0% 0%; + top: -18px; + left: 0px; + width: 810px; + height: 75px; + color: #ffffff; + text-align: center; + font-size: 0.9em; + padding-top: 0px; + margin-bottom: 0px; + clear: both; } - </style> -<?php include("fend.inc");?> - -<?php +<?php include("fend.inc");?> <?php /* Start of code */ /* Begin main code */ @@ -196,8 +187,8 @@ conf_mount_rw(); /* remove old $tmpfname files */ if (file_exists("{$tmpfname}")) { - update_status(gettext("Removing old tmp files...")); - exec("/bin/rm -r {$tmpfname}"); + update_status(gettext("Removing old tmp files...")); + exec("/bin/rm -r {$tmpfname}"); apc_clear_cache(); } @@ -213,9 +204,9 @@ conf_mount_rw(); /* If tmp dir does not exist create it */ if (file_exists($tmpfname)) { - update_status(gettext("The directory tmp exists...")); + update_status(gettext("The directory tmp exists...")); } else { - mkdir("{$tmpfname}", 700); + mkdir("{$tmpfname}", 700); } /* unhide progress bar and lets end this party */ @@ -227,12 +218,12 @@ unhide_progress_bar_status(); if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename_md5}") && - filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { + filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { update_status(gettext("snort.org md5 temp file exists...")); } else { update_status(gettext("Downloading snort.org md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - + //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); $image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}"); $f = fopen("{$tmpfname}/{$snort_filename_md5}", 'w'); @@ -245,28 +236,28 @@ if ($snortdownload == 'on') /* download md5 sig from emergingthreats.net */ if ($emergingthreats == "on") { - update_status(gettext("Downloading emergingthreats md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done downloading emergingthreats md5")); + update_status(gettext("Downloading emergingthreats md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); + $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); + $f = fopen("{$tmpfname}/version.txt", 'w'); + fwrite($f, $image); + fclose($f); + update_status(gettext("Done downloading emergingthreats md5")); } /* download md5 sig from pfsense.org */ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("pfsense md5 temp file exists...")); + update_status(gettext("pfsense md5 temp file exists...")); } else { - update_status(gettext("Downloading pfsense md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + update_status(gettext("Downloading pfsense md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); //$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5"); - $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); - $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done downloading pfsense md5.")); + $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5"); + $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); + fwrite($f, $image); + fclose($f); + update_status(gettext("Done downloading pfsense md5.")); } /* If md5 file is empty wait 15min exit */ @@ -279,9 +270,9 @@ if ($snortdownload == 'on') hide_progress_bar_status(); /* Display last time of sucsessful md5 check from cache */ echo "\n\n</body>\n</html>\n"; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); exit(0); } } @@ -290,15 +281,15 @@ conf_mount_ro(); /* If pfsense md5 file is empty wait 15min exit */ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ - update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); - update_output_window(gettext("Rules are released to support Pfsense packages.")); - hide_progress_bar_status(); - /* Display last time of sucsessful md5 check from cache */ - echo "\n\n</body>\n</html>\n"; -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); + update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes...")); + update_output_window(gettext("Rules are released to support Pfsense packages.")); + hide_progress_bar_status(); + /* Display last time of sucsessful md5 check from cache */ + echo "\n\n</body>\n</html>\n"; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } /* Check if were up to date snort.org */ @@ -318,8 +309,8 @@ if ($snortdownload == 'on') update_status(gettext("Your rules are up to date...")); update_output_window(gettext("You may start Snort now, check update.")); hide_progress_bar_status(); - echo "\n\n</body>\n</html>\n"; - $snort_md5_check_ok = on; + echo "\n\n</body>\n</html>\n"; + $snort_md5_check_ok = on; } } } @@ -337,31 +328,31 @@ if ($emergingthreats == "on") // Will cause switch back to read-only on nanobsd write_config(); conf_mount_rw(); - if ($emerg_md5_check_new == $emerg_md5_check_old) + if ($emerg_md5_check_new == $emerg_md5_check_old) { - hide_progress_bar_status(); - $emerg_md5_check_ok = on; + hide_progress_bar_status(); + $emerg_md5_check_ok = on; } } } /* Check if were up to date pfsense.org */ - if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) +if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) +{ + $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + // Will cause switch back to read-only on nanobsd + write_config(); + conf_mount_rw(); + if ($pfsense_md5_check_new == $pfsense_md5_check_old) { - $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; - $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); - $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; - /* Write out time of last sucsessful md5 to cache */ - // Will cause switch back to read-only on nanobsd - write_config(); - conf_mount_rw(); - if ($pfsense_md5_check_new == $pfsense_md5_check_old) - { - hide_progress_bar_status(); - $pfsense_md5_check_ok = on; - } + hide_progress_bar_status(); + $pfsense_md5_check_ok = on; } +} /* Check if were up to date is so, exit */ /* WARNING This code needs constant checks */ @@ -369,12 +360,12 @@ if ($snortdownload == 'on' && $emergingthreats == 'on') { if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on') { - update_status(gettext("All your rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); + update_status(gettext("All your rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } @@ -382,12 +373,12 @@ if ($snortdownload == 'on' && $emergingthreats == 'off') { if ($snort_md5_check_ok == 'on') { - update_status(gettext("Your snort.org rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); + update_status(gettext("Your snort.org rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } @@ -395,15 +386,15 @@ if ($snortdownload == 'off' && $emergingthreats == 'on') { if ($emerg_md5_check_ok == 'on') { - update_status(gettext("Your Emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); + update_status(gettext("Your Emergingthreats rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } - + /* You are Not Up to date, always stop snort when updating rules for low end machines */; update_status(gettext("You are NOT up to date...")); update_output_window(gettext("Stopping Snort service...")); @@ -418,62 +409,62 @@ if ($chk_if_snort_up != "") { if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); - } else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - conf_mount_rw(); - //snort_download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - snort_download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - - update_output_window(gettext("Snort rules file downloaded failed...")); -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); - } + if (file_exists("{$tmpfname}/{$snort_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + unhide_progress_bar_status(); + update_status(gettext("There is a new set of Snort.org rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + conf_mount_rw(); + //snort_download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + snort_download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + if (150000 > filesize("{$tmpfname}/$snort_filename")){ + update_status(gettext("Error with the snort rules download...")); + + update_output_window(gettext("Snort rules file downloaded failed...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } } } } - + /* download emergingthreats rules file */ -if ($emergingthreats == "on") +if ($emergingthreats == "on") { if ($emerg_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) - { - update_status(gettext("Emergingthreats tar file exists...")); - }else{ - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading Emergingthreats rules file.")); + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext("Emergingthreats tar file exists...")); + }else{ + update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); + download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); + update_all_status($static_output); + update_status(gettext("Done downloading Emergingthreats rules file.")); } } } /* download pfsense rules file */ if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Snortrule tar file exists...")); -} else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); - // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - } + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + unhide_progress_bar_status(); + update_status(gettext("There is a new set of Pfsense rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); + // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); + download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + } } /* Compair md5 sig to file sig */ @@ -508,33 +499,33 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/{$snort_filename}")) { - - if ($pfsense_stable == 'yes') - { - $freebsd_version_so = 'FreeBSD-7-2'; - }else{ - $freebsd_version_so = 'FreeBSD-8-0'; - } - - update_status(gettext("Extracting Snort.org rules...")); - update_output_window(gettext("May take a while...")); - /* extract snort.org rules and add prefix to all snort.org files*/ - exec("/bin/rm -r {$snortdir}/rules"); - sleep(2); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - chdir ("/usr/local/etc/snort/rules"); - sleep(2); - exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); - - /* extract so rules on for x86 for now */ - /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */ - if($snort_arch == 'x86'){ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/"); - exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); - exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/"); - /* extract so rules none bin and rename */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . + if (file_exists("{$tmpfname}/{$snort_filename}")) { + + if ($pfsense_stable == 'yes') + { + $freebsd_version_so = 'FreeBSD-7-2'; + }else{ + $freebsd_version_so = 'FreeBSD-8-0'; + } + + update_status(gettext("Extracting Snort.org rules...")); + update_output_window(gettext("May take a while...")); + /* extract snort.org rules and add prefix to all snort.org files*/ + exec("/bin/rm -r {$snortdir}/rules"); + sleep(2); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); + chdir ("/usr/local/etc/snort/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + + /* extract so rules on for x86 for now */ + /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */ + if($snort_arch == 'x86'){ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/"); + exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/'); + exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/"); + /* extract so rules none bin and rename */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" . " so_rules/chat.rules/" . " so_rules/dos.rules/" . " so_rules/exploit.rules/" . @@ -551,40 +542,40 @@ if ($snortdownload == 'on') " so_rules/web-client.rules/" . " so_rules/web-iis.rules/" . " so_rules/web-misc.rules/"); - - exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); - exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - } - - /* extract base etc files */ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - - update_status(gettext("Done extracting Snort.org Rules.")); - }else{ - update_status(gettext("Error extracting Snort.org Rules...")); - update_output_window(gettext("Error Line 755")); -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); + + exec("/bin/mv -f {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/icmp.rules {$snortdir}/rules/snort_icmp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/mv -f {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/snort_web-misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + } + + /* extract base etc files */ + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); + exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + + update_status(gettext("Done extracting Snort.org Rules.")); + }else{ + update_status(gettext("Error extracting Snort.org Rules...")); + update_output_window(gettext("Error Line 755")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } } @@ -605,48 +596,48 @@ if ($emergingthreats == "on") /* Untar Pfsense rules to tmp */ if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { - update_status(gettext("Extracting Pfsense rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); - } + if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { + update_status(gettext("Extracting Pfsense rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/"); + } } /* Untar snort signatures */ if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; -if ($premium_url_chk == on) { - update_status(gettext("Extracting Signatures...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); - update_status(gettext("Done extracting Signatures.")); - } - } + if (file_exists("{$tmpfname}/{$snort_filename}")) { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == on) { + update_status(gettext("Extracting Signatures...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/"); + update_status(gettext("Done extracting Signatures.")); + } + } } /* Copy md5 sig to snort dir */ if ($snortdownload == 'on') { if ($snort_md5_check_ok != on) { - if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); - }else{ - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - echo "</body>"; - echo "</html>"; - conf_mount_ro(); - exit(0); + if (file_exists("{$tmpfname}/$snort_filename_md5")) { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + }else{ + update_status(gettext("The md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } -} - +} + /* Copy emergingthreats md5 sig to snort dir */ if ($emergingthreats == "on") { - if ($emerg_md5_check_ok != on) + if ($emerg_md5_check_ok != on) { if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { @@ -659,25 +650,25 @@ if ($emergingthreats == "on") echo "</html>"; conf_mount_ro(); exit(0); - } + } } } /* Copy Pfsense md5 sig to snort dir */ if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); + if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { + update_status(gettext("Copying Pfsense md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); + } else { + update_status(gettext("The Pfsense md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); echo "</body>"; echo "</html>"; conf_mount_ro(); exit(0); - } + } } - + /* Copy signatures dir to snort dir */ if ($snortdownload == 'on') { @@ -687,18 +678,18 @@ if ($snortdownload == 'on') if ($premium_url_chk == on) { if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); - }else{ - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); -echo "</body>"; -echo "</html>"; -conf_mount_ro(); - exit(0); + update_status(gettext("Copying signatures...")); + update_output_window(gettext("May take a while...")); + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + exec("/bin/rm -r {$snortdir}/doc/signatures"); + update_status(gettext("Done copying signatures.")); + }else{ + update_status(gettext("Directory signatures exist...")); + update_output_window(gettext("Error copying signature...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } } @@ -738,28 +729,28 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r function oinkmaster_conf($id, $if_real, $iface_uuid) { - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - conf_mount_rw(); - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); -if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } + /* enable disable setting will carry over with updates */ + /* TODO carry signature changes with the updates */ + if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { -$snort_sid_text = <<<EOD + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { + $enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; + $enabled_sid_on_array = split('\|\|', $enabled_sid_on); + foreach($enabled_sid_on_array as $enabled_item_on) + $selected_sid_on_sections .= "$enabled_item_on\n"; + } + + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + $enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; + $enabled_sid_off_array = split('\|\|', $enabled_sid_off); + foreach($enabled_sid_off_array as $enabled_item_off) + $selected_sid_off_sections .= "$enabled_item_off\n"; + } + + $snort_sid_text = <<<EOD ########################################### # # @@ -779,13 +770,13 @@ $selected_sid_off_sections EOD; - /* open snort's oinkmaster.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); +/* open snort's oinkmaster.conf for writing */ +$oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); - fwrite($oinkmasterlist, "$snort_sid_text"); +fwrite($oinkmasterlist, "$snort_sid_text"); - /* close snort's oinkmaster.conf file */ - fclose($oinkmasterlist); +/* close snort's oinkmaster.conf file */ +fclose($oinkmasterlist); } } @@ -796,44 +787,44 @@ EOD; function oinkmaster_run($id, $if_real, $iface_uuid) { - global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; - conf_mount_rw(); + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + update_status(gettext("Your first set of rules are being copied...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); }else{ - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); - - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); + update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); /* TODO: Remove this code when x64 so rules are ready */ if($snort_arch == 'x64'){ exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules"); } - + } } } @@ -848,17 +839,17 @@ if (!empty($config['installedpackages']['snortglobal']['rule'])) $id = -1; foreach ($rule_array as $value) { - $id += 1; + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf($id, $if_real, $iface_uuid); - /* make oinkmaster.conf for each interface rule */ - oinkmaster_conf($id, $if_real, $iface_uuid); - - /* run oinkmaster for each interface rule */ - oinkmaster_run($id, $if_real, $iface_uuid); + /* run oinkmaster for each interface rule */ + oinkmaster_run($id, $if_real, $iface_uuid); } } @@ -899,69 +890,67 @@ if (file_exists("/tmp/snort_download_halt.pid")) { update_output_window(gettext("Snort has restarted with your new set of rules...")); exec("/bin/rm /tmp/snort_download_halt.pid"); } else { - update_status(gettext("The Rules update finished...")); - update_output_window(gettext("You may start snort now...")); + update_status(gettext("The Rules update finished...")); + update_output_window(gettext("You may start snort now...")); } /* hide progress bar and lets end this party */ hide_progress_bar_status(); conf_mount_ro(); -?> - -<?php +?> <?php function read_body_firmware($ch, $string) { - global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - $a = $file_size; - $b = $downloaded; - $c = $downloadProgress; - $text = " Snort download in progress\\n"; - $text .= "----------------------------------------------------\\n"; - $text .= " Downloaded : {$b}\\n"; - $text .= "----------------------------------------------------\\n"; - $counter++; - if($counter > 150) { - update_output_window($text); - update_progress_bar($downloadProgress); - flush(); - $counter = 0; - } - fwrite($fout, $string); - return $length; + global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + $a = $file_size; + $b = $downloaded; + $c = $downloadProgress; + $text = " Snort download in progress\\n"; + $text .= "----------------------------------------------------\\n"; + $text .= " Downloaded : {$b}\\n"; + $text .= "----------------------------------------------------\\n"; + $counter++; + if($counter > 150) { + update_output_window($text); + update_progress_bar($downloadProgress); + flush(); + $counter = 0; + } + fwrite($fout, $string); + return $length; } function snort_download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { - global $ch, $fout, $file_size, $downloaded; - $file_size = 1; - $downloaded = 1; - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; + global $ch, $fout, $file_size, $downloaded; + $file_size = 1; + $downloaded = 1; + /* open destination file */ + $fout = fopen($destination_file, "wb"); + + /* + * Originally by Author: Keyvan Minoukadeh + * Modified by Scott Ullrich to return Content-Length size + */ + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); + curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if($fout) + fclose($fout); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; } ?> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index d87f905f..0d9822bc 100644 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -1,36 +1,36 @@ <?php
/* $Id$ */
/*
- halt.php
- part of pfSense
- Copyright (C) 2004 Scott Ullrich
- All rights reserved.
-
- part of m0n0wall as reboot.php (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
+ halt.php
+ part of pfSense
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ part of m0n0wall as reboot.php (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
@@ -41,59 +41,59 @@ $snort_load_jquery = 'yes'; $snort_load_jquery_colorbox = 'yes';
- /* quick md5s chk */
- if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'))
- {
- $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5');
- }else{
- $snort_org_sig_chk_local = 'N/A';
- }
-
- if(file_exists('/usr/local/etc/snort/version.txt'))
- {
- $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt');
- }else{
- $emergingt_net_sig_chk_local = 'N/A';
- }
-
- if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
- {
- $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
- }else{
- $pfsense_org_sig_chk_local = 'N/A';
- }
+/* quick md5s chk */
+if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'))
+{
+ $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5');
+}else{
+ $snort_org_sig_chk_local = 'N/A';
+}
+
+if(file_exists('/usr/local/etc/snort/version.txt'))
+{
+ $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt');
+}else{
+ $emergingt_net_sig_chk_local = 'N/A';
+}
+
+if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5'))
+{
+ $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5');
+}else{
+ $pfsense_org_sig_chk_local = 'N/A';
+}
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-
- if ($snortdownload != 'on' && $emergingthreats != 'on')
- {
- $snort_emrging_info = 'stop';
- }
-
- if ($oinkid == '' && $snortdownload != 'off')
- {
- $snort_oinkid_info = 'stop';
- }
-
- if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') {
- $error_stop = 'true';
- }
-
-
- /* check if main rule directory is empty */
- $if_mrule_dir = "/usr/local/etc/snort/rules";
- $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
-
- /* check for logfile */
- if(file_exists('/usr/local/etc/snort/snort_update.log'))
- {
- $update_logfile_chk = 'yes';
- }else{
- $update_logfile_chk = 'no';
- }
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload != 'on' && $emergingthreats != 'on')
+{
+ $snort_emrging_info = 'stop';
+}
+
+if ($oinkid == '' && $snortdownload != 'off')
+{
+ $snort_oinkid_info = 'stop';
+}
+
+if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') {
+ $error_stop = 'true';
+}
+
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+/* check for logfile */
+if(file_exists('/usr/local/etc/snort/snort_update.log'))
+{
+ $update_logfile_chk = 'yes';
+}else{
+ $update_logfile_chk = 'no';
+}
header("snort_help_info.php");
header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
@@ -107,9 +107,10 @@ include_once("/usr/local/pkg/snort/snort_head.inc"); ?>
-<body link="#000000" vlink="#000000" alink="#000000">
+<body
+ link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -125,248 +126,273 @@ echo "$snort_interfaces_css\n"; <?php include("fbegin.inc"); ?>
-<div class="body2">
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<div class="snorttabs" style="margin:1px 10px; width:760px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li class="snorttabs_active"><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php?id_d=up"><span>Help</span></a></li>
- </ul>
-</div>
+ <tr>
+ <td>
+
+ <div class="snorttabs" style="margin: 1px 10px; width: 760px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php?id_d=up"><span>Help</span></a></li>
+ </ul>
+ </div>
- </td>
-</tr>
+ </td>
+ </tr>
- <tr>
- <td>
+ <tr>
+ <td>
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
- <li class="snorttabs_active"><a href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li>
- <li><a href="#"><span>Upload Custom Rules</span></a></li>
- <li><a href="#"><span>Gui Update</span></a></li>
+ <li class="snorttabs_active"><a
+ href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li>
+ <li><a href="#"><span>Upload Custom Rules</span></a></li>
+ <li><a href="#"><span>Gui Update</span></a></li>
- </ul>
-</div>
+ </ul>
+ </div>
- </td>
-</tr>
+ </td>
+ </tr>
- <tr>
- <td>
+ <tr>
+ <td>
<div id="mainarea3">
- <table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<!-- grey line -->
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#dddddd'>
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style="background-color:#eeeeee">
- <div height="32" width="725px" style="background-color:#eeeeee">
-
- <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br><br>
- <p style="text-align:left; margin-left:225px;"><font color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br>
- <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br></p>
-
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<!-- grey line -->
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#eeeeee'>
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color:#eeeeee'>
- <div height="32" width="725px" style='background-color:#eeeeee'>
-
- <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br><br>
-
-<?php
-
- if ($error_stop == 'true') {
-
- echo '
+ <table id="maintable4" class="tabcont" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
+ <tr>
+ <td><!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #dddddd'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style="background-color: #eeeeee">
+ <div height="32" width="725px" style="background-color: #eeeeee">
+
+ <font color="#777777" size="1.5px"><b>INSTALLED SIGNATURE RULESET</b></font><br>
+ <br>
+ <p style="text-align: left; margin-left: 225px;"><font
+ color="#FF850A" size="1px"><b>SNORT.ORG >>></b></font><font
+ size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET >>></b></font><font
+ size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br>
+ <font color="#FF850A" size="1px"><b>PFSENSE.ORG >>></b></font><font
+ size="1px" color="#000000"> <? echo $pfsense_org_sig_chk_local; ?></font><br>
+ </p>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <!-- grey line -->
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
+ <br>
+
+ <?php
+
+ if ($error_stop == 'true') {
+
+ echo '
<button class="sexybutton disabled" disabled="disabled" href="/snort/snort_download_rules.php?$id_d=up"><span class="download">Update Rules </span></button><br>
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> No rule types have been selected for download. "Global Settings Tab"</font><br>
';
-
- if ($mfolder_chk == 'empty') {
-
- echo '
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>
' . "\n";
- }
-
- echo '</p>' . "\n";
-
- }else{
-
- echo '
+ }
+
+ echo '</p>' . "\n";
+
+ }else{
+
+ echo '
<button class="sexybutton sexysimple example7" href="/snort/snort_download_rules.php?$id_d=up"><span class="download">Update Rules </span></button>
' . "\n";
-
- if ($mfolder_chk == 'empty') {
-
- echo '
+
+ if ($mfolder_chk == 'empty') {
+
+ echo '
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000"> The main rules directory is empty. /usr/local/etc/snort/rules</font>
</p>
';
- }
-
- }
+ }
- ?>
-
- <br>
-
- </div>
- </td>
- </tr>
-</table>
-
-<br>
+ }
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color:#eeeeee'>
- <div height="32" width="725px" style='background-color:#eeeeee'>
+ ?> <br>
- <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br><br>
-
- <?php
+ </div>
+ </td>
+ </tr>
+ </table>
- if ($update_logfile_chk == 'yes') {
- echo '
- <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
- }else{
- echo '
- <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
- }
-
- ?>
- <br><br>
-
- </div>
- </td>
- </tr>
-</table>
-
-<br>
-
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#eeeeee'>
- </div>
- </td>
- </tr>
-</table>
+ <br>
-<br>
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
-<table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color:#eeeeee'>
- <div height="32" width="725px" style='background-color:#eeeeee'>
+ <font color='#777777' size='1.5px'><b>VIEW UPDATE LOG</b></font><br>
+ <br>
- <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32">
- <font color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px' color='#000000'> Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>
-
- </div>
- </td>
- </tr>
-</table>
+ <?php
-<br>
+ if ($update_logfile_chk == 'yes') {
+ echo '
+ <button class="sexybutton sexysimple example9" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
+ }else{
+ echo '
+ <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_rules_edit.php?openruleset=/usr/local/etc/snort/snort_update.log"><span class="pwhitetxt">Update Log </span></button>' . "\n";
+ }
+
+ ?> <br>
+ <br>
+
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table id="download_rules" height="32px" width="725px" border="0"
+ cellpadding="5px" cellspacing="0">
+ <tr>
+ <td id="download_rules_td" style='background-color: #eeeeee'>
+ <div height="32" width="725px" style='background-color: #eeeeee'>
+
+ <img style='vertical-align: middle'
+ src="/snort/images/icon_excli.png" width="40" height="32"> <font
+ color='#FF850A' size='1px'><b>NOTE:</b></font><font size='1px'
+ color='#000000'> Snort.org and Emergingthreats.net
+ will go down from time to time. Please be patient.</font></div>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table height="12px" width="725px" border="0" cellpadding="5px"
+ cellspacing="0">
+ <tr>
+ <td style='background-color: #eeeeee'>
+ <div height="12px" width="725px" style='background-color: #eeeeee'>
+ </div>
+ </td>
+ </tr>
+ </table>
-<table height="12px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td style='background-color:#eeeeee'>
- <div height="12px" width="725px" style='background-color:#eeeeee'>
- </div>
- </td>
- </tr>
-</table>
-
</td>
- </tr>
- </table>
+ </tr>
+ </table>
</div>
-<br>
- </td>
- </tr>
-</table> <!-- end of final table -->
-</div>
+ <br>
+ </td>
+ </tr>
+</table>
+<!-- end of final table --></div>
+
+ <?php //include("fend.inc"); ?>
-<?php //include("fend.inc"); ?>
-
- </div> <!-- Right DIV -->
- </div> <!-- Content DIV -->
- <div id="footer">
- <a target="_blank" href="<?=$g['product_website_footer']?>" class="redlnk"><?=$g['product_name']?></a> is ©
- <?=$g['product_copyright_years']?> by <a href="<?=$g['product_copyright_url']?>" class="tblnk"><?=$g['product_copyright']?></a>. All Rights Reserved.
- [<a href="/license.php" class="tblnk">view license</a>]
- <br/>
- [<a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a>]
- </div> <!-- Footer DIV -->
-</div> <!-- Wrapper Div -->
-<script type="text/javascript" src="/themes/<?php echo $g['theme']; ?>/bottom-loader.js"></script>
+</div>
+<!-- Right DIV -->
+</div>
+<!-- Content DIV -->
+<div id="footer"><a target="_blank"
+ href="<?=$g['product_website_footer']?>" class="redlnk"><?=$g['product_name']?></a>
+is © <?=$g['product_copyright_years']?> by <a
+ href="<?=$g['product_copyright_url']?>" class="tblnk"><?=$g['product_copyright']?></a>.
+All Rights Reserved. [<a href="/license.php" class="tblnk">view license</a>]
+<br />
+[<a target="_blank" href="https://portal.pfsense.org/?guilead=true"
+ class="tblnk">Commercial Support Available</a>]</div>
+<!-- Footer DIV -->
+</div>
+<!-- Wrapper Div -->
+<script type="text/javascript"
+ src="/themes/<?php echo $g['theme']; ?>/bottom-loader.js"></script>
<?php echo "$snort_custom_rnd_box\n"; ?>
diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php index 615302e8..94004b94 100644 --- a/config/snort/snort_dynamic_ip_reload.php +++ b/config/snort/snort_dynamic_ip_reload.php @@ -2,31 +2,31 @@ /* $Id$ */ /* - snort_dynamic_ip_reload.php - Copyright (C) 2009 Robert Zeleya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_dynamic_ip_reload.php + Copyright (C) 2009 Robert Zeleya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ /* NOTE: this file gets included from the pfSense filter.inc plugin process */ /* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ diff --git a/config/snort/snort_gui.inc b/config/snort/snort_gui.inc index 66f9c148..d2fd4e30 100644 --- a/config/snort/snort_gui.inc +++ b/config/snort/snort_gui.inc @@ -1,33 +1,33 @@ <?php /* $Id$ */ /* - snort.inc - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2006 Robert Zelaya - part of pfSense - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort.inc + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2006 Robert Zelaya + part of pfSense + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ include_once("/usr/local/pkg/snort/snort.inc"); diff --git a/config/snort/snort_head.inc b/config/snort/snort_head.inc index 9e009016..70dece63 100644 --- a/config/snort/snort_head.inc +++ b/config/snort/snort_head.inc @@ -1,16 +1,16 @@ <?php
/*
- pfSense_MODULE: header
-*/
+ pfSense_MODULE: header
+ */
-/*
+/*
* if user has selected a custom template, use it.
* otherwise default to pfsense tempalte
*/
if($config['theme'] <> "")
- $g['theme'] = $config['theme'];
+$g['theme'] = $config['theme'];
else
- $g['theme'] = "pfsense";
+$g['theme'] = "pfsense";
/*
* If this device is an apple ipod/iphone
@@ -18,8 +18,8 @@ else */
$apple_ua = array("iPhone","iPod", "iPad");
foreach($apple_ua as $useragent)
- if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
- $g['theme'] = "pfsense";
+if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
+$g['theme'] = "pfsense";
$pagetitle = gentitle( $pgtitle );
@@ -28,80 +28,86 @@ $pagetitle = gentitle( $pgtitle ); "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
- <title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <link rel="apple-touch-icon" href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png"/>
- <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
- file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
- <?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?>
- <?php else: ?>
- <link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css" media="all" />
- <?php endif; ?>
- <link rel="stylesheet" type="text/css" href="../niftycssCode.css">
- <link rel="stylesheet" type="text/css" href="../niftycssprintCode.css" media="print">
-
- <link rel="stylesheet" type="text/css" href="./css/new_tab_menu.css" media="all">
- <link rel="stylesheet" type="text/css" href="./css/sexybuttons.css" media="all"/>
- <link rel="stylesheet" type="text/css" href="./css/colorbox.css" media="all"/>
- <link rel="stylesheet" type="text/css" href="./css/style.css" media="all"/>
-
-
- <script type="text/javascript" src="../javascript/niftyjsCode.js"></script>
- <script type="text/javascript">
+<title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+<link rel="apple-touch-icon"
+ href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png" />
+<?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
+file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
+<?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?>
+<?php else: ?>
+<link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css"
+ media="all" />
+<?php endif; ?>
+<link rel="stylesheet" type="text/css" href="../niftycssCode.css">
+<link rel="stylesheet" type="text/css" href="../niftycssprintCode.css"
+ media="print">
+
+<link rel="stylesheet" type="text/css" href="./css/new_tab_menu.css"
+ media="all">
+<link rel="stylesheet" type="text/css" href="./css/sexybuttons.css"
+ media="all" />
+<link rel="stylesheet" type="text/css" href="./css/colorbox.css"
+ media="all" />
+<link rel="stylesheet" type="text/css" href="./css/style.css"
+ media="all" />
+
+
+<script type="text/javascript" src="../javascript/niftyjsCode.js"></script>
+<script type="text/javascript">
var theme = "<?php echo $g['theme']; ?>";
- </script>
- <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?>
+ </script> <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?>
<?php
- if($_GET['enablefirebuglite']) {
- echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n";
- echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n";
- }
-
- /* only load javascript that you need, jquery and prototype dont play together */
- //if ($snort_load_jquery == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery-1.4.2.min.js\"></script>\n";
- //}
- //if ($snort_load_jquery_colorbox == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery.colorbox.js\"></script>\n";
- echo "\t<script type=\"text/javascript\" src=\"/javascript/sorttable.js\"></script>\n";
- //}
- if ($snort_load_mootools == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/mootools.js\"></script>\n";
- }
- if ($snort_load_sortabletable == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/sortableTable.js\"></script>\n";
- }
-
- /* some pfsense commercial versions require prototype to be in every tab on the GUI, for custom logos */
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/prototype.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/prototype.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/scriptaculous.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/effects.js\"></script>\n";
- // echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/dragdrop.js\"></script>\n";
-
- if(file_exists("{$g['www_path']}/javascript/global.js"))
- echo "\t<script type=\"text/javascript\" src=\"../javascript/global.js\"></script>\n";
- /*
- * Find all javascript files that need to be included
- * for this page ... from the arrays ... :)
- * Coded by: Erik Kristensen
- */
+if($_GET['enablefirebuglite']) {
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n";
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n";
+}
+
+/* only load javascript that you need, jquery and prototype dont play together */
+//if ($snort_load_jquery == 'yes') {
+echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery-1.4.2.min.js\"></script>\n";
+//}
+//if ($snort_load_jquery_colorbox == 'yes') {
+echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery.colorbox.js\"></script>\n";
+echo "\t<script type=\"text/javascript\" src=\"/javascript/sorttable.js\"></script>\n";
+//}
+if ($snort_load_mootools == 'yes') {
+ echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/mootools.js\"></script>\n";
+}
+if ($snort_load_sortabletable == 'yes') {
+ echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/sortableTable.js\"></script>\n";
+}
+
+/* some pfsense commercial versions require prototype to be in every tab on the GUI, for custom logos */
+echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/prototype.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/prototype.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/scriptaculous.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/effects.js\"></script>\n";
+// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/dragdrop.js\"></script>\n";
+
+if(file_exists("{$g['www_path']}/javascript/global.js"))
+echo "\t<script type=\"text/javascript\" src=\"../javascript/global.js\"></script>\n";
+/*
+ * Find all javascript files that need to be included
+ * for this page ... from the arrays ... :)
+ * Coded by: Erik Kristensen
+ */
- $dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php');
- $path = "{$g['www_path']}/javascript/" . $dir . "/";
- if (is_dir($path)) {
- if ($dh = opendir($path)) {
- while (($file = readdir($dh)) !== false) {
- if (is_dir($file))
- continue;
- echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n";
- }
- closedir($dh);
+$dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php');
+$path = "{$g['www_path']}/javascript/" . $dir . "/";
+if (is_dir($path)) {
+ if ($dh = opendir($path)) {
+ while (($file = readdir($dh)) !== false) {
+ if (is_dir($file))
+ continue;
+ echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n";
}
+ closedir($dh);
}
+}
if (!isset($closehead))
- echo "</head>";
+echo "</head>";
/* If this page is being remotely managed then do not allow the loading of the contents. */
if($config['remote_managed_pages']['item']) {
@@ -112,7 +118,7 @@ if($config['remote_managed_pages']['item']) { include("fend.inc");
exit;
}
- }
+ }
}
?>
\ No newline at end of file diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index eae518dd..6fe08c17 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -2,31 +2,31 @@ /* $Id$ */
/*
- originally part of m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+originally part of m0n0wall (http://m0n0.ch/wall)
+Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+Copyright (C) 2008-2009 Robert Zelaya.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
*/
/* TODO: redo check if snort is up */
@@ -37,65 +37,65 @@ require_once("/usr/local/pkg/snort/snort.inc"); $id = $_GET['id'];
if (isset($_POST['id']))
- $id = $_POST['id'];
+$id = $_POST['id'];
if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
+$config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
if (isset($config['installedpackages']['snortglobal']['rule'])) {
-$id_gen = count($config['installedpackages']['snortglobal']['rule']);
+ $id_gen = count($config['installedpackages']['snortglobal']['rule']);
}else{
-$id_gen = '0';
+ $id_gen = '0';
}
/* alert file */
$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty');
-
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if ($d_snortconfdirty_path_ls != '') {
+
+/* this will exec when alert says apply */
+if ($_POST['apply']) {
+
+ if ($d_snortconfdirty_path_ls != '') {
- write_config();
+ write_config();
- sync_snort_package_empty();
- sync_snort_package();
+ sync_snort_package_empty();
+ sync_snort_package();
- exec('/bin/rm /var/run/snort_conf_*.dirty');
+ exec('/bin/rm /var/run/snort_conf_*.dirty');
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- sleep(2);
- header("Location: /snort/snort_interfaces.php");
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ sleep(2);
+ header("Location: /snort/snort_interfaces.php");
- exit;
+ exit;
- }
-
}
-
-
-
+
+}
+
+
+
if (isset($_POST['del_x'])) {
- /* delete selected rules */
- if (is_array($_POST['rule']) && count($_POST['rule'])) {
- foreach ($_POST['rule'] as $rulei) {
-
+ /* delete selected rules */
+ if (is_array($_POST['rule']) && count($_POST['rule'])) {
+ foreach ($_POST['rule'] as $rulei) {
+
/* convert fake interfaces to real */
$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
/* cool code to check if any snort is up */
$snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q");
-
+
if ($snort_up_ck != "")
{
-
+
$start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'");
$start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
$start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'");
@@ -103,92 +103,92 @@ if (isset($_POST['del_x'])) { $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid");
$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'");
-
+
if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "")
{
-
- /* dont flood the syslog code */
- //exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
- //sleep(3);
-
-
+
+ /* dont flood the syslog code */
+ //exec("/bin/cp /var/log/system.log /var/log/system.log.bk");
+ //sleep(3);
+
+
/* remove only running instances */
if ($start_up_s != "")
- {
- exec("/bin/kill {$start_up_s}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
+ {
+ exec("/bin/kill {$start_up_s}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
if ($start2_upb_s != "")
- {
- exec("/bin/kill {$start2_upb_s}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
-
+ {
+ exec("/bin/kill {$start2_upb_s}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
+
if ($start_up_r != "")
- {
- exec("/bin/kill {$start_up_r}");
- exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
- }
-
+ {
+ exec("/bin/kill {$start_up_r}");
+ exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*");
+ }
+
if ($start2_upb_r != "")
- {
- exec("/bin/kill {$start2_upb_r}");
- exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
- }
+ {
+ exec("/bin/kill {$start2_upb_r}");
+ exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*");
+ }
+
+ /* stop syslog flood code */
+ //$if_real_wan_rulei = $a_nat[$rulei]['interface'];
+ //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
+ //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
+ //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
+ //exec("/usr/bin/killall syslogd");
+ //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+ //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
+ //sleep(2);
+ //exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
+ //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
+ //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");
+ //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
- /* stop syslog flood code */
- //$if_real_wan_rulei = $a_nat[$rulei]['interface'];
- //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
- //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
- //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
- //exec("/usr/bin/killall syslogd");
- //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
- //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf");
- //sleep(2);
- //exec("/bin/cp /var/log/system.log.bk /var/log/system.log");
- //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'");
- //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'");
- //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'");
-
}
-
+
}
-
+
/* for every iface do these steps */
- conf_mount_rw();
+ conf_mount_rw();
exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*");
exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
-
+
conf_mount_ro();
-
+
unset($a_nat[$rulei]);
-
- }
-
- write_config();
- sleep(2);
-
- /* if there are no ifaces do not create snort.sh */
- if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) {
- create_snort_sh();
- }else{
- conf_mount_rw();
- exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
- conf_mount_ro();
- }
-
- //touch("/var/run/snort_conf_delete.dirty");
-
+
+ }
+
+ write_config();
+ sleep(2);
+
+ /* if there are no ifaces do not create snort.sh */
+ if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) {
+ create_snort_sh();
+ }else{
+ conf_mount_rw();
+ exec('/bin/rm /usr/local/etc/rc.d/snort.sh');
+ conf_mount_ro();
+ }
+
+ //touch("/var/run/snort_conf_delete.dirty");
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
sleep(2);
- header("Location: /snort/snort_interfaces.php");
- //exit;
+ header("Location: /snort/snort_interfaces.php");
+ //exit;
}
}
@@ -201,13 +201,13 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
- /* Log Iface stop */
- exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
-
+ /* Log Iface stop */
+ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'");
+
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
-
+
if ($tester2 == 'yes') {
-
+
/* Log Iface stop */
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'");
@@ -220,14 +220,14 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') header( 'Pragma: no-cache' );
sleep(2);
header("Location: /snort/snort_interfaces.php");
-
+
}else{
-
+
sync_snort_package_all($id, $if_real, $snort_uuid);
sync_snort_package();
-
+
Running_Start($snort_uuid, $if_real, $id);
-
+
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -246,7 +246,7 @@ include_once("/usr/local/pkg/snort/snort_head.inc"); <body link="#000000" vlink="#000000" alink="#000000">
- <script>
+<script>
jQuery(document).ready(function(){
//Examples of how to assign the ColorBox event to elements
@@ -262,33 +262,36 @@ echo "$snort_interfaces_css\n"; <?php include("fbegin.inc"); ?>
-<div class="body2">
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img
+ src="./images/transparent.gif" border="0"></img></a></div>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
+<noscript>
+<div class="alert" ALIGN=CENTER><img
+ src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please
+enable JavaScript to view this content
+</CENTER></div>
+</noscript>
-<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-
-<?php
+<form action="snort_interfaces_global.php" method="post"
+ enctype="multipart/form-data" name="iform" id="iform"><?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
- print_info_box2($savemsg);
+ print_info_box2($savemsg);
}
//if (file_exists($d_snortconfdirty_path)) {
if ($d_snortconfdirty_path_ls != '') {
- echo '<p>';
+ echo '<p>';
if($savemsg) {
print_info_box_np2("{$savemsg}");
@@ -300,246 +303,283 @@ echo "$snort_interfaces_css\n"; }
}
-?>
+ ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
-<div class="snorttabs" style="margin:1px 0px; width:775px;">
-<!-- Tabbed bar code-->
-<ul class="snorttabs">
- <li class="snorttabs_active"><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
-</div>
-
- </td></tr>
- <tr>
- <td>
- <div id="mainarea2">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
+ <tr>
+ <td>
+
+ <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
+ <ul class="snorttabs">
+ <li class="snorttabs_active"><a href="/snort/snort_interfaces.php"><span>Snort
+ Interfaces</span></a></li>
+ <li><a href="/snort/snort_interfaces_global.php"><span>Global
+ Settings</span></a></li>
+ <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
+ <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
+ <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
+ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
+ <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
+ <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
+ </ul>
+ </div>
+
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <div id="mainarea2">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
<td width="5%" class="list"> </td>
- <td width="1%" class="list"> </td>
- <td width="10%" class="listhdrr">If</td>
- <td width="10%" class="listhdrr">Snort</td>
- <td width="10%" class="listhdrr">Performance</td>
- <td width="10%" class="listhdrr">Block</td>
- <td width="10%" class="listhdrr">Barnyard2</td>
- <td width="50%" class="listhdr">Description</td>
- <td width="3%" class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17"></td>
- <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
- <tr valign="top" id="fr<?=$nnats;?>">
- <?php
+ <td width="1%" class="list"> </td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="10%" class="listhdrr">Snort</td>
+ <td width="10%" class="listhdrr">Performance</td>
+ <td width="10%" class="listhdrr">Block</td>
+ <td width="10%" class="listhdrr">Barnyard2</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="3%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
+ <tr valign="top" id="fr<?=$nnats;?>">
+ <?php
- /* convert fake interfaces to real and check if iface is up */
- /* There has to be a smarter way to do this */
- $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']);
- $snort_uuid = $natent['uuid'];
+ /* convert fake interfaces to real and check if iface is up */
+ /* There has to be a smarter way to do this */
+ $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']);
+ $snort_uuid = $natent['uuid'];
- $tester2 = Running_Ck($snort_uuid, $if_real, $id);
+ $tester2 = Running_Ck($snort_uuid, $if_real, $id);
- if ($tester2 == 'no')
- {
- $iconfn = 'pass';
- $class_color_up = 'listbg';
- }else{
- $class_color_up = 'listbg2';
- $iconfn = 'block';
- }
-
- ?>
- <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
- <td class="listt" align="center"></td>
- <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- if (!$natent['interface'] || ($natent['interface'] == "wan"))
- echo "WAN";
- else if(strtolower($natent['interface']) == "lan")
- echo "LAN";
- else if(strtolower($natent['interface']) == "pppoe")
- echo "PPPoE";
- else if(strtolower($natent['interface']) == "pptp")
- echo "PPTP";
- else
- echo strtoupper($natent['interface']);
- ?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
- if ($check_snort_info == "on")
+ if ($tester2 == 'no')
+ {
+ $iconfn = 'pass';
+ $class_color_up = 'listbg';
+ }else{
+ $class_color_up = 'listbg2';
+ $iconfn = 'block';
+ }
+
+ ?>
+ <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif"
+ width="13" height="13" border="0"
+ title="click to toggle start/stop snort"></a><input type="checkbox"
+ id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>"
+ onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
+ <td class="listt" align="center"></td>
+ <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ echo "WAN";
+ else if(strtolower($natent['interface']) == "lan")
+ echo "LAN";
+ else if(strtolower($natent['interface']) == "pppoe")
+ echo "PPPoE";
+ else if(strtolower($natent['interface']) == "pptp")
+ echo "PPTP";
+ else
+ echo strtoupper($natent['interface']);
+ ?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
+ if ($check_snort_info == "on")
{
- $check_snort = enabled;
+ $check_snort = enabled;
} else {
- $check_snort = disabled;
+ $check_snort = disabled;
}
- ?>
- <?=strtoupper($check_snort);?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
+ ?> <?=strtoupper($check_snort);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance'];
if ($check_performance_info != "") {
$check_performance = $check_performance_info;
}else{
$check_performance = "lowmem";
}
- ?>
- <?=strtoupper($check_performance);?>
- </td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
- if ($check_blockoffenders_info == "on")
+ ?> <?=strtoupper($check_performance);?></td>
+ <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7'];
+ if ($check_blockoffenders_info == "on")
{
- $check_blockoffenders = enabled;
+ $check_blockoffenders = enabled;
} else {
- $check_blockoffenders = disabled;
+ $check_blockoffenders = disabled;
}
- ?>
- <?=strtoupper($check_blockoffenders);?>
- </td>
- <?php
+ ?> <?=strtoupper($check_blockoffenders);?></td>
+ <?php
+
+ $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
- $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id);
-
if ($color2_upb == 'yes') {
$class_color_upb = 'listbg2';
}else{
$class_color_upb = 'listbg';
}
-
- ?>
- <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <?php
- $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
- if ($check_snortbarnyardlog_info == "on")
+
+ ?>
+ <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)"
+ id="frd<?=$nnats;?>"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
+ if ($check_snortbarnyardlog_info == "on")
{
$check_snortbarnyardlog = strtoupper(enabled);
}else{
$check_snortbarnyardlog = strtoupper(disabled);
}
- ?>
- <?php echo "$check_snortbarnyardlog";?>
- </td>
- <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <font color="#ffffff">
- <?=htmlspecialchars($natent['descr']);?>
- </td>
- <td valign="middle" class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td>
- </tr>
- </table>
- </tr>
- <?php $i++; $nnats++; endforeach; ?>
- <tr>
- <td class="list" colspan="8"></td>
- <td class="list" valign="middle" nowrap>
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><?php if ($nnats == 0): ?><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
- </tr>
- </table>
+ ?> <?php echo "$check_snortbarnyardlog";?></td>
+ <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)"
+ ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>
</td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ <td valign="middle" class="list" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="edit rule"></a></td>
+ </tr>
+ </table>
+
+ </tr>
+ <?php $i++; $nnats++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td class="list" valign="middle" nowrap>
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
+ width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input
+ name="del" type="image"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="delete selected mappings"
+ onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
- <div id="mainarea4">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="100%">
- <span class="red"><strong>Note:</strong></span>
- <br>
- This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings.
- <br>
- Please edit the <strong>Global Settings</strong> tab before adding an interface.
- <br><br>
- <span class="red"><strong>Warning:</strong></span>
- <br>
- <strong>New settings will not take effect until interface restart.</strong>
- <br><br>
- <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard2.
- <br>
- <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard2.
- <br>
- <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings.
-</td>
-</tr>
- </table>
- </div>
- </tr></td>
+ <tr>
+ <td>
+ <div id="mainarea4">
+ <table class="tabcont" width="100%" border="0" cellpadding="0"
+ cellspacing="0">
+ <tr id="frheader">
+ <td width="100%"><span class="red"><strong>Note:</strong></span> <br>
+ This is the <strong>Snort Menu</strong> where you can see an over
+ view of all your interface settings. <br>
+ Please edit the <strong>Global Settings</strong> tab before adding
+ an interface. <br>
+ <br>
+ <span class="red"><strong>Warning:</strong></span> <br>
+ <strong>New settings will not take effect until interface restart.</strong>
+ <br>
+ <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="Add Icon"> icon to add a
+ interface.<strong> Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif"
+ width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong>
+ snort and barnyard2. <br>
+ <strong>Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="Edit Icon"> icon to edit a
+ interface and settings.<strong> Click</strong>
+ on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong>
+ snort and barnyard2. <br>
+ <strong> Click</strong> on the <img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="Delete Icon"> icon to
+ delete a interface and settings.</td>
+ </tr>
+ </table>
+ </div>
+
+ </tr>
+ </td>
</table>
-
-<?php
-if ($pkg['tabs'] <> "") {
- echo "</td></tr></table>";
-}
-?>
-</form>
+ <?php
+ if ($pkg['tabs'] <> "") {
+ echo "</td></tr></table>";
+ }
+ ?></form>
</div>
-<br><br><br>
+<br>
+<br>
+<br>
<style type="text/css">
-#footer2
-{
-position: relative;
-background-color: transparent;
-background-image: url("./images/logo22.png");
-background-repeat: no-repeat;
-background-attachment: scroll;
-background-position: 0% 0%;
-top: 10px;
-left: 0px;
-width: 770px;
-height: 60px;
-color: #000000;
-text-align: center;
-font-size: 0.8em;
-padding-top: 40px;
-margin-bottom: -35px;
-clear: both;
+#footer2 {
+ position: relative;
+ background-color: transparent;
+ background-image: url("./images/logo22.png");
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: 0% 0%;
+ top: 10px;
+ left: 0px;
+ width: 770px;
+ height: 60px;
+ color: #000000;
+ text-align: center;
+ font-size: 0.8em;
+ padding-top: 40px;
+ margin-bottom: -35px;
+ clear: both;
}
</style>
- <div id="footer2">
- SNORT registered ® by Sourcefire, Inc, Barnyard2 registered ® by securixlive.com, Orion registered ® by Robert Zelaya,
- Emergingthreats registered ® by emergingthreats.net, Mysql registered ® by Mysql.com
- </div> <!-- Footer DIV -->
+<div id="footer2">SNORT registered ® by Sourcefire, Inc, Barnyard2
+registered ® by securixlive.com, Orion registered ® by Robert Zelaya,
+Emergingthreats registered ® by emergingthreats.net, Mysql registered ®
+by Mysql.com</div>
+<!-- Footer DIV -->
-<?php
+ <?php
-include("fend.inc");
+ include("fend.inc");
-echo $snort_custom_rnd_box;
+ echo $snort_custom_rnd_box;
-?>
+ ?>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index c47baad5..3d58ac17 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -1,34 +1,34 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -43,11 +43,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } @@ -55,272 +55,292 @@ if (isset($_GET['dup'])) { /* TODO: When inline gets added make the uuid the port number lisstening */ //function gen_snort_uuid($fileline) //{ - /* return the first 5 */ - //if (preg_match("/...../", $fileline, $matches1)) - //{ - //$uuid_final = "$matches1[0]"; - //} -//return $uuid_final; -//} - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$snort_uuid = 0; -while ($snort_uuid > 65535 || $snort_uuid == 0) { - $snort_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $snort_uuid; +/* return the first 5 */ +//if (preg_match("/...../", $fileline, $matches1)) +//{ +//$uuid_final = "$matches1[0]"; + //} + //return $uuid_final; + //} + + /* gen uuid for each iface !inportant */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); + $snort_uuid = 0; + while ($snort_uuid > 65535 || $snort_uuid == 0) { + $snort_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $snort_uuid; + } } -} -/* convert fake interfaces to real */ -$if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); + /* convert fake interfaces to real */ + $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); -if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; -} + if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + } -if (isset($id) && $a_nat[$id]) { - - /* old options */ - $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; - $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; - $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; - $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; - $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; - $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; - $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; - $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; - $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; - $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; - $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; - $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; - $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; - $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['uuid'] = $a_nat[$id]['uuid']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['descr'] = $a_nat[$id]['descr']; - $pconfig['performance'] = $a_nat[$id]['performance']; - $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; - $pconfig['homelistname'] = $a_nat[$id]['homelistname']; - $pconfig['externallistname'] = $a_nat[$id]['externallistname']; - $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; - $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; - $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; - $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; - $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); - $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; - $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; - - - if (!$pconfig['interface']) + if (isset($id) && $a_nat[$id]) { + + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; + $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['uuid'] = $a_nat[$id]['uuid']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; + $pconfig['homelistname'] = $a_nat[$id]['homelistname']; + $pconfig['externallistname'] = $a_nat[$id]['externallistname']; + $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + + + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; -} else { - $pconfig['interface'] = "wan"; -} + } else { + $pconfig['interface'] = "wan"; + } -if (isset($_GET['dup'])) + if (isset($_GET['dup'])) unset($id); -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - + /* alert file */ + $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + /* this will exec when alert says apply */ if ($_POST['apply']) { - + if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + + write_config(); - write_config(); - - $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); + $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); - - unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); - + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); + } - + if (file_exists($d_snortconfdirty_path)) { - + write_config(); - + sync_snort_package_all($id, $if_real, $snort_uuid); sync_snort_package(); unlink($d_snortconfdirty_path); - + } - + } -if ($_POST["Submit"]) { + if ($_POST["Submit"]) { + + - - // if ($config['installedpackages']['snortglobal']['rule']) { - if ($_POST['descr'] == '' && $pconfig['descr'] == '') { - $input_errors[] = "Please enter a description for your reference."; - } + if ($_POST['descr'] == '' && $pconfig['descr'] == '') { + $input_errors[] = "Please enter a description for your reference."; + } - if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { + if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { $rule_array = $config['installedpackages']['snortglobal']['rule']; $id_c = -1; foreach ($rule_array as $value) { - $id_c += 1; + $id_c += 1; - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; - $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - if ($_POST['interface'] == $result_lan) { - $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } + if ($_POST['interface'] == $result_lan) { + $input_errors[] = "Interface $result_lan is in use. Please select another interface."; } } + } - /* check for overlaps */ - foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) continue; - if ($natent['interface'] != $_POST['interface']) + if ($natent['interface'] != $_POST['interface']) continue; - } + } - /* if no errors write to conf */ - if (!$input_errors) { - $natent = array(); - - /* write to conf for 1st time or rewrite the answer */ - $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; - /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? on : off; - $natent['uuid'] = $pconfig['uuid']; - $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; - $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; - /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; - $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; - $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; - $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; - /* if optiion = 0 then the old descr way will not work */ - - /* rewrite the options that are not in post */ - /* make shure values are set befor repost or conf.xml will be broken */ - if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } - if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } - if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } - if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } - if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } - if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } - if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } - if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } - if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } - if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } - if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } - if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - - - if (isset($id) && $a_nat[$id]) + /* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + + /* write to conf for 1st time or rewrite the answer */ + $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; + /* if post write to conf or rewite the answer */ + $natent['enable'] = $_POST['enable'] ? on : off; + $natent['uuid'] = $pconfig['uuid']; + $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; + $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; + /* if post = on use on off or rewrite the conf */ + if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; + $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; + $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; + $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; + $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; + /* if optiion = 0 then the old descr way will not work */ + + /* rewrite the options that are not in post */ + /* make shure values are set befor repost or conf.xml will be broken */ + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $pconfig['max_queued_bytes']; } + if ($pconfig['max_queued_segs'] != "") { $natent['max_queued_segs'] = $pconfig['max_queued_segs']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + + if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; - else { - if (is_numeric($after)) + else { + if (is_numeric($after)) array_splice($a_nat, $after+1, 0, array($natent)); - else + else $a_nat[] = $natent; + } + + write_config(); + + touch("$d_snortconfdirty_path"); + + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + + exit; } + } + + if ($_POST["Submit2"]) { + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + sleep(1); + + Running_Start($snort_uuid, $if_real, $id); - write_config(); - - touch("$d_snortconfdirty_path"); - - /* if snort.sh crashed this will remove the pid */ - exec('/bin/rm /tmp/snort.sh.pid'); - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -328,19 +348,13 @@ if ($_POST["Submit"]) { header( 'Pragma: no-cache' ); sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); - - exit; } -} - - if ($_POST["Submit2"]) { - - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); - sleep(1); - - Running_Start($snort_uuid, $if_real, $id); - + + if ($_POST["Submit3"]) + { + + Running_Stop($snort_uuid, $if_real, $id); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -348,59 +362,50 @@ if ($_POST["Submit"]) { header( 'Pragma: no-cache' ); sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); - } - if ($_POST["Submit3"]) - { - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_edit.php?id=$id"); - - } + } /* This code needs to be below headers */ if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) { - + $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - + if ($snort_up_ck2_info == 'no') { $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; }else{ $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; - } + } }else{ - $snort_up_ck = ''; + $snort_up_ck = ''; } - -$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; -include("/usr/local/pkg/snort/snort_head.inc"); -?> + $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; + include("/usr/local/pkg/snort/snort_head.inc"); + + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -?> + <?php + include("fbegin.inc"); + ?> -<?php -echo "{$snort_general_css}\n"; -?> + <?php + echo "{$snort_general_css}\n"; + ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <div class="body2"> -<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript> +<noscript> +<div class="alert" ALIGN=CENTER><img + src="/themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content</strong></div> +</noscript> <script language="JavaScript"> <!-- @@ -431,27 +436,25 @@ echo " document.iform.configpassthru.disabled = endis; } //--> -</script> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +</script> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> - -<?php +<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" + method="post" enctype="multipart/form-data" name="iform" id="iform"><?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box2($savemsg); } //if (file_exists($d_snortconfdirty_path)) { if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<p>'; + echo '<p>'; if($savemsg) { print_info_box_np2("{$savemsg}"); @@ -463,311 +466,339 @@ echo " } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if ($a_nat[$id]['interface'] != '') { - /* get the interface name */ - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface2) { - $if2 = convert_friendly_interface_to_real_interface_name2($iface2); - - if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { - $if2 = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if2){ - array_push($snortInterfaces, $if2); - $first = 1; - } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; - } - } + <tr> + <td class="tabnavtbl"><?php + if ($a_nat[$id]['interface'] != '') { + /* get the interface name */ + $first = 0; + $snortInterfaces = array(); /* -gtm */ + + $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_array = split(',', $if_list); + //print_r($if_array); + if($if_array) { + foreach($if_array as $iface2) { + $if2 = convert_friendly_interface_to_real_interface_name2($iface2); + + if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { + $if2 = "ng0"; + } + + /* build a list of user specified interfaces -gtm */ + if($if2){ + array_push($snortInterfaces, $if2); + $first = 1; + } + } -} + if (count($snortInterfaces) < 1) { + log_error("Snort will not start. You must select an interface for it to listen on."); + return; + } + } + + } -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; - if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; - } - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - /* hide user tabs when no settings have be saved */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; } - } -echo '</ul>' . "\n"; -echo '</div>' . "\n"; - -?> + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; + /* hide user tabs when no settings have be saved */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + } + } + echo '</ul>' . "\n"; + echo '</div>' . "\n"; -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - <tr> + ?></td> + </tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">General Settings</td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="22%" valign="top" class="vtable"> - <?php - // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> - // care with spaces - if ($pconfig['enable'] == "on") - $checked = checked; + <td width="22%" valign="top" class="vtable"> <?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['enable'] == "on") + $checked = checked; - $onclick_enable = "onClick=\"enable_change(false)\">"; + $onclick_enable = "onClick=\"enable_change(false)\">"; - echo " + echo " <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable Enable or Disable</td>\n\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Interface</td> - <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Choose which interface this rule applies to.<br> - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Memory Performance</td> - <td width="78%" class="vtable"> - <select name="performance" class="formfld" id="performance"> - <?php - $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); - foreach ($interfaces2 as $iface2 => $ifacename2): ?> - <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename2);?> - </option> + ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">Interface</td> + <td width="78%" class="vtable"><select name="interface" + class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" + <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + class="formfld" id="descr" size="40" + value="<?=htmlspecialchars($pconfig['descr']);?>"> <br> + <span class="vexpl">You may enter a description here for your + reference (not parsed).</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Memory Performance</td> + <td width="78%" class="vtable"><select name="performance" + class="formfld" id="performance"> + <?php + $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" + <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?></option> <?php endforeach; ?> - </select><br> - <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br> - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the networks snort should inspect and whitelist.</td> - </tr> - <tr> + </select><br> + <span class="vexpl">Lowmem and ac-bnfa are recommended for low end + systems, Ac: high memory, best performance, ac-std: moderate + memory,high performance, acs: small memory, moderateperformance, + ac-banded: small memory,moderate performance, ac-sparsebands: small + memory, high performance.<br> + </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Choose the networks + snort should inspect and whitelist.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Home net</td> - <td width="78%" class="vtable"> - <select name="homelistname" class="formfld" id="homelistname"> - <?php - /* find whitelist names and filter by type */ - $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; - $hid = -1; - if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; } - $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub); - echo "<option value=\"default\" $selected>default</option> + <td width="78%" class="vtable"><select name="homelistname" + class="formfld" id="homelistname"> + <?php + /* find whitelist names and filter by type */ + $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; + $hid = -1; + if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; } + $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub); + echo "<option value=\"default\" $selected>default</option> "; - foreach ($hlist_select as $value): - $hid += 1; - if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') { - $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name']; - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid']; - if ($ilistname == $hlist_sub[0]){ - echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $whitelist_uuid\">"; - } - echo htmlspecialchars($ilistname) . '</option> + foreach ($hlist_select as $value): + $hid += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') { + $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name']; + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid']; + if ($ilistname == $hlist_sub[0]){ + echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $whitelist_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> '; - } - endforeach; - ?> + } + endforeach; + ?> </select><br> - <span class="vexpl">Choose the home net you will like this rule to use. - </span> <span class="red">Note:</span> Default home net adds only local networks.<br> - <span class="red">Hint:</span> Most users add a list of friendly ips that the firewall cant see.</td> - </tr> - <tr> + <span class="vexpl">Choose the home net you will like this rule to + use. </span> <span class="red">Note:</span> Default home + net adds only local networks.<br> + <span class="red">Hint:</span> Most users add a list of + friendly ips that the firewall cant see.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">External net</td> - <td width="78%" class="vtable"> - <select name="externallistname" class="formfld" id="externallistname"> - <?php - /* find whitelist names and filter by type */ - $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; - $exid = -1; - if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; } - preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub); - echo "<option value=\"default\" $selected>default</option> + <td width="78%" class="vtable"><select name="externallistname" + class="formfld" id="externallistname"> + <?php + /* find whitelist names and filter by type */ + $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; + $exid = -1; + if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; } + preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub); + echo "<option value=\"default\" $selected>default</option> "; - foreach ($exlist_select as $value): - $exid += 1; - if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') { - $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name']; - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid']; - if ($ilistname == $exlist_sub[0]){ - echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $whitelist_uuid\">"; - } - echo htmlspecialchars($ilistname) . '</option> + foreach ($exlist_select as $value): + $exid += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') { + $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name']; + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid']; + if ($ilistname == $exlist_sub[0]){ + echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $whitelist_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> '; - } - endforeach; - ?> + } + endforeach; + ?> </select><br> - <span class="vexpl">Choose the external net you will like this rule to use. - </span> <span class="red">Note:</span> Default external net, networks that are not home net.<br> - <span class="red">Hint:</span> Most users should leave this setting at default.</td> - </tr> - <tr> + <span class="vexpl">Choose the external net you will like this rule + to use. </span> <span class="red">Note:</span> Default + external net, networks that are not home net.<br> + <span class="red">Hint:</span> Most users should leave this + setting at default.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Block offenders</td> - <td width="78%" class="vtable"> - <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Checking this option will automatically block hosts that generate a Snort alert.</td> - </tr> - <tr> + <td width="78%" class="vtable"><input name="blockoffenders7" + type="checkbox" value="on" + <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Checking this option will automatically block hosts that generate a + Snort alert.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Whitelist</td> - <td width="78%" class="vtable"> - <select name="whitelistname" class="formfld" id="whitelistname"> - <?php - /* find whitelist names and filter by type, make sure to track by uuid */ - $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; - $wid = -1; - if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; } - preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub); - echo "<option value=\"default\" $selected>default</option> + <td width="78%" class="vtable"><select name="whitelistname" + class="formfld" id="whitelistname"> + <?php + /* find whitelist names and filter by type, make sure to track by uuid */ + $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; + $wid = -1; + if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; } + preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub); + echo "<option value=\"default\" $selected>default</option> "; - foreach ($wlist_select as $value): - $wid += 1; - if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') { - $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name']; - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid']; - if ($ilistname == $wlist_sub[0]){ - echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $whitelist_uuid\">"; - } - echo htmlspecialchars($ilistname) . '</option> + foreach ($wlist_select as $value): + $wid += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') { + $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name']; + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid']; + if ($ilistname == $wlist_sub[0]){ + echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $whitelist_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> '; - } - endforeach; - ?> + } + endforeach; + ?> </select><br> - <span class="vexpl">Choose the whitelist you will like this rule to use. - </span> <span class="red">Note:</span> Default whitelist adds only local networks.</td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Suppression and filtering</td> - <td width="78%" class="vtable"> - <select name="suppresslistname" class="formfld" id="suppresslistname"> - <?php - /* find whitelist names and filter by type, make sure to track by uuid */ - $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; - $sid = -1; - if ($pconfig['suppresslistname'] == 'default'){ $selected = 'selected'; } - preg_match('/^([a-zA-z0-9]+)/', $pconfig['suppresslistname'], $slist_sub); - echo "<option value=\"default\" $selected>default</option> + <span class="vexpl">Choose the whitelist you will like this rule to + use. </span> <span class="red">Note:</span> Default + whitelist adds only local networks.</td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell2">Suppression and + filtering</td> + <td width="78%" class="vtable"><select name="suppresslistname" + class="formfld" id="suppresslistname"> + <?php + /* find whitelist names and filter by type, make sure to track by uuid */ + $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; + $sid = -1; + if ($pconfig['suppresslistname'] == 'default'){ $selected = 'selected'; } + preg_match('/^([a-zA-z0-9]+)/', $pconfig['suppresslistname'], $slist_sub); + echo "<option value=\"default\" $selected>default</option> "; - foreach ($slist_select as $value): - $sid += 1; - $ilistname = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['name']; - $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['uuid']; - if ($ilistname == $slist_sub[0]){ - echo "<option value=\"$ilistname $suppress_uuid\" selected>"; - }else{ - echo "<option value=\"$ilistname $suppress_uuid\">"; - } - echo htmlspecialchars($ilistname) . '</option> + foreach ($slist_select as $value): + $sid += 1; + $ilistname = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['name']; + $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['uuid']; + if ($ilistname == $slist_sub[0]){ + echo "<option value=\"$ilistname $suppress_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $suppress_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> '; - endforeach; - ?> + endforeach; + ?> </select><br> - <span class="vexpl">Choose the suppression or filtering file you will like this rule to use. - </span> <span class="red">Note:</span> Default option disables suppression and filtering.</td> - </tr> - - <tr> - <td colspan="2" valign="top" class="listtopic">Choose the types of logs snort should create.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Send alerts to main System logs</td> - <td width="78%" class="vtable"> - <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will send Alerts to the Pfsense system logs.</td> - </tr> - <tr> + <span class="vexpl">Choose the suppression or filtering file you + will like this rule to use. </span> <span class="red">Note:</span> Default + option disables suppression and filtering.</td> + </tr> + + <tr> + <td colspan="2" valign="top" class="listtopic">Choose the types of + logs snort should create.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Send alerts to main + System logs</td> + <td width="78%" class="vtable"><input name="alertsystemlog" + type="checkbox" value="on" + <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will send Alerts to the Pfsense system logs.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Log to a Tcpdump file</td> - <td width="78%" class="vtable"> - <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Log Alerts to a snort unified2 file</td> - <td width="78%" class="vtable"> - <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> - Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Arguments here will be automatically inserted into the snort configuration.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Advanced configuration pass through</td> - <td width="78%" class="vtable"> - <textarea wrap="off" name="configpassthru" cols="75" rows="12" id="configpassthru" class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> - </td> - </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click start. </td> - </tr> - </table> - </table> + <td width="78%" class="vtable"><input name="tcpdumplog" + type="checkbox" value="on" + <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will log packets to a tcpdump-formatted file. The file then + can be analyzed by an application such as Wireshark which + understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> + File may become large.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Log Alerts to a snort + unified2 file</td> + <td width="78%" class="vtable"><input name="snortunifiedlog" + type="checkbox" value="on" + <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Snort will log Alerts to a file in the UNIFIED2 format. This is a + requirement for barnyard2.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Arguments here will + be automatically inserted into the snort configuration.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Advanced configuration + pass through</td> + <td width="78%" class="vtable"><textarea wrap="off" + name="configpassthru" cols="75" rows="12" id="configpassthru" + class="formpre2"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save"> <?php echo $snort_up_ck; ?> <input type="button" + class="formbtn" value="Cancel" onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + +</table> </form> </div> @@ -778,7 +809,7 @@ enable_change(false); //--> </script> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> <div> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index d4c07456..88725b15 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -1,36 +1,36 @@ <?php /* - snort_interfaces_global.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Copyright (C) 2008-2009 Robert Zelaya - Modified for the Pfsense snort package. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_interfaces_global.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Copyright (C) 2008-2009 Robert Zelaya + Modified for the Pfsense snort package. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); @@ -50,29 +50,29 @@ $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['auto $pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; $pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("$d_snort_global_dirty_path")) { - conf_mount_rw(); +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists("$d_snort_global_dirty_path")) { + conf_mount_rw(); - /* create whitelist and homenet file then sync files */ - sync_snort_package_empty(); - sync_snort_package(); + /* create whitelist and homenet file then sync files */ + sync_snort_package_empty(); + sync_snort_package(); - unlink("$d_snort_global_dirty_path"); + unlink("$d_snort_global_dirty_path"); - write_config(); - conf_mount_ro(); - } + write_config(); + conf_mount_ro(); } - +} + + - /* if no errors move foward */ if (!$input_errors) { - - if ($_POST["Submit"]) { + + if ($_POST["Submit"]) { $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; @@ -82,7 +82,7 @@ if (!$input_errors) { $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; - $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off; + $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? on : off; write_config(); sleep(2); @@ -90,50 +90,50 @@ if (!$input_errors) { $retval = 0; - $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; - if ($snort_snortloglimit_info_ck == 'on') { + $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit']; + if ($snort_snortloglimit_info_ck == 'on') { snort_snortloglimit_install_cron(''); snort_snortloglimit_install_cron('true'); - } - - if ($snort_snortloglimit_info_ck == 'off') { + } + + if ($snort_snortloglimit_info_ck == 'off') { snort_snortloglimit_install_cron(''); - } - + } + - /* set the snort block hosts time IMPORTANT */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + /* set the snort block hosts time IMPORTANT */ + $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = ""; + $snort_rm_blocked_false = ""; else - $snort_rm_blocked_false = "true"; + $snort_rm_blocked_false = "true"; - if ($snort_rm_blocked_info_ck != "") - { + if ($snort_rm_blocked_info_ck != "") + { snort_rm_blocked_install_cron(""); snort_rm_blocked_install_cron($snort_rm_blocked_false); } - - /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; + + /* set the snort rules update time */ + $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = ""; + $snort_rules_up_false = ""; else - $snort_rules_up_false = "true"; + $snort_rules_up_false = "true"; - if ($snort_rules_up_info_ck != "") + if ($snort_rules_up_info_ck != "") { snort_rules_up_install_cron(""); snort_rules_up_install_cron($snort_rules_up_false); } - - + + touch($d_snort_global_dirty_path); $savemsg = get_std_save_message($retval); write_config(); sync_snort_package(); - + /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -141,124 +141,124 @@ if (!$input_errors) { header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces_global.php"); - - } + + } } - - + + if ($_POST["Reset"]) { function snort_deinstall_settings() { - global $config, $g, $id, $if_real; - conf_mount_rw(); + global $config, $g, $id, $if_real; + conf_mount_rw(); - exec("/usr/usr/bin/killall snort"); - sleep(2); - exec("/usr/usr/bin/killall -9 snort"); - sleep(2); - exec("/usr/usr/bin/killall barnyard2"); - sleep(2); - exec("/usr/usr/bin/killall -9 barnyard2"); - sleep(2); + exec("/usr/usr/bin/killall snort"); + sleep(2); + exec("/usr/usr/bin/killall -9 snort"); + sleep(2); + exec("/usr/usr/bin/killall barnyard2"); + sleep(2); + exec("/usr/usr/bin/killall -9 barnyard2"); + sleep(2); - /* Remove snort cron entries Ugly code needs smoothness*/ - function snort_rm_blocked_deinstall_cron($should_install) - { - global $config, $g; - conf_mount_rw(); + /* Remove snort cron entries Ugly code needs smoothness*/ + function snort_rm_blocked_deinstall_cron($should_install) + { + global $config, $g; + conf_mount_rw(); - $is_installed = false; + $is_installed = false; - if(!$config['cron']['item']) - return; + if(!$config['cron']['item']) + return; - $x=0; - foreach($config['cron']['item'] as $item) - { - if (strstr($item['command'], "snort2c")) + $x=0; + foreach($config['cron']['item'] as $item) { - $is_installed = true; - break; - } - - $x++; - - } - if($is_installed == true) + if (strstr($item['command'], "snort2c")) { - if($x > 0) - { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - - configure_cron(); - + $is_installed = true; + break; } - conf_mount_ro(); -} - - function snort_rules_up_deinstall_cron($should_install) -{ - global $config, $g; - conf_mount_rw(); + $x++; + + } + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } - $is_installed = false; + configure_cron(); - if(!$config['cron']['item']) - return; + } + conf_mount_ro(); + + } - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; + function snort_rules_up_deinstall_cron($should_install) + { + global $config, $g; + conf_mount_rw(); + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; + } + $x++; } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); } -} + } - snort_rm_blocked_deinstall_cron(""); - snort_rules_up_deinstall_cron(""); - - - /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ - /* Keep this as a last step */ - unset($config['installedpackages']['snortglobal']); - write_config(); - conf_mount_rw(); - - /* remove all snort iface dir */ - exec('rm -r /usr/local/etc/snort/snort_*'); - exec('rm /var/log/snort/*'); - - conf_mount_ro(); + snort_rm_blocked_deinstall_cron(""); + snort_rules_up_deinstall_cron(""); -} + + /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ + /* Keep this as a last step */ + unset($config['installedpackages']['snortglobal']); + write_config(); + conf_mount_rw(); + + /* remove all snort iface dir */ + exec('rm -r /usr/local/etc/snort/snort_*'); + exec('rm /var/log/snort/*'); + + conf_mount_ro(); + + } snort_deinstall_settings(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces_global.php"); - exit; + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_global.php"); + + exit; } @@ -269,7 +269,7 @@ include_once("/usr/local/pkg/snort/snort_head.inc"); <body link="#000000" vlink="#000000" alink="#000000"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -285,24 +285,27 @@ echo "$snort_interfaces_css\n"; <?php include("fbegin.inc"); ?> -<div class="body2"> - -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> - +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> -<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php +<form action="snort_interfaces_global.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php /* Display Alert message, under form tag or no refresh */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } - + if (!$input_errors) { if (file_exists($d_snort_global_dirty_path)) { @@ -312,174 +315,225 @@ echo "$snort_interfaces_css\n"; '); } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - -</td> -</tr> - -<tr> -<td class="tabcont"> -<table id="maintable2" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Please Choose The Type Of Rules You Wish To Download</td> - </tr> - <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="off" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> - Do <strong>NOT</strong> Install</td> - </tr> - <tr> - <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="on" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> - Install Basic Rules or Premium rules <br> - <a href="https://www.snort.org/signup" target="_blank">Sign Up for a Basic Rule Account</a><br> - <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended</a> - </td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> - </tr> - <tr> - <td class="vncell2" valign="top">Code</td> - <td class="vtable"><input name="oinkmastercode" type="text" class="formfld" id="oinkmastercode" size="52" value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> - Obtain a snort.org Oinkmaster code and paste here.</td> - </table> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> rules</td> - <td width="78%" class="vtable"> - <input name="emergingthreats" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Update rules automatically</td> - <td width="78%" class="vtable"> - <select name="autorulesupdate7" class="formfld" id="autorulesupdate7"> - <?php - $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the update times for rules.<br> - Hint: in most cases, every 12 hours is a good choice.</span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Settings</td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Log Directory Size Limit</td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="on" onClick="enable_change(false)" <?php if($pconfig['snortloglimit']=='on' || $pconfig['snortloglimit']=='') echo 'checked'; ?>> - <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> - </tr> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="off" onClick="enable_change(false)" <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> - <strong>Disable</strong> directory size limit<br><br><span class="red"><strong>Warning</span>:</strong> Pfsense Nanobsd should use no more than 10MB of space. + <td> + + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li class="snorttabs_active"><a + href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + </td> - </tr> - <tr> - <td> </td> - </tr> - </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vncell3" >Size in <strong>MB</strong></td> - <td class="vtable"><input name="snortloglimitsize" type="text" class="formfld" id="snortloglimitsize" size="7" value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> - Default is <strong>20%</strong> of available space.</td> - </table> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell2">Remove blocked hosts every</td> - <td width="78%" class="vtable"> - <select name="rm_blocked" class="formfld" id="rm_blocked"> - <?php - $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); - foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please select the amount of time you would like hosts to be blocked for.<br> - Hint: in most cases, 1 hour is a good choice.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Alerts file description type</td> - <td width="78%" class="vtable"> - <select name="snortalertlogtype" class="formfld" id="snortalertlogtype"> - <?php - $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); - foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> - Hint: Best pratice is to chose full logging.</span> <span class="red"><strong>WARNING:</strong></span> <strong>On change, alert file will be cleared.</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Keep snort settings after deinstall</td> - <td width="78%" class="vtable"> - <input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Settings will not be removed during deinstall.</td> - </tr> - <tr> - <td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to delete all global and interface settings?')"><span class="red"><strong> WARNING:</strong><br> - This will reset all global and interface settings.</span> - </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - </td> </tr> + <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br></strong></span> - Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span></td> + <td class="tabcont"> + <table id="maintable2" width="100%" border="0" cellpadding="6" + cellspacing="0"> + <tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Please Choose The + Type Of Rules You Wish To Download</td> + </tr> + <td width="22%" valign="top" class="vncell2">Install Snort.org rules</td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" + id="snortdownload" value="off" onClick="enable_change(false)" + <?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>> + Do <strong>NOT</strong> Install</td> + </tr> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" + id="snortdownload" value="on" onClick="enable_change(false)" + <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>> Install + Basic Rules or Premium rules <br> + <a + href="https://www.snort.org/signup" target="_blank">Sign Up for a + Basic Rule Account</a><br> + <a + href="http://www.snort.org/vrt/buy-a-subscription" + target="_blank">Sign Up for Sourcefire VRT Certified Premium + Rules. This Is Highly Recommended</a></td> + </tr> + <tr> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> + </tr> + <tr> + <td class="vncell2" valign="top">Code</td> + <td class="vtable"><input name="oinkmastercode" type="text" + class="formfld" id="oinkmastercode" size="52" + value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> + Obtain a snort.org Oinkmaster code and paste here.</td> + + </table> + + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Install <strong>Emergingthreats</strong> + rules</td> + <td width="78%" class="vtable"><input name="emergingthreats" + type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Emerging Threats is an open source community that produces fastest + moving and diverse Snort Rules.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Update rules + automatically</td> + <td width="78%" class="vtable"><select name="autorulesupdate7" + class="formfld" id="autorulesupdate7"> + <?php + $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the update times for rules.<br> + Hint: in most cases, every 12 hours is a good choice.</span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">General Settings</td> + </tr> + + <tr> + <?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> + <td width="22%" valign="top" class="vncell2">Log Directory Size + Limit<br> + <br> + <br> + <br> + <br> + <br> + <span class="red"><strong>Note</span>:</strong><br> + Available space is <strong><?php echo $snortlogCurrentDSKsize; ?>MB</strong></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortloglimit" type="radio" + id="snortloglimit" value="on" onClick="enable_change(false)" + <?php if($pconfig['snortloglimit']=='on' || $pconfig['snortloglimit']=='') echo 'checked'; ?>> + <strong>Enable</strong> directory size limit (<strong>Default</strong>)</td> + </tr> + <tr> + <td colspan="2"><input name="snortloglimit" type="radio" + id="snortloglimit" value="off" onClick="enable_change(false)" + <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <strong>Disable</strong> + directory size limit<br> + <br> + <span class="red"><strong>Warning</span>:</strong> Pfsense Nanobsd + should use no more than 10MB of space.</td> + </tr> + <tr> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vncell3">Size in <strong>MB</strong></td> + <td class="vtable"><input name="snortloglimitsize" type="text" + class="formfld" id="snortloglimitsize" size="7" + value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> + Default is <strong>20%</strong> of available space.</td> + + </table> + + </tr> + + <tr> + <td width="22%" valign="top" class="vncell2">Remove blocked hosts + every</td> + <td width="78%" class="vtable"><select name="rm_blocked" + class="formfld" id="rm_blocked"> + <?php + $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the amount of time you would like + hosts to be blocked for.<br> + Hint: in most cases, 1 hour is a good choice.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Alerts file description + type</td> + <td width="78%" class="vtable"><select name="snortalertlogtype" + class="formfld" id="snortalertlogtype"> + <?php + $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" + <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?></option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please choose the type of Alert logging you will + like see in your alert file.<br> + Hint: Best pratice is to chose full logging.</span> <span + class="red"><strong>WARNING:</strong></span> <strong>On + change, alert file will be cleared.</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Keep snort settings + after deinstall</td> + <td width="78%" class="vtable"><input name="forcekeepsettings" + id="forcekeepsettings" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Settings will not be removed during deinstall.</td> + </tr> + <tr> + <td width="22%" valign="top"><input name="Reset" type="submit" + class="formbtn" value="Reset" + onclick="return confirm('Do you really want to delete all global and interface settings?')"><span + class="red"><strong> WARNING:</strong><br> + This will reset all global and interface settings.</span></td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save" onClick="enable_change(true)"> <input type="button" + class="formbtn" value="Cancel" onclick="history.back()"></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span> Changing any settings on this page will affect all + interfaces. Please, double check if your oink code is correct and + the type of snort.org account you hold.</span></td> + </tr> + </table> + </td> </tr> - </table> - </td> - </tr> - </table> +</table> </form> </div> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> -<?php echo "$snort_custom_rnd_box\n"; ?> + <?php echo "$snort_custom_rnd_box\n"; ?> </body> </html> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index ac0b8623..58837799 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -1,39 +1,39 @@ <?php /* $Id$ */ /* - firewall_aliases.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + firewall_aliases.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -41,15 +41,15 @@ require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); +$config['installedpackages']['snortglobal']['suppress']['item'] = array(); //aliases_sort(); << what ? $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; if (isset($config['installedpackages']['snortglobal']['suppress']['item'])) { -$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); + $id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']); }else{ -$id_gen = '0'; + $id_gen = '0'; } $d_suppresslistdirty_path = '/var/run/snort_suppress.dirty'; @@ -62,12 +62,12 @@ if ($_POST) { $retval = 0; if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); + $savemsg = get_std_save_message($retval); else - $savemsg = $retval; + $savemsg = $retval; if ($retval == 0) { if (file_exists($d_suppresslistdirty_path)) - unlink($d_suppresslistdirty_path); + unlink($d_suppresslistdirty_path); } } } @@ -76,12 +76,12 @@ if ($_GET['act'] == "del") { if ($a_suppress[$_GET['id']]) { /* make sure rule is not being referenced by any nat or filter rules */ - unset($a_suppress[$_GET['id']]); - write_config(); - filter_configure(); - touch($d_suppresslistdirty_path); - header("Location: /snort/snort_interfaces_suppress.php"); - exit; + unset($a_suppress[$_GET['id']]); + write_config(); + filter_configure(); + touch($d_suppresslistdirty_path); + header("Location: /snort/snort_interfaces_suppress.php"); + exit; } } @@ -90,9 +90,10 @@ include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#000000" vlink="#000000" alink="#000000"> +<body + link="#000000" vlink="#000000" alink="#000000"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -101,98 +102,110 @@ include("/usr/local/pkg/snort/snort_head.inc"); }); </script> -<?php +<?php include("fbegin.inc"); echo $snort_general_css; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<div class="body2"> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<form action="/snort/snort_interfaces_suppress.php" method="post"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_suppresslistdirty_path)): ?><p> -<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_suppresslistdirty_path)): ?> +<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - -</td> -</tr> - -<tr> -<td class="tabcont"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - -<tr> - <td width="30%" class="listhdrr">File Name</td> - <td width="70%" class="listhdr">Description</td> - - <td width="10%" class="list"> - </td> -</tr> - <?php $i = 0; foreach ($a_suppress as $list): ?> -<tr> - <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?> - </td> - <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> - <?=htmlspecialchars($list['descr']);?> - </td> - - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> -</tr> - <?php $i++; endforeach; ?> -<tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> -</tr> + <tr> + <td class="tabnavtbl"> + + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li class="snorttabs_active"><a + href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + + </td> + </tr> + + <tr> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td width="30%" class="listhdrr">File Name</td> + <td width="70%" class="listhdr">Description</td> + + <td width="10%" class="list"></td> + </tr> + <?php $i = 0; foreach ($a_suppress as $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listbg" + ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a + href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a + href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>" + onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> </table> - </td> - </tr> - </table> <br> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> -<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create event filtering and suppression for your snort package rules.<br>Please note that you must restart a running rule so that changes can take effect.</span></p> -</td> +<table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create event filtering and + suppression for your snort package rules.<br> + Please note that you must restart a running rule so that changes can + take effect.</span></p></td> </table> + </form> </div> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 6a88ce1b..89abe790 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -1,61 +1,61 @@ <?php /* $Id$ */ /* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + firewall_aliases_edit.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) - $config['installedpackages']['snortglobal']['suppress']['item'] = array(); +$config['installedpackages']['snortglobal']['suppress']['item'] = array(); $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; /* gen uuid for each iface !inportant */ if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$suppress_uuid = 0; -while ($suppress_uuid > 65535 || $suppress_uuid == 0) { - $suppress_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $suppress_uuid; + $suppress_uuid = 0; + while ($suppress_uuid > 65535 || $suppress_uuid == 0) { + $suppress_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $suppress_uuid; } } @@ -68,43 +68,43 @@ $d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { if (!is_string($name)) - return false; + return false; if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; + return true; return false; } - - + + if (isset($id) && $a_suppress[$id]) { - + /* old settings */ $pconfig['name'] = $a_suppress[$id]['name']; $pconfig['uuid'] = $a_suppress[$id]['uuid']; $pconfig['descr'] = $a_suppress[$id]['descr']; $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); - - + + } - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("$d_snort_suppress_dirty_path")) { +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists("$d_snort_suppress_dirty_path")) { - write_config(); + write_config(); - sync_snort_package_config(); - sync_snort_package(); + sync_snort_package_config(); + sync_snort_package(); - unlink("$d_snort_suppress_dirty_path"); + unlink("$d_snort_suppress_dirty_path"); - } - } +} + if ($_POST['submit']) { unset($input_errors); @@ -113,21 +113,21 @@ if ($_POST['submit']) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; $x = is_validwhitelistname($_POST['name']); if (!isset($x)) { $input_errors[] = "Reserved word used for whitelist file name."; } else { if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; } /* check for name conflicts */ foreach ($a_suppress as $s_list) { if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) - continue; + continue; if ($s_list['name'] == $_POST['name']) { $input_errors[] = "A whitelist file name with this name already exists."; @@ -135,29 +135,29 @@ if ($_POST['submit']) { } } - + $s_list = array(); /* post user input */ if (!$input_errors) { - + $s_list['name'] = $_POST['name']; $s_list['uuid'] = $suppress_uuid; - $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); if (isset($id) && $a_suppress[$id]) - $a_suppress[$id] = $s_list; + $a_suppress[$id] = $s_list; else - $a_suppress[] = $s_list; + $a_suppress[] = $s_list; touch($d_snort_suppress_dirty_path); write_config(); header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id"); - exit; + exit; } } @@ -167,9 +167,11 @@ include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC" + onload="<?= $jsevents["body"]["onload"] ?>"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -178,36 +180,34 @@ include("/usr/local/pkg/snort/snort_head.inc"); }); </script> -<?php +<?php include("fbegin.inc"); echo $snort_general_css; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<div class="body2"> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="inputerrors"></div> -<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> - -<?php +<form action="/snort/snort_interfaces_suppress_edit.php?id=<?=$id?>" + method="post" name="iform" id="iform"><?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box2($savemsg); } //if (file_exists($d_snortconfdirty_path)) { if (file_exists($d_snort_suppress_dirty_path)) { - echo '<p>'; + echo '<p>'; if($savemsg) { print_info_box_np2("{$savemsg}"); @@ -218,114 +218,114 @@ echo $snort_general_css; '); } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - -</td> -</tr> - -<tr> -<td class="tabcont"> -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"> - <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> - <br /> - <span class="vexpl"> - The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> - <br /> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> -</table> -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <table height="32" width="100%"> <tr> - <td> - <div style='background-color:#E0E0E0' id='redbox'> - <table width='100%'> - <tr> - <td width='8%'> - <img style='vertical-align:middle' src="/snort/images/icon_excli.png" width="40" height="32"> - </td> - <td width='70%'> - <font size="2" color='#FF850A'><b>NOTE:</b></font> - <font size="2" color='#000000'> The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead.</font> - </td> - </tr> - </table> - </div> - </td> + <td class="tabnavtbl"> + + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li class="snorttabs_active"><a + href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + + </td> </tr> - <script type="text/javascript"> + + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and + description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq2">Name</td> + <td class="vtable"><input name="name" type="text" id="name" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> The list name may only consist of the + characters a-z, A-Z and 0-9. <span class="red">Note: </span> No + Spaces. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> You may enter a description here for your + reference (not parsed). </span></td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table height="32" width="100%"> + <tr> + <td> + <div style='background-color: #E0E0E0' id='redbox'> + <table width='100%'> + <tr> + <td width='8%'> <img + style='vertical-align: middle' + src="/snort/images/icon_excli.png" width="40" height="32"></td> + <td width='70%'><font size="2" color='#FF850A'><b>NOTE:</b></font> + <font size="2" color='#000000'> The threshold keyword + is deprecated as of version 2.8.5. Use the event_filter keyword + instead.</font></td> + </tr> + </table> + </div> + </td> + </tr> + <script type="text/javascript"> NiftyCheck(); Rounded("div#redbox","all","#FFF","#E0E0E0","smooth"); Rounded("td#blackbox","all","#FFF","#000000","smooth"); </script> - <tr> - <td colspan="2" valign="top" class="listtopic">Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="vncell"> - <b>Example 1;</b> suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> - <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60<br> - <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10 - </td> - </tr> - <tr> - <td width="100%" class="vtable"> - <textarea wrap="off" name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> -</td> - </tr> - <tr> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif; ?> - </td> - </tr> - </table> - </table> - </td> - </tr> - </table> + <tr> + <td colspan="2" valign="top" class="listtopic">Apply suppression or + filters to rules. Valid keywords are 'suppress', 'event_filter' and + 'rate_filter'.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="vncell"><b>Example 1;</b> + suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br> + <b>Example 2;</b> event_filter gen_id 1, sig_id 1851, type limit, + track by_src, count 1, seconds 60<br> + <b>Example 3;</b> rate_filter gen_id 135, sig_id 1, track by_src, + count 100, seconds 1, new_action log, timeout 10</td> + </tr> + <tr> + <td width="100%" class="vtable"><textarea wrap="off" + name="suppresspassthru" cols="142" rows="28" id="suppresspassthru" + class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> + </td> + </tr> + <tr> + <td width="78%"><input id="submit" name="submit" type="submit" + class="formbtn" value="Save" /> <input id="cancelbutton" + name="cancelbutton" type="button" class="formbtn" value="Cancel" + onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> + </td> + </tr> + </table> + </table> + </td> + </tr> +</table> </form> </div> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> </body> -</html>
\ No newline at end of file +</html> diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php index 54ee844d..517c5907 100644 --- a/config/snort/snort_interfaces_whitelist.php +++ b/config/snort/snort_interfaces_whitelist.php @@ -1,39 +1,39 @@ <?php /* $Id$ */ /* - firewall_aliases.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + firewall_aliases.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -41,15 +41,15 @@ require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); +$config['installedpackages']['snortglobal']['whitelist']['item'] = array(); //aliases_sort(); << what ? $a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) { -$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); + $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']); }else{ -$id_gen = '0'; + $id_gen = '0'; } $d_whitelistdirty_path = '/var/run/snort_whitelist.dirty'; @@ -62,12 +62,12 @@ if ($_POST) { $retval = 0; if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); + $savemsg = get_std_save_message($retval); else - $savemsg = $retval; + $savemsg = $retval; if ($retval == 0) { if (file_exists($d_whitelistdirty_path)) - unlink($d_whitelistdirty_path); + unlink($d_whitelistdirty_path); } } } @@ -76,12 +76,12 @@ if ($_GET['act'] == "del") { if ($a_whitelist[$_GET['id']]) { /* make sure rule is not being referenced by any nat or filter rules */ - unset($a_whitelist[$_GET['id']]); - write_config(); - filter_configure(); - touch($d_whitelistdirty_path); - header("Location: /snort/snort_interfaces_whitelist.php"); - exit; + unset($a_whitelist[$_GET['id']]); + write_config(); + filter_configure(); + touch($d_whitelistdirty_path); + header("Location: /snort/snort_interfaces_whitelist.php"); + exit; } } @@ -90,9 +90,10 @@ include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -101,107 +102,121 @@ include("/usr/local/pkg/snort/snort_head.inc"); }); </script> -<?php +<?php include("fbegin.inc"); echo $snort_general_css; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<div class="body2"> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> -<form action="/snort/snort_interfaces_whitelist.php" method="post"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_whitelistdirty_path)): ?><p> -<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> +<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_whitelistdirty_path)): ?> +<p><?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - -</td> -</tr> -<tr> -<td class="tabcont"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - -<tr> - <td width="20%" class="listhdrr">File Name</td> - <td width="40%" class="listhdrr">Values</td> - <td width="40%" class="listhdr">Description</td> - <td width="10%" class="list"> - </td> -</tr> - <?php $i = 0; foreach ($a_whitelist as $list): ?> -<tr> - <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($list['name']);?> - </td> - <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <?php - $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); - echo $addresses; - if(count($addresses) < 10) { - echo " "; - } else { - echo "..."; - } - ?> - </td> - <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> - <?=htmlspecialchars($list['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td> - <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td> - </tr> - </table> - </td> -</tr> - <?php $i++; endforeach; ?> -<tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle" width="17"> </td> - <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> - </tr> - </table> - </td> -</tr> + <tr> + <td class="tabnavtbl"> + + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li class="snorttabs_active"><a + href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + + </td> + </tr> + <tr> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr> + <td width="20%" class="listhdrr">File Name</td> + <td width="40%" class="listhdrr">Values</td> + <td width="40%" class="listhdr">Description</td> + <td width="10%" class="list"></td> + </tr> + <?php $i = 0; foreach ($a_whitelist as $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listr" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <?php + $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10)); + echo $addresses; + if(count($addresses) < 10) { + echo " "; + } else { + echo "..."; + } + ?></td> + <td class="listbg" + ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a + href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="edit whitelist"></a></td> + <td><a + href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" + onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" border="0" title="delete whitelist"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a + href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> </table> - </td> - </tr> - </table> <br> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> -<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <p><span class="vexpl">Here you can create whitelist files for your snort package rules.<br>Please add all the ips or networks you want to protect against snort block decisions.<br>Remember that the default whitelist only includes local networks.<br>Be careful, it is very easy to get locked out of you system.</span></p> -</td> +<table class="tabcont" width="100%" border="0" cellpadding="0" + cellspacing="0"> + <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <p><span class="vexpl">Here you can create whitelist files for your + snort package rules.<br> + Please add all the ips or networks you want to protect against snort + block decisions.<br> + Remember that the default whitelist only includes local networks.<br> + Be careful, it is very easy to get locked out of you system.</span></p></td> </table> + </form> </div> diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 6723ec8a..562ec3bb 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -1,61 +1,61 @@ <?php /* $Id$ */ /* - firewall_aliases_edit.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + firewall_aliases_edit.php + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); +$config['installedpackages']['snortglobal']['whitelist']['item'] = array(); $a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; /* gen uuid for each iface !inportant */ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$whitelist_uuid = 0; -while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; + $whitelist_uuid = 0; + while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { + $whitelist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $whitelist_uuid; } } @@ -68,17 +68,17 @@ $d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { if (!is_string($name)) - return false; + return false; if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; + return true; return false; } - - + + if (isset($id) && $a_whitelist[$id]) { - + /* old settings */ $pconfig['name'] = $a_whitelist[$id]['name']; $pconfig['uuid'] = $a_whitelist[$id]['uuid']; @@ -92,34 +92,34 @@ if (isset($id) && $a_whitelist[$id]) { $pconfig['vips'] = $a_whitelist[$id]['vips']; $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - + $addresses = explode(' ', $pconfig['address']); $address = explode(" ", $addresses[0]); if ($address[1]) - $addresssubnettest = true; + $addresssubnettest = true; else - $addresssubnettest = false; + $addresssubnettest = false; } - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("$d_snort_whitelist_dirty_path")) { - conf_mount_rw(); +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists("$d_snort_whitelist_dirty_path")) { + conf_mount_rw(); - /* create whitelist and homenet file then sync files */ - sync_snort_package_empty(); - sync_snort_package(); + /* create whitelist and homenet file then sync files */ + sync_snort_package_empty(); + sync_snort_package(); - unlink("$d_snort_whitelist_dirty_path"); + unlink("$d_snort_whitelist_dirty_path"); - write_config(); - conf_mount_ro(); + write_config(); + conf_mount_ro(); - } - } +} + if ($_POST['submit']) { conf_mount_rw(); @@ -134,24 +134,24 @@ if ($_POST['submit']) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; $x = is_validwhitelistname($_POST['name']); if (!isset($x)) { $input_errors[] = "Reserved word used for whitelist file name."; } else { if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; } - + if (is_validwhitelistname($_POST['address']) == false) - $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; + $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; /* check for name conflicts */ foreach ($a_whitelist as $w_list) { if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) - continue; + continue; if ($w_list['name'] == $_POST['name']) { $input_errors[] = "A whitelist file name with this name already exists."; @@ -159,7 +159,7 @@ if ($_POST['submit']) { } } - + $w_list = array(); /* post user input */ $w_list['name'] = $_POST['name']; @@ -171,72 +171,72 @@ if ($_POST['submit']) { $w_list['wandnsips'] = $_POST['wandnsips']? yes : no; $w_list['vips'] = $_POST['vips']? yes : no; $w_list['vpnips'] = $_POST['vpnips']? yes : no; - + $address = $w_list['address']; $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto"); - if($final_address_detail <> "") { - $final_address_details .= $final_address_detail; + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; } else { $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; $isfirst = 0; - - /* add another entry code */ - for($x=0; $x<299; $x++) { - $comd = "\$subnet = \$_POST['address" . $x . "'];"; - eval($comd); - $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; + + /* add another entry code */ + for($x=0; $x<299; $x++) { + $comd = "\$subnet = \$_POST['address" . $x . "'];"; + eval($comd); + $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; + eval($comd); + if($subnet <> "") { + $address .= " "; + $address .= $subnet; + if($subnet_address <> "") $address .= "" . $subnet_address; + + /* Compress in details to a single key, data separated by pipes. + Pulling details here lets us only pull in details for valid + address entries, saving us from having to track which ones to + process later. */ + $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; eval($comd); - if($subnet <> "") { - $address .= " "; - $address .= $subnet; - if($subnet_address <> "") $address .= "" . $subnet_address; - - /* Compress in details to a single key, data separated by pipes. - Pulling details here lets us only pull in details for valid - address entries, saving us from having to track which ones to - process later. */ - $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; - eval($comd); - if($final_address_detail <> "") { - $final_address_details .= $final_address_detail; - } else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); } + $final_address_details .= "||"; } + } if (!$input_errors) { $w_list['address'] = $address; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); $w_list['detail'] = $final_address_details; if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; + $a_whitelist[$id] = $w_list; else - $a_whitelist[] = $w_list; + $a_whitelist[] = $w_list; touch($d_snort_whitelist_dirty_path); write_config(); header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); - exit; + exit; } //we received input errors, copy data to prevent retype else { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $address; - $pconfig['detail'] = $final_address_details; + $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['address'] = $address; + $pconfig['detail'] = $final_address_details; } - + } $pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; @@ -244,9 +244,11 @@ include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC" + onload="<?= $jsevents["body"]["onload"] ?>"> - <script> +<script> jQuery(document).ready(function(){ //Examples of how to assign the ColorBox event to elements @@ -255,20 +257,18 @@ include("/usr/local/pkg/snort/snort_head.inc"); }); </script> -<?php +<?php include("fbegin.inc"); echo $snort_general_css; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<div class="body2"> - -<script type="text/javascript" src="/snort/javascript/row_helper.js"></script> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> -<input type='hidden' name='address_type' value='textbox' /> -<script type="text/javascript"> +<div class="body2"><script type="text/javascript" + src="/snort/javascript/row_helper.js"></script> <input type='hidden' + name='address_type' value='textbox' /> <script type="text/javascript"> rowname[0] = "address"; rowtype[0] = "textbox"; rowsize[0] = "30"; @@ -276,28 +276,25 @@ echo $snort_general_css; rowname[1] = "detail"; rowtype[1] = "textbox"; rowsize[1] = "50"; -</script> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +</script> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="inputerrors"></div> -<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> - -<?php +<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" + method="post" name="iform" id="iform"><?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box2($savemsg); } //if (file_exists($d_snortconfdirty_path)) { if (file_exists($d_snort_whitelist_dirty_path)) { - echo '<p>'; + echo '<p>'; if($savemsg) { print_info_box_np2("{$savemsg}"); @@ -308,196 +305,195 @@ echo $snort_general_css; '); } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - -<div class="snorttabs" style="margin:1px 0px; width:775px;"> -<!-- Tabbed bar code--> -<ul class="snorttabs"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li class="snorttabs_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> - </ul> -</div> - -</td> -</tr> -<tr> -<td class="tabcont"> - -<table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic">Add the name and description of the file.</td> - </tr> - <tr> - <td valign="top" class="vncellreq2">Name</td> - <td class="vtable"> - <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> - <br /> - <span class="vexpl"> - The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> - <br /> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> <tr> - <td width="22%" valign="top" class="vncell2">List Type</td> - <td width="78%" class="vtable"> - - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" id="itemhelp"> - <strong>WHITELIST:</strong> This list specifies addresses that Snort Package should not block.<br><br> - <strong>NETLIST:</strong> This list is for defining addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file. - </div> - - <select name="snortlisttype" class="formfld" id="snortlisttype"> - <?php + <td class="tabnavtbl"> + + <div class="snorttabs" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="snorttabs"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global + Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li class="snorttabs_active"><a + href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li> + </ul> + </div> + + </td> + </tr> + <tr> + <td class="tabcont"> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and + description of the file.</td> + </tr> + <tr> + <td valign="top" class="vncellreq2">Name</td> + <td class="vtable"><input name="name" type="text" id="name" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> The list name may only consist of the + characters a-z, A-Z and 0-9. <span class="red">Note: </span> No + Spaces. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Description</td> + <td width="78%" class="vtable"><input name="descr" type="text" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> You may enter a description here for your + reference (not parsed). </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">List Type</td> + <td width="78%" class="vtable"> + + <div + style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" + id="itemhelp"><strong>WHITELIST:</strong> This + list specifies addresses that Snort Package should not block.<br> + <br> + <strong>NETLIST:</strong> This list is for defining + addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div> + + <select name="snortlisttype" class="formfld" id="snortlisttype"> + <?php $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST'); foreach ($interfaces4 as $iface4 => $ifacename4): ?> - <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename4);?> - </option> - <?php endforeach; ?> - </select> - <span class="vexpl"> - Choose the type of list you will like see in your <span class="red">Interface Edit Tab</span>. - </span></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add auto generated ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">WAN IPs</td> - <td width="78%" class="vtable"> - <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add WAN IPs to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan Gateways</td> - <td width="78%" class="vtable"> - <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add WAN Gateways to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> - <td width="78%" class="vtable"> - <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add WAN DNS servers to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> - <td width="78%" class="vtable"> - <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add Virtual IP Addresses to the list. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">VPNs</td> - <td width="78%" class="vtable"> - <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/> - <span class="vexpl"> - Add VPN Addresses to the list. - </span> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Add your own custom ips.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq2"><div id="addressnetworkport">IP or CIDR items</div></td> - <td width="78%" class="vtable"> - <table id="maintable"> - <tbody> - <tr> - <td colspan="4"> - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" id="itemhelp"> - For <strong>WHITELIST's</strong> enter <strong>ONLY IPs not CIDRs</strong>. Example: 192.168.4.1<br><br> - For <strong>NETLIST's</strong> you may enter <strong>IPs and CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24 - </div> - </td> - </tr> - <tr> - <td><div id="onecolumn">IP or CIDR</div></td> - <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td> - </tr> - - <?php - /* cleanup code */ - $counter = 0; - $address = $pconfig['address']; - $item = explode(" ", $address); - $item3 = explode("||", $pconfig['detail']); - foreach($item as $ww) { - $address = $item[$counter]; - $item4 = $item3[$counter]; - if($counter > 0) $tracker = $counter + 1; - ?> - <tr> - <td> - <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" /> - </td> - <td> - <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" /> - </td> - <td> - <?php - if($counter > 0) - echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; - ?> - </td> - </tr> - <?php - $counter++; - - } // end foreach - ?> - </tbody> + <option value="<?=$iface4;?>" + <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?></option> + <?php endforeach; ?> + </select> <span class="vexpl"> Choose the type of + list you will like see in your <span class="red">Interface Edit Tab</span>. + </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add auto generated + ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">WAN IPs</td> + <td width="78%" class="vtable"><input name="wanips" type="checkbox" + id="wanips" size="40" value="yes" + <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN IPs to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Wan Gateways</td> + <td width="78%" class="vtable"><input name="wangateips" + type="checkbox" id="wangateips" size="40" value="yes" + <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN Gateways to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Wan DNS servers</td> + <td width="78%" class="vtable"><input name="wandnsips" + type="checkbox" id="wandnsips" size="40" value="yes" + <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add WAN DNS servers to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Virtual IP Addresses</td> + <td width="78%" class="vtable"><input name="vips" type="checkbox" + id="vips" size="40" value="yes" + <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add Virtual IP Addresses to the list. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">VPNs</td> + <td width="78%" class="vtable"><input name="vpnips" type="checkbox" + id="vpnips" size="40" value="yes" + <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> Add VPN Addresses to the list. </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Add your own custom + ips.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2"> + <div id="addressnetworkport">IP or CIDR items</div> + </td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="4"> + <div + style="padding: 5px; margin-top: 16px; margin-bottom: 16px; border: 1px dashed #ff3333; background-color: #eee; color: #000; font-size: 8pt;" + id="itemhelp">For <strong>WHITELIST's</strong> enter <strong>ONLY + IPs not CIDRs</strong>. Example: 192.168.4.1<br> + <br> + For <strong>NETLIST's</strong> you may enter <strong>IPs and + CIDRs</strong>. Example: 192.168.4.1 or 192.168.4.0/24</div> + </td> + </tr> + <tr> + <td> + <div id="onecolumn">IP or CIDR</div> + </td> + <td> + <div id="threecolumn">Add a Description or leave blank and a date + will be added.</div> + </td> + </tr> + + <?php + /* cleanup code */ + $counter = 0; + $address = $pconfig['address']; + $item = explode(" ", $address); + $item3 = explode("||", $pconfig['detail']); + foreach($item as $ww) { + $address = $item[$counter]; + $item4 = $item3[$counter]; + if($counter > 0) $tracker = $counter + 1; + ?> + <tr> + <td><input name="address<?php echo $tracker; ?>" type="text" + id="address<?php echo $tracker; ?>" size="30" + value="<?=htmlspecialchars($address);?>" /></td> + <td><input name="detail<?php echo $tracker; ?>" type="text" + id="detail<?php echo $tracker; ?>" size="50" + value="<?=$item4;?>" /></td> + <td><?php + if($counter > 0) + echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; + ?></td> + </tr> + <?php + $counter++; + + } // end foreach + ?> + </tbody> + </table> + <a onclick="javascript:addRowTo('maintable'); return false;" + href="#"><img border="0" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" + title="add another entry" /> </a></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><input id="submit" name="submit" type="submit" + class="formbtn" value="Save" /> <input id="cancelbutton" + name="cancelbutton" type="button" class="formbtn" value="Cancel" + onclick="history.back()" /> <?php if (isset($id) && $a_whitelist[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> + </td> + </tr> </table> - <a onclick="javascript:addRowTo('maintable'); return false;" href="#"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> - </a> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="submit" type="submit" class="formbtn" value="Save" /> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> - <?php if (isset($id) && $a_whitelist[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif; ?> - </td> - </tr> + </tr> </table> - </td> - </tr> - </table> </form> <script type="text/javascript"> @@ -508,11 +504,9 @@ echo $snort_general_css; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; -</script> - -</div> +</script></div> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> </body> -</html>
\ No newline at end of file +</html> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 363b9f85..c56f00e9 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -1,34 +1,34 @@ <?php /* $Id$ */ /* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); @@ -43,11 +43,11 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_nat[$id]) { @@ -65,7 +65,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; - + /* old options */ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; @@ -74,7 +74,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; @@ -122,8 +122,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; -if (isset($_GET['dup'])) - unset($id); + if (isset($_GET['dup'])) + unset($id); } /* convert fake interfaces to real */ @@ -131,88 +131,88 @@ $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interfac $snort_uuid = $pconfig['uuid']; - /* alert file */ +/* alert file */ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { + +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { - write_config(); + write_config(); - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); - unlink($d_snortconfdirty_path); + unlink($d_snortconfdirty_path); - } - } +} + - if ($_POST["Submit"]) { +if ($_POST["Submit"]) { /* check for overlaps */ -/* if no errors write to conf */ + /* if no errors write to conf */ if (!$input_errors) { $natent = array(); /* repost the options already in conf */ - if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } - if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } - if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } - if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } - if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } - if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } - if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } - if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } - if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } - if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } - if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } - if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } - if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } - if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } - if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } - if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } - if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } - if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } - if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } - if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } - if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } - if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } - if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } - if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } - if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } - if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } - if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } - if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } - if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } - if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } - if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } - if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } - if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } - if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } - if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } - if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } - if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } - if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } - if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } - if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } - if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } - if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } - if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } - if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } - if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } - if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } - + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } + if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } + if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } + /* post new options */ $natent['perform_stat'] = $_POST['perform_stat']; @@ -220,7 +220,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } - + $natent['perform_stat'] = $_POST['perform_stat'] ? on : off; $natent['http_inspect'] = $_POST['http_inspect'] ? on : off; $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off; @@ -228,19 +228,19 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off; $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off; $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off; - $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; + $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; else { if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); + array_splice($a_nat, $after+1, 0, array($natent)); else - $a_nat[] = $natent; + $a_nat[] = $natent; } - + write_config(); - + /* after click go to this page */ touch($d_snortconfdirty_path); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -258,7 +258,8 @@ $pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> @@ -268,29 +269,34 @@ echo "{$snort_general_css}\n"; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <div class="body2"> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> - +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> -<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<?php +<form action="snort_preprocessors.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"><?php /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { - print_info_box2($savemsg); + print_info_box2($savemsg); } if (file_exists($d_snortconfdirty_path)) { - echo '<p>'; + echo '<p>'; if($savemsg) { print_info_box_np2("{$savemsg}"); @@ -302,39 +308,38 @@ echo "{$snort_general_css}\n"; } } -?> + ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> -<?php -if($id != "") -{ - -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; - echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; - echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; + <tr> + <td class="tabnavtbl"><?php + if($id != "") + { + + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; + echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; + echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; -} -?> -</td> -</tr> - <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <?php - /* display error code if there is no id */ - if($id == "") - { - echo " + } + ?></td> + </tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " <style type=\"text/css\"> .noid { position:absolute; @@ -349,138 +354,185 @@ echo '</div>' . "\n"; } </style> <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; - - } - ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br> - Rules may be dependent on preprocessors!<br> - Defaults will be used when there is no user input.<br> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Performance Statistics</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"> - <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)"> - Performance Statistics for this interface.</td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable</td> - <td width="78%" class="vtable"> - <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)"> - Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> - </tr> - <tr> + + } + ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note: + </strong></span><br> + Rules may be dependent on preprocessors!<br> + Defaults will be used when there is no user input.<br></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Performance + Statistics</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable</td> + <td width="78%" class="vtable"><input name="perform_stat" + type="checkbox" value="on" + <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> + onClick="enable_change(false)"> Performance Statistics for this + interface.</td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">HTTP Inspect Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable</td> + <td width="78%" class="vtable"><input name="http_inspect" + type="checkbox" value="on" + <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> + onClick="enable_change(false)"> Use HTTP Inspect to + Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> + </tr> + <tr> <td valign="top" class="vncell2">HTTP server flow depth</td> <td class="vtable"> - <table cellpadding="0" cellspacing="0"> + <table cellpadding="0" cellspacing="0"> <tr> - <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td> + <td><input name="flow_depth" type="text" class="formfld" + id="flow_depth" size="5" + value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> + to <strong>1460</strong> (<strong>-1</strong> disables HTTP + inspect, <strong>0</strong> enables all HTTP inspect)</td> </tr> - </table> - Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.<br> - Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is <strong>0</strong><br> + </table> + Amount of HTTP server response payload to inspect. Snort's + performance may increase by adjusting this value.<br> + Setting this value too low may cause false negatives. Values above 0 + are specified in bytes. Default value is <strong>0</strong><br> </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> - </tr> - <tr> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stream5 Settings</td> + </tr> + <tr> <td valign="top" class="vncell2">Max Queued Bytes</td> <td class="vtable"> - <table cellpadding="0" cellspacing="0"> + <table cellpadding="0" cellspacing="0"> <tr> - <td><input name="max_queued_bytes" type="text" class="formfld" id="max_queued_bytes" size="5" value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>1048576</strong>, <strong>0</strong> means Maximum )</td> + <td><input name="max_queued_bytes" type="text" class="formfld" + id="max_queued_bytes" size="5" + value="<?=htmlspecialchars($pconfig['max_queued_bytes']);?>"> + Minimum is <strong>1024</strong>, Maximum is <strong>1073741824</strong> + ( default value is <strong>1048576</strong>, <strong>0</strong> + means Maximum )</td> </tr> - </table> - The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is <strong>1048576</strong><br> + </table> + The number of bytes to be queued for reassembly for TCP sessions in + memory. Default value is <strong>1048576</strong><br> </td> - </tr> - <tr> + </tr> + <tr> <td valign="top" class="vncell2">Max Queued Segs</td> <td class="vtable"> - <table cellpadding="0" cellspacing="0"> + <table cellpadding="0" cellspacing="0"> <tr> - <td><input name="max_queued_segs" type="text" class="formfld" id="max_queued_segs" size="5" value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> ( default value is <strong>2621</strong>, <strong>0</strong> means Maximum )</td> + <td><input name="max_queued_segs" type="text" class="formfld" + id="max_queued_segs" size="5" + value="<?=htmlspecialchars($pconfig['max_queued_segs']);?>"> + Minimum is <strong>2</strong>, Maximum is <strong>1073741824</strong> + ( default value is <strong>2621</strong>, <strong>0</strong> means + Maximum )</td> </tr> - </table> - The number of segments to be queued for reassembly for TCP sessions in memory. Default value is <strong>2621</strong><br> + </table> + The number of segments to be queued for reassembly for TCP sessions + in memory. Default value is <strong>2621</strong><br> </td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic">General Preprocessor Settings</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br>RPC Decode and Back Orifice detector</td> - <td width="78%" class="vtable"> - <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br>FTP and Telnet Normalizer</td> - <td width="78%" class="vtable"> - <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br>SMTP Normalizer</td> - <td width="78%" class="vtable"> - <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br>Portscan Detection</td> - <td width="78%" class="vtable"> - <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - Detects various types of portscans and portsweeps.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br>DCE/RPC2 Detection</td> - <td width="78%" class="vtable"> - <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Enable <br>DNS Detection</td> - <td width="78%" class="vtable"> - <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> - The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> - <td width="78%" class="vtable"> - <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> - <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br> - Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> - <br> - Please save your settings before you click Start. </td> - </tr> - </table> - </table> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">General Preprocessor + Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + RPC Decode and Back Orifice detector</td> + <td width="78%" class="vtable"><input name="other_preprocs" + type="checkbox" value="on" + <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode RPC traffic and detects Back Orifice traffic on the + network.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + FTP and Telnet Normalizer</td> + <td width="78%" class="vtable"><input name="ftp_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + SMTP Normalizer</td> + <td width="78%" class="vtable"><input name="smtp_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + Portscan Detection</td> + <td width="78%" class="vtable"><input name="sf_portscan" + type="checkbox" value="on" + <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Detects various types of portscans and portsweeps.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + DCE/RPC2 Detection</td> + <td width="78%" class="vtable"><input name="dce_rpc_2" + type="checkbox" value="on" + <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC + traffic.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Enable <br> + DNS Detection</td> + <td width="78%" class="vtable"><input name="dns_preprocessor" + type="checkbox" value="on" + <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + The DNS preprocessor decodes DNS Response traffic and detects some + vulnerabilities.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SSL_IGNORE</td> + <td width="78%" class="vtable"><input name="def_ssl_ports_ignore" + type="text" class="formfld" id="def_ssl_ports_ignore" size="40" + value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> <br> + <span class="vexpl"> Encrypted traffic should be ignored by Snort + for both performance reasons and to reduce false positives.<br> + Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please + use spaces and not commas.</strong></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><input name="Submit" type="submit" class="formbtn" + value="Save"> <input type="button" class="formbtn" value="Cancel" + onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click Start. </td> + </tr> + </table> + +</table> </form> </div> -<?php include("fend.inc"); ?> + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 73de553b..7a82a2d3 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -1,32 +1,32 @@ <?php /* $Id$ */ /* - edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2008, 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + edit_snortrule.php + Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2008, 2009 Robert Zelaya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); @@ -42,7 +42,7 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; +$id = $_POST['id']; if (isset($id) && $a_nat[$id]) { @@ -64,33 +64,33 @@ $iface_uuid = $a_nat[$id]['uuid']; $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { -include("/usr/local/pkg/snort/snort_head.inc"); -include("fbegin.inc"); + include("/usr/local/pkg/snort/snort_head.inc"); + include("fbegin.inc"); -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n + echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n <script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n <tr>\n <td>\n"; -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; -echo "</td>\n + echo "</td>\n </tr>\n <tr>\n <td>\n @@ -111,66 +111,66 @@ echo "</td>\n \n <p>\n\n"; -echo "Please click on the Update Rules tab to install your selected rule sets."; -include("fend.inc"); + echo "Please click on the Update Rules tab to install your selected rule sets."; + include("fend.inc"); -echo "</body>"; -echo "</html>"; + echo "</body>"; + echo "</html>"; -exit(0); + exit(0); } function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; } function write_rule_file($content_changed, $received_file) { - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); - //delimiter for each new rule is a new line - $delimiter = "\n"; + //delimiter for each new rule is a new line + $delimiter = "\n"; - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); - //write data to file - fwrite($filehandle, $fullfile); + //write data to file + fwrite($filehandle, $fullfile); - //close file handle - fclose($filehandle); + //close file handle + fclose($filehandle); } function load_rule_file($incoming_file) { - //read snort file - $filehandle = fopen($incoming_file, "r"); + //read snort file + $filehandle = fopen($incoming_file, "r"); - //read file into string, and get filesize - $contents = fread($filehandle, filesize($incoming_file)); + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); - //close handler - fclose ($filehandle); + //close handler + fclose ($filehandle); - //string for populating category select - $currentruleset = basename($rulefile); + //string for populating category select + $currentruleset = basename($rulefile); - //delimiter for each new rule is a new line - $delimiter = "\n"; + //delimiter for each new rule is a new line + $delimiter = "\n"; - //split the contents of the string file into an array using the delimiter - $splitcontents = explode($delimiter, $contents); + //split the contents of the string file into an array using the delimiter + $splitcontents = explode($delimiter, $contents); - return $splitcontents; + return $splitcontents; } @@ -184,23 +184,23 @@ if ($_GET['openruleset'] != '' && $_GET['ids'] != '') while (false !== ($filename = readdir($dh))) { - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - { - $files[] = $filename; - } + //only populate this array if its a rule file + $isrulefile = strstr($filename, ".rules"); + if ($isrulefile !== false) + { + $files[] = $filename; + } } sort($files); if ($_GET['openruleset']) { - $rulefile = $_GET['openruleset']; + $rulefile = $_GET['openruleset']; } else { - $rulefile = $ruledir.$files[0]; + $rulefile = $ruledir.$files[0]; } @@ -209,91 +209,91 @@ $splitcontents = load_rule_file($rulefile); if ($_POST) { - + conf_mount_rw(); - + if (!$_POST['apply']) { - //retrieve POST data - $post_lineid = $_POST['lineid']; - $post_enabled = $_POST['enabled']; - $post_src = $_POST['src']; - $post_srcport = $_POST['srcport']; - $post_dest = $_POST['dest']; - $post_destport = $_POST['destport']; - + //retrieve POST data + $post_lineid = $_POST['lineid']; + $post_enabled = $_POST['enabled']; + $post_src = $_POST['src']; + $post_srcport = $_POST['srcport']; + $post_dest = $_POST['dest']; + $post_destport = $_POST['destport']; + //clean up any white spaces insert by accident $post_src = str_replace(" ", "", $post_src); $post_srcport = str_replace(" ", "", $post_srcport); $post_dest = str_replace(" ", "", $post_dest); $post_destport = str_replace(" ", "", $post_destport); - - //copy rule contents from array into string - $tempstring = $splitcontents[$post_lineid]; - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //has rule been enabled - if ($post_enabled == "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - $counter2 = 1; - } - else - { - //rule is staying disabled - $counter2 = 2; - } - } - else - { - //has rule been disabled - if ($post_enabled != "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - $counter2 = 2; - } - else - { - //rule is staying enabled - $counter2 = 1; - } - } - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - + + //copy rule contents from array into string + $tempstring = $splitcontents[$post_lineid]; + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //has rule been enabled + if ($post_enabled == "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + $counter2 = 1; + } + else + { + //rule is staying disabled + $counter2 = 2; + } + } + else + { + //has rule been disabled + if ($post_enabled != "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + $counter2 = 2; + } + else + { + //rule is staying enabled + $counter2 = 1; + } + } + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + //insert new values - $counter2++; - $rule_content[$counter2] = $post_src;//source location - $counter2++; - $rule_content[$counter2] = $post_srcport;//source port location - $counter2 = $counter2+2; - $rule_content[$counter2] = $post_dest;//destination location - $counter2++; - $rule_content[$counter2] = $post_destport;//destination port location - + $counter2++; + $rule_content[$counter2] = $post_src;//source location + $counter2++; + $rule_content[$counter2] = $post_srcport;//source port location + $counter2 = $counter2+2; + $rule_content[$counter2] = $post_dest;//destination location + $counter2++; + $rule_content[$counter2] = $post_destport;//destination port location + //implode the array back into string $tempstring = implode(' ', $rule_content); - + //copy string into file array for writing - $splitcontents[$post_lineid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $rulefile); - - //once file has been written, reload file - $splitcontents = load_rule_file($rulefile); - - $stopMsg = true; + $splitcontents[$post_lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $rulefile); + + //once file has been written, reload file + $splitcontents = load_rule_file($rulefile); + + $stopMsg = true; } } else if ($_GET['act'] == "toggle") @@ -301,108 +301,108 @@ else if ($_GET['act'] == "toggle") conf_mount_rw(); - $toggleid = $_GET['ids']; - - //copy rule contents from array into string - $tempstring = $splitcontents[$toggleid]; - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //rule has been enabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - - } - else - { - //has rule been disabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - - } - - //copy string into array for writing - $splitcontents[$toggleid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $rulefile); - - //once file has been written, reload file - $splitcontents = load_rule_file($rulefile); - - $stopMsg = true; - - //write disable/enable sid to config.xml - if ($disabled == false) { - $string_sid = strstr($tempstring, 'sid:'); - $sid_pieces = explode(";", $string_sid); - $sid_off_cut = $sid_pieces[0]; - // sid being turned off - $sid_off = str_replace("sid:", "", $sid_off_cut); - // rule_sid_on registers - $sid_on_pieces = $a_nat[$id]['rule_sid_on']; - // if off sid is the same as on sid remove it - $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_on'] = $sid_on_old; - // rule sid off registers - $sid_off_pieces = $a_nat[$id]['rule_sid_off']; - // if off sid is the same as off sid remove it - $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_off'] = $sid_off_old; - // add sid off registers to new off sid - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; - write_config(); - conf_mount_rw(); + $toggleid = $_GET['ids']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$toggleid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //rule has been enabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + + } + else + { + //has rule been disabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + + } + + //copy string into array for writing + $splitcontents[$toggleid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $rulefile); + + //once file has been written, reload file + $splitcontents = load_rule_file($rulefile); + + $stopMsg = true; + + //write disable/enable sid to config.xml + if ($disabled == false) { + $string_sid = strstr($tempstring, 'sid:'); + $sid_pieces = explode(";", $string_sid); + $sid_off_cut = $sid_pieces[0]; + // sid being turned off + $sid_off = str_replace("sid:", "", $sid_off_cut); + // rule_sid_on registers + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; + // if off sid is the same as on sid remove it + $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_on'] = $sid_on_old; + // rule sid off registers + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; + // if off sid is the same as off sid remove it + $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_off'] = $sid_off_old; + // add sid off registers to new off sid + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; + write_config(); + conf_mount_rw(); - } - else - { - $string_sid = strstr($tempstring, 'sid:'); - $sid_pieces = explode(";", $string_sid); - $sid_on_cut = $sid_pieces[0]; - // sid being turned off - $sid_on = str_replace("sid:", "", $sid_on_cut); - // rule_sid_off registers - $sid_off_pieces = $a_nat[$id]['rule_sid_off']; - // if off sid is the same as on sid remove it - $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_off'] = $sid_off_old; - // rule sid on registers - $sid_on_pieces = $a_nat[$id]['rule_sid_on']; - // if on sid is the same as on sid remove it - $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); - // write the replace sid back as empty - $a_nat[$id]['rule_sid_on'] = $sid_on_old; - // add sid on registers to new on sid - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; - write_config(); - conf_mount_rw(); - } - + } + else + { + $string_sid = strstr($tempstring, 'sid:'); + $sid_pieces = explode(";", $string_sid); + $sid_on_cut = $sid_pieces[0]; + // sid being turned off + $sid_on = str_replace("sid:", "", $sid_on_cut); + // rule_sid_off registers + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; + // if off sid is the same as on sid remove it + $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_off'] = $sid_off_old; + // rule sid on registers + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; + // if on sid is the same as on sid remove it + $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); + // write the replace sid back as empty + $a_nat[$id]['rule_sid_on'] = $sid_on_old; + // add sid on registers to new on sid + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; + write_config(); + conf_mount_rw(); + } + } if ($_GET['saved'] == 'yes') { - $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect."; + $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect."; -// stop_service("snort"); -// sleep(2); -// start_service("snort"); -// $savemsg = ""; -// $stopMsg = false; + // stop_service("snort"); + // sleep(2); + // start_service("snort"); + // $savemsg = ""; + // $stopMsg = false; } $currentruleset = basename($rulefile); @@ -416,7 +416,8 @@ $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<body + link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> @@ -426,23 +427,26 @@ echo "{$snort_general_css}\n"; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <div class="body2"> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> <?php echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; -?> -<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?> +?> <?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?> </form> <script type="text/javascript" language="javascript" src="row_toggle.js"> <script src="/javascript/sorttable.js" type="text/javascript"> -</script> - -<script language="javascript" type="text/javascript"> +</script> <script language="javascript" type="text/javascript"> <!-- function go() { @@ -457,8 +461,7 @@ function go() location.href = destination; } // --> -</script> -<script type="text/javascript"> +</script> <script type="text/javascript"> <!-- function popup(url) { @@ -475,149 +478,153 @@ function popup(url) </script> <table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - -<?php -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; - echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; - echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; -?> - - </td> + <tr> + <td><?php + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; + echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; + echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; + ?></td> </tr> <tr> - <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - - </tr> - <tr> - <?php - - echo "<br>Category: "; - - //string for populating category select - $currentruleset = basename($rulefile); - - ?> - <form name="forms"> - <select name="selectbox" class="formfld" onChange="go()"> - <?php - $i=0; - foreach ($files as $value) - { - $selectedruleset = ""; - if ($files[$i] === $currentruleset) - $selectedruleset = "selected"; - ?> - <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" - <?php - $i++; - - } - ?> - </select> - </form> - </tr> - <?php - - $counter = 0; - $printcounter = 0; - - foreach ( $splitcontents as $value ) - { - - $counter++; - $disabled = "False"; - $comments = "False"; - - $tempstring = $splitcontents[$counter]; - $findme = "# alert"; //find string for disabled alerts - - //find alert - $disabled_pos = strstr($tempstring, $findme); - - - //do soemthing, this rule is enabled - $counter2 = 1; - - //retrieve sid value - $sid = get_middle($tempstring, 'sid:', ';', 0); - - //check to see if the sid is numberical - $is_sid_num = is_numeric($sid); - - //if SID is numerical, proceed - if ($is_sid_num) - { - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - } - else - { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - } - - if ($disabled_pos !== false){ - $ischecked = ""; - }else{ - $ischecked = "checked"; - } - - $rule_content = explode(' ', $tempstring); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = $rule_content[$counter2];//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = $rule_content[$counter2];//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($tempstring, 'msg: "')) - $message = get_middle($tempstring, 'msg: "', '";', 0); - if (strstr($tempstring, 'msg:"')) - $message = get_middle($tempstring, 'msg:"', '";', 0); - - echo "<tr> + <td> + <div id="mainarea2"> + <table id="maintable" class="tabcont" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="ruletable1" class="sortable" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdr">SID</td> + <td width="6%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="32%" class="listhdrr">Message</td> + + </tr> + <tr> + <?php + + echo "<br>Category: "; + + //string for populating category select + $currentruleset = basename($rulefile); + + ?> + <form name="forms"><select name="selectbox" class="formfld" + onChange="go()"> + <?php + $i=0; + foreach ($files as $value) + { + $selectedruleset = ""; + if ($files[$i] === $currentruleset) + $selectedruleset = "selected"; + ?> + <option + value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" + <?=$selectedruleset;?>><?=$files[$i];?></option> + " + <?php + $i++; + + } + ?> + </select></form> + </tr> + <?php + + $counter = 0; + $printcounter = 0; + + foreach ( $splitcontents as $value ) + { + + $counter++; + $disabled = "False"; + $comments = "False"; + + $tempstring = $splitcontents[$counter]; + $findme = "# alert"; //find string for disabled alerts + + //find alert + $disabled_pos = strstr($tempstring, $findme); + + + //do soemthing, this rule is enabled + $counter2 = 1; + + //retrieve sid value + $sid = get_middle($tempstring, 'sid:', ';', 0); + + //check to see if the sid is numberical + $is_sid_num = is_numeric($sid); + + //if SID is numerical, proceed + if ($is_sid_num) + { + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + } + else + { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + } + + if ($disabled_pos !== false){ + $ischecked = ""; + }else{ + $ischecked = "checked"; + } + + $rule_content = explode(' ', $tempstring); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = $rule_content[$counter2];//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = $rule_content[$counter2];//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + if (strstr($tempstring, 'msg: "')) + $message = get_middle($tempstring, 'msg: "', '";', 0); + if (strstr($tempstring, 'msg:"')) + $message = get_middle($tempstring, 'msg:"', '";', 0); + + echo "<tr> <td class=\"listt\"> $textss\n"; ?> - <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a> - <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> - <!-- TODO: add checkbox and save so that that disabling is nicer --> - <?php - echo "$textse + <a + href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img + src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" + width="10" height="10" border="0" + title="click to toggle enabled/disabled status"></a> + <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> + <!-- TODO: add checkbox and save so that that disabling is nicer --> + <?php + echo "$textse </td> <td class=\"listlr\"> $textss @@ -627,8 +634,8 @@ echo '</div>' . "\n"; <td class=\"listlr\"> $textss $protocol"; - ?> - <?php + ?> + <?php $printcounter++; echo "$textse </td> @@ -653,67 +660,78 @@ echo '</div>' . "\n"; $textse </td>"; ?> - <td class="listbg"><font color="white"> - <?php - echo "$textss - $message - $textse + <td class="listbg"><font color="white"> <?php + echo "$textss + $message + $textse </td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="javascript: void(0)"onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> - <!-- Codes by Quackit.com --> - </tr> - </table> - </td> - <?php - } - } - echo " There are $printcounter rules in this category. <br><br>"; - ?> - </table> - </td> - </tr> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - </tr> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <!-- TODO: add save and cancel for checkbox options --> - <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> - </tr> - </table> - <tr> - <td colspan="10"> - <p> - <!--<strong><span class="red">Warning:<br> + ?> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="javascript: void(0)" + onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + title="edit rule" width="17" height="17" border="0"></a></td> + <!-- Codes by Quackit.com --> + </tr> + </table> + </td> + <?php + } + } + echo " There are $printcounter rules in this category. <br><br>"; + ?> + + </table> + </td> + </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" + cellpadding="0"> + <tr> + <td width="16"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="11" height="11"></td> + <td>Rule Enabled</td> + </tr> + <tr> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" + width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" + cellpadding="0"> + <tr> + <!-- TODO: add save and cancel for checkbox options --> + <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> + </tr> + </table> + <tr> + <td colspan="10"> + <p><!--<strong><span class="red">Warning:<br> </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </table> - </td> - </tr> - + + </td> + </tr> + </table> + </table> + + </td> + </tr> + </table> </div> -<?php + <?php -include("fend.inc"); + include("fend.inc"); -echo $snort_custom_rnd_box; + echo $snort_custom_rnd_box; -?> + ?> -</div></body> +</div> +</body> </html> diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index f111536f..09e39e7a 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -1,40 +1,40 @@ <?php /* - system_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. - - Adapted for FreeNAS by Volker Theile (votdev@gmx.de) - Copyright (C) 2006-2009 Volker Theile - - Adapted for Pfsense Snort package by Robert Zelaya - Copyright (C) 2008-2009 Robert Zelaya - - Using dp.SyntaxHighlighter for syntax highlighting - http://www.dreamprojections.com/SyntaxHighlighter - Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + system_edit.php + Copyright (C) 2004, 2005 Scott Ullrich + All rights reserved. + + Adapted for FreeNAS by Volker Theile (votdev@gmx.de) + Copyright (C) 2006-2009 Volker Theile + + Adapted for Pfsense Snort package by Robert Zelaya + Copyright (C) 2008-2009 Robert Zelaya + + Using dp.SyntaxHighlighter for syntax highlighting + http://www.dreamprojections.com/SyntaxHighlighter + Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); @@ -49,12 +49,12 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; - +$id = $_POST['id']; + $ids = $_GET['ids']; if (isset($_POST['ids'])) - $ids = $_POST['ids']; - +$ids = $_POST['ids']; + if (isset($id) && $a_nat[$id]) { @@ -96,20 +96,20 @@ $tempstring = $splitcontents[$lineid]; function write_rule_file($content_changed, $received_file) { - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); - //delimiter for each new rule is a new line - $delimiter = "\n"; + //delimiter for each new rule is a new line + $delimiter = "\n"; - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); - //write data to file - fwrite($filehandle, $fullfile); + //write data to file + fwrite($filehandle, $fullfile); - //close file handle - fclose($filehandle); + //close file handle + fclose($filehandle); } @@ -117,7 +117,7 @@ function write_rule_file($content_changed, $received_file) if($_POST['highlight'] <> "") { if($_POST['highlight'] == "yes" or - $_POST['highlight'] == "enabled") { + $_POST['highlight'] == "enabled") { $highlight = "yes"; } else { $highlight = "no"; @@ -127,30 +127,30 @@ if($_POST['highlight'] <> "") { } if($_POST['rows'] <> "") - $rows = $_POST['rows']; +$rows = $_POST['rows']; else - $rows = 1; +$rows = 1; if($_POST['cols'] <> "") - $cols = $_POST['cols']; +$cols = $_POST['cols']; else - $cols = 66; +$cols = 66; if ($_POST) { if ($_POST['save']) { - + /* get the changes */ - $rule_content2 = $_POST['code']; - + $rule_content2 = $_POST['code']; + //copy string into file array for writing - $splitcontents[$lineid] = $rule_content2; - - //write the new .rules file - write_rule_file($splitcontents, $file); - - header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids"); - + $splitcontents[$lineid] = $rule_content2; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids"); + } } @@ -165,13 +165,12 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> - <form action="snort_view_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post"> - <?php if ($savemsg) print_info_box($savemsg);?> - - <?php - if ($file != '/usr/local/etc/snort/snort_update.log') - { - + <form + action="snort_view_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" + method="post"><?php if ($savemsg) print_info_box($savemsg);?> <?php + if ($file != '/usr/local/etc/snort/snort_update.log') + { + echo ' <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> <tr> @@ -179,9 +178,9 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> <hr noshade="noshade" /> ' . "\n"; - - echo 'Disable original rule :'; - + + echo 'Disable original rule :'; + echo ' <input id="highlighting_enabled" name="highlight2" type="radio" value="yes"'; if($highlight == "yes") echo " checked=\"checked\""; echo '/> <label for="highlighting_enabled">'; gettext("Enabled"); echo '</label> @@ -201,28 +200,29 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); </td> </tr> </table>'; - - } - ?> - - <table width='100%'> - <tr> - <td valign="top" class="label"> - <div style="background: #eeeeee;" id="textareaitem"> - <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea <? if ($file != '/usr/local/etc/snort/snort_update.log') { echo 'disabled'; } ?> wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea> - </div> - </td> - </tr> - </table> - <?php // include("formend.inc");?> - </form> - <? echo "$file\n"; ?> - </td> + + } + ?> + + <table width='100%'> + <tr> + <td valign="top" class="label"> + <div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea + <? if ($file != '/usr/local/etc/snort/snort_update.log') { echo 'disabled'; } ?> + wrap="off" style="width: 98%; margin: 7px;" + class="<?php echo $language; ?>:showcolumns" rows="33" + cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea> + </div> + </td> + </tr> + </table> + <?php // include("formend.inc");?></form> + <? echo "$file\n"; ?></td> </tr> </table> -<?php //include("fend.inc");?> + <?php //include("fend.inc");?> </body> </html> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index e7838c9f..42dc27e6 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -1,32 +1,32 @@ <?php /* $Id$ */ /* - snort_rulesets.php - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + snort_rulesets.php + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); @@ -42,8 +42,8 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; - +$id = $_POST['id']; + if (isset($id) && $a_nat[$id]) { @@ -66,34 +66,34 @@ $pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { -include("/usr/local/pkg/snort/snort_head.inc"); -include("fbegin.inc"); + include("/usr/local/pkg/snort/snort_head.inc"); + include("fbegin.inc"); -echo "<p class=\"pgtitle\">"; -if($pfsense_stable == 'yes'){echo $pgtitle;} -echo "</p>\n"; + echo "<p class=\"pgtitle\">"; + if($pfsense_stable == 'yes'){echo $pgtitle;} + echo "</p>\n"; -echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; -echo " + echo " <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n <tr>\n <td>\n"; - -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; + + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; -echo "</td>\n + echo "</td>\n </tr>\n <tr>\n <td>\n @@ -114,74 +114,75 @@ echo "</td>\n \n <p>\n\n"; -echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; -include("fend.inc"); + echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; + include("fend.inc"); -echo "</body>"; -echo "</html>"; + echo "</body>"; + echo "</html>"; -exit(0); + exit(0); } - /* alert file */ +/* alert file */ $d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists($d_snortconfdirty_path)) { + +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { - write_config(); + write_config(); - sync_snort_package_all($id, $if_real, $iface_uuid); - sync_snort_package(); + sync_snort_package_all($id, $if_real, $iface_uuid); + sync_snort_package(); - unlink($d_snortconfdirty_path); + unlink($d_snortconfdirty_path); - } - } - if ($_POST["Submit"]) { +} + +if ($_POST["Submit"]) { $enabled_items = ""; $isfirst = true; if (is_array($_POST['toenable'])) { - foreach($_POST['toenable'] as $toenable) { - if(!$isfirst) + foreach($_POST['toenable'] as $toenable) { + if(!$isfirst) $enabled_items .= "||"; - $enabled_items .= "{$toenable}"; - $isfirst = false; - } + $enabled_items .= "{$toenable}"; + $isfirst = false; + } }else{ - $enabled_items = $_POST['toenable']; + $enabled_items = $_POST['toenable']; } $a_nat[$id]['rulesets'] = $enabled_items; - + write_config(); - + touch($d_snortconfdirty_path); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - sync_snort_package_all($id, $if_real, $iface_uuid); - header("Location: /snort/snort_rulesets.php?id=$id"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + sync_snort_package_all($id, $if_real, $iface_uuid); + header("Location: /snort/snort_rulesets.php?id=$id"); } $enabled_rulesets = $a_nat[$id]['rulesets']; if($enabled_rulesets) - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); +$enabled_rulesets_array = split("\|\|", $enabled_rulesets); include("/usr/local/pkg/snort/snort_head.inc"); ?> -<body link="#000000" vlink="#000000" alink="#000000"> +<body + link="#000000" vlink="#000000" alink="#000000"> <?php include("fbegin.inc"); ?> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> @@ -191,120 +192,130 @@ echo "{$snort_general_css}\n"; ?> <!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +<div id="header-left2"><a href="../index.php" id="status-link2"><img + src="./images/transparent.gif" border="0"></img></a></div> <div class="body2"> -<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<noscript> +<div class="alert" ALIGN=CENTER><img + src="../themes/nervecenter/images/icons/icon_alert.gif" /><strong>Please +enable JavaScript to view this content +</CENTER></div> +</noscript> <?php echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; -?> - -<?php +?> <?php - /* Display message */ +/* Display message */ - if ($input_errors) { +if ($input_errors) { print_input_errors($input_errors); // TODO: add checks - } +} - if ($savemsg) { +if ($savemsg) { print_info_box2($savemsg); - } +} - if (file_exists($d_snortconfdirty_path)) { +if (file_exists($d_snortconfdirty_path)) { echo '<p>'; - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' The Snort configuration has changed and snort needs to be restarted on this interface.<br> You must apply the changes in order for them to take effect.<br> '); - } } +} ?> <table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - -<?php -echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; -echo '<!-- Tabbed bar code -->' . "\n"; -echo '<ul class="snorttabs">' . "\n"; - echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; - echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; - echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; - echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; -echo '</ul>' . "\n"; -echo '</div>' . "\n"; -?> - - </td> + <tr> + <td><?php + echo '<div class="snorttabs" style="margin:1px 0px; width:775px;">' . "\n"; + echo '<!-- Tabbed bar code -->' . "\n"; + echo '<ul class="snorttabs">' . "\n"; + echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n"; + echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n"; + echo "<li class=\"snorttabs_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n"; + echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n"; + echo '</ul>' . "\n"; + echo '</div>' . "\n"; + ?></td> </tr> - <tr> + <tr> <td> <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Enabled</td> - <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td> - <!-- <td class="listhdrr">Description</td> --> - </tr> -<?php - $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) { - $files[] = $filename; - } - sort($files); - foreach($files as $file) { - if(!stristr($file, ".rules")) - continue; - echo "<tr>\n"; - echo "<td align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) - if(in_array($file, $enabled_rulesets_array)) { - $CHECKED = " checked=\"checked\""; - } else { - $CHECKED = ""; - } - else - $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; - echo "</td>\n"; - echo "<td>\n"; - echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; - echo "</td>\n</tr>\n\n"; - //echo "<td>"; - //echo "description"; - //echo "</td>"; - } - -?> - </table> - </td> - </tr> - <tr><td> </td></tr> - <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> - <tr><td> </td></tr> - <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr> - </table> + <table id="maintable" class="tabcont" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" + cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Enabled</td> + <td class="listhdrr"><?php if($snort_arch == 'x86'){echo 'Ruleset: Rules that end with "so.rules" are shared object rules.';}else{echo 'Shared object rules are "so.rules" and not available on Pfsense 2.0 64 bit.';}?></td> + <!-- <td class="listhdrr">Description</td> --> + </tr> + <?php + $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + $files[] = $filename; + } + sort($files); + foreach($files as $file) { + if(!stristr($file, ".rules")) + continue; + echo "<tr>\n"; + echo "<td align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) + if(in_array($file, $enabled_rulesets_array)) { + $CHECKED = " checked=\"checked\""; + } else { + $CHECKED = ""; + } + else + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n</tr>\n\n"; + //echo "<td>"; + //echo "description"; + //echo "</td>"; + } + + ?> + </table> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td>Check the rulesets that you would like Snort to load at startup.</td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td><input value="Save" type="submit" name="Submit" id="Submit" /></td> + </tr> + </table> </div> - </td> - </tr> + </td> + </tr> </table> </form> @@ -313,20 +324,20 @@ echo '</div>' . "\n"; </div> -<?php + <?php -include("fend.inc"); + include("fend.inc"); -echo $snort_custom_rnd_box; + echo $snort_custom_rnd_box; -?> + ?> </body> </html> -<?php + <?php - function get_snort_rule_file_description($filename) { + function get_snort_rule_file_description($filename) { $filetext = file_get_contents($filename); } |