diff options
Diffstat (limited to 'config/snort')
54 files changed, 14222 insertions, 2898 deletions
diff --git a/config/snort/NOTES.txt b/config/snort/NOTES.txt new file mode 100644 index 00000000..b8c61c39 --- /dev/null +++ b/config/snort/NOTES.txt @@ -0,0 +1,17 @@ + + +March 26 2019 +Snort-dev 2.8.5.3 pk v. 18 final + +Final day. + +Odds and ends left. + +2.0 group snort gets lost on reboot. + +Pierre POMES code needs to be added. + +Threshold tab needs to be added. + + +Done. diff --git a/config/snort/bin/7.2.x86/barnyard2 b/config/snort/bin/7.2.x86/barnyard2 Binary files differnew file mode 100644 index 00000000..9266051c --- /dev/null +++ b/config/snort/bin/7.2.x86/barnyard2 diff --git a/config/snort/bin/8.0.x86/barnyard2 b/config/snort/bin/8.0.x86/barnyard2 Binary files differnew file mode 100755 index 00000000..43476338 --- /dev/null +++ b/config/snort/bin/8.0.x86/barnyard2 diff --git a/config/snort/bin/8.0.x86/md5_files b/config/snort/bin/8.0.x86/md5_files new file mode 100644 index 00000000..3b283d80 --- /dev/null +++ b/config/snort/bin/8.0.x86/md5_files @@ -0,0 +1,9 @@ +#For Freebsd 8.0 + + +MD5 (pcre-8.00.tbz) = 8a1ac82500efccefc6418856e27b6cc1 +MD5 (snort-2.8.5.3.tbz) = 826c15872c6d19bcbe2408fb34d165b9 +MD5 (perl-5.10.1.tbz) = f71020a8bd0f197c9bf70eb6d03b92af +MD5 (mysql-client-5.1.45.tbz) = 9cb5878ae922c3d4d0e31efe5712a90a +MD5 (barnyard2) = 4dbff13291a2b8c5018b7ab62f574bc8 + diff --git a/config/snort/bin/8.0.x86/md5_files~ b/config/snort/bin/8.0.x86/md5_files~ new file mode 100644 index 00000000..3b283d80 --- /dev/null +++ b/config/snort/bin/8.0.x86/md5_files~ @@ -0,0 +1,9 @@ +#For Freebsd 8.0 + + +MD5 (pcre-8.00.tbz) = 8a1ac82500efccefc6418856e27b6cc1 +MD5 (snort-2.8.5.3.tbz) = 826c15872c6d19bcbe2408fb34d165b9 +MD5 (perl-5.10.1.tbz) = f71020a8bd0f197c9bf70eb6d03b92af +MD5 (mysql-client-5.1.45.tbz) = 9cb5878ae922c3d4d0e31efe5712a90a +MD5 (barnyard2) = 4dbff13291a2b8c5018b7ab62f574bc8 + diff --git a/config/snort/bin/oinkmaster_contrib/snort_rename.pl b/config/snort/bin/oinkmaster_contrib/snort_rename.pl new file mode 100644 index 00000000..e5f0d39e --- /dev/null +++ b/config/snort/bin/oinkmaster_contrib/snort_rename.pl @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +#usage: rename perl_expression [files] +my $usage = qq{rename [-v] s/pat/repl/ [filenames...]\t (c)2001 hellweg\@snark.de +rename files read from the commandline or stdin + +License to use, modify and redistribute granted to each and every lifeform on +this planet (as long as credit to hellweg\@snark.de remains). No guarantee that +'rename' does or does not perform the way you want... + +} ; +$verbose = 0 ; +$quiet = 0 ; + +$op=shift || 0 ; +if($op eq "-v") { + $verbose++ ; $quiet = 0 ; + $op=shift || 0 ; +} +if($op eq "-q") { + $quiet++ ; $verbose = 0 ; + $op=shift || 0 ; +} +if($op =~ /^-h/) { + print $usage; exit(0) ; +} + +if(! $op) { + print $usage; exit(-1) ; +} + +if (!@ARGV) { + @ARGV = <STDIN>; +} + +$count=0 ; +my($m, $d, $y, $T) ; +for (@ARGV) { + chomp ; + if(-e $_) { + $was = $_; + if($op =~ /\$[Tdym]/) { + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime((stat($_))[9]); + $m = sprintf("%0.2i", $mon+1); + $d = sprintf("%0.2i", $mday); + $y = $year + 1900 ; + $T = "$y$m$d" ; + } + eval $op; + die $@ if $@; + if(-f $_) { print("! exists already: $was -> $_ \n") unless $quiet ; } + else { + if(rename($was, $_)) { + print("$was -> $_\n") if $verbose ; + $count++; + } else { + if(/\//) { + # maybe we need to create dirs? + my $createRes = createDirs($_) ; + if($createRes) { + print("! fauled to create $createRes for $_\n") + unless $quiet ; + } + else { # try again + if(rename($was, $_)) { + print("$was -> $_\n") if $verbose ; + $count++; + } else { + print("! failed to rename $was -> $_ \n") + unless $quiet ; + } + } + } + else { + print("! failed to rename $was -> $_ \n") unless $quiet ; + } + } + } + } + else { print("! not found: $_ \n") ; } +} +print("renamed $count files\n") if $verbose ; + + +sub createDirs { # return the dir we failed to create or 0 + my $file = shift ; + my @dirs = split /\//, $file ; + pop @dirs ; # don't try to mkdir the file itself + my $current = "" ; + $current = "/" if ($file =~ /^\//) ; + foreach (@dirs) { + $current .= $_ ; + if(! -d $current) { + mkdir $current, 0700 || return $current ; + print "mkdir $current\n" if ($verbose) ; + } + $current .= "/" ; + } + return 0 ; # success +} diff --git a/config/snort/bin/snort2c b/config/snort/bin/snort2c Binary files differindex fdc91ac8..fdc91ac8 100755..100644 --- a/config/snort/bin/snort2c +++ b/config/snort/bin/snort2c diff --git a/config/snort/css/style.css b/config/snort/css/style.css new file mode 100644 index 00000000..44568873 --- /dev/null +++ b/config/snort/css/style.css @@ -0,0 +1,153 @@ +/* Start of main css Pfsense */ +/* Start of main css Pfsense */ + +@charset "utf-8"; +.textstyle { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + font-style: normal; + background-color: #666; + color: #CCC; +} +.textstyle p2 a { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + font-style: normal; + color: #CCC; +} + +.textstyle p { + font-family: Arial, Helvetica, sans-serif; + font-size: 24px; + font-weight: bold; + color: #FFF; + text-decoration: underline; +} +.textstyle p2 { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + color: #CCC; +} + +/* Start of main css for table sort */ +/* Start of main css for table sort */ + +table { + margin: 0; + padding: 0; + border: 0; + font-weight: inherit; + font-style: inherit; + font-size: 9; + font-family: Arial, Helvetica, sans-serif; + vertical-align: baseline; +} + +/* Tables still need 'cellspacing="0"' in the markup. */ +table { border-collapse: separate; border-spacing: 0; } +caption, th, td { text-align: left; font-weight:400; } + +/* Remove possible quote marks (") from <q>, <blockquote>. */ +blockquote:before, blockquote:after, q:before, q:after { content: ""; } +blockquote, q { quotes: "" ""; } + +#container { + width: auto; + margin: 0px; + padding-top: 10px; + padding-bottom: 10px; +} + + + +/************************************************************** + + Sortable Table + v 1.4 + +**************************************************************/ + + + +th { + background-color: #eee; + background: #eee url(/snort/images/icon-table-sort.png) no-repeat 2px 8px; + padding: 4px 4px 4px 14px; +} + +.allRow { + background-color: #eee; + padding: 4px; +} + +tr.altRow { + background-color: #fff; +} + +.leftAlign { + text-align: left; +} + +.centerAlign { + text-align: center; +} + +.rightAlign { + text-align: right; +} + +.sortedASC { + background: url(/snort/images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; +} + +.sortedDESC { + background: url(/snort/images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; +} + +.tableHeaderOver { + cursor: pointer; + color: #354158; +} + + +tr.selected { + background-color: 9999ff; + color: #000000; +} + +tr.over { + background-color: #993333; + color: #fff; + cursor: pointer; +} + +tr.hide { + display: none; +} +/***************************/ + +.mainTableFilter { + position: absolute; + top: 0; + left: -10px; + width: auto; +} + +.tableFilter { + border: 1px solid #ccc; + padding: 2px; + margin: 5px 0 10px 0; +} + +.tableFilter input { + border: 1px solid #ccc; +} + +.tableFilter select { + border: 1px solid #ccc; +} + + +/*************************************************************/ + + diff --git a/config/snort/css/style2.css b/config/snort/css/style2.css new file mode 100644 index 00000000..d7a1616c --- /dev/null +++ b/config/snort/css/style2.css @@ -0,0 +1,111 @@ +/* ----------------------------------- +general +----------------------------------- */ + +body +{ + margin: 0px; + padding: 0px; + font: 100%/1.4 helvetica, arial, sans-serif; + color: #444; + background: #fff; +} + +h1, h2, h3, h4, h5, h6 +{ + margin: 0 0 1em; + line-height: 1.1; +} + +h2, h3 { color: #003d5d; } +h2 { font-size: 218.75%; } + + +p +{ +margin-top: 35pt; +margin-right: 0pt; +margin-bottom: -25px; +margin-left: 0pt; +text-indent: 25px; +} + +img { border: none; } +a:link { color: #035389; } +a:visited { color: #09619C; } + +/* ----------------------------------- +Play Hide the tab +----------------------------------- */ + +div.items p:not(:target) {display: none} +div.items p:target {display: block} + + +/* ----------------------------------- +layout +----------------------------------- */ + +#container +{ + margin: 0 0px; + background: #fff; +} + +#header +{ + background: #fff; +} + +#header h1 { margin: 0; } + +#navigation +{ + float: left; + width: 100%; + background: #333; +} + +#navigation ul +{ + margin: 0; + padding: 0; +} + +#navigation ul li +{ + list-style-type: none; + display: inline; +} + +#navigation li a +{ + display: block; + float: left; + padding: 5px 10px; + color: #fff; + text-decoration: none; + border-right: 1px solid #fff; +} + +#navigation li a:hover +{ + background-color: #3366cc; + background-image: none; + background-repeat: repeat; + background-attachment: scroll; + background-position: 0% 0%; +} + +#content +{ + clear: left; + padding: 20px; +} + +#content h2 +{ + color: #000; + font-size: 160%; + margin: 0 0 .5em; +}
\ No newline at end of file diff --git a/config/snort/help_and_info.php b/config/snort/help_and_info.php new file mode 100644 index 00000000..0f4a0c9f --- /dev/null +++ b/config/snort/help_and_info.php @@ -0,0 +1,196 @@ +<?php + + require_once("guiconfig.inc"); + +echo ' +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<title>Help & Info</title> +<base target="main"> +<script src="./javascript/tabs.js" type="text/javascript"></script> +<link href="./css/style2.css" rel="stylesheet" type="text/css" /> +</head> + +<body> + +<style type="text/css"> +</style> + +<div id="container"> + <div id="header"> + <IMG SRC="./images/logo.jpg" width="780px" height="76" ALT="Snort Package"> + </div> + <div class="navigation" id="navigation"> + <ul> + <li><a href="#item1" target="_self">Home</a></li> + <li><a href="#item2" target="_self">About Me</a></li> + <li><a href="#item3" target="_self">Services</a></li> + <li><a href="#item4" target="_self">Change Log</a></li> + <li><a href="#item7" target="_self">Faq</a></li> + <li><a href="#item6" target="_self">Heros</a></li> + <li><a href="#item5" target="_self">Developers</a></li> + </ul> + </div> + <br> +<div class="content" id="item1"> + <p> + <font size="5"><strong>Snort Package</strong></font> is a GUI based front-end for Sourcefire\'s Snort ® IDS/IPS software. The Snort Package goal is to be + the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for + network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create + software. + </p> + <p> + <font size="5"><strong>What is Snort ?</strong></font> Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and + can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port + scans, CGI attacks, SMB probes, and much more. + </p> + <p> + <font size="5"><strong>Requirements :</strong></font><br> + Minimum requirement 256 mb ram, 500 MHz CPU.<br> + Recommended 500 mb ram, 1 Ghz CPU.<br> + The more rules you run the more memory you need.<br> + The more interfaces you select the more memory you need.<br><br> + Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). + </p> +</div> +<div class="content" id="item2"> + <p> +About Me<br><br> +Coming soon............ + +</p> +</div> +<div class="content" id="item3"> + <p> +Services<br><br> +Coming soon............ +</p> +</div> +<div class="content" id="item4"> +<p> +Change Log<br><br> +Coming soon............ +</p> +</div> +<div class="content" id="item5"> +<p> +<font size="5"><strong>PfSense</strong></font> is brought to you by a dedicated group of developers who are security and network professionals by trade. The following people are active developers of the pfSense project. +Username is listed in parenthesis (generally also the person\'s forum username, IRC nickname, etc.).<br><br> + +<font size="5"><strong>Main Snort-dev Package Developer</strong></font><br> +Robert Zelaya<br><br> + +<font size="5"><strong>Founders</strong></font><br> +In alphabetical order<br><br> + +Chris Buechler (cmb)<br> +Scott Ullrich (sullrich)<br><br> + +<font size="5"><strong>Active Developers</strong></font><br> +Listed in order of seniority along with date of first contribution.<br><br> + +Bill Marquette (billm) - February 2005<br> +Holger Bauer (hoba) - May 2005<br> +Erik Kristensen (ekristen) - August 2005<br> +Seth Mos (smos) - November 2005<br> +Scott Dale (sdale) - December 2006<br> +Martin Fuchs (mfuchs) - June 2007<br> +Ermal Luçi (ermal) - January 2008<br> +Matthew Grooms (mgrooms) - July 2008<br> +Mark Crane (mcrane) - October 2008<br> +Jim Pingle (jim-p) - February 2009<br> +Rob Zelaya (robiscool) - March 2009<br> +Renato Botelho (rbgarga) - May 2009<br><br> + +<font size="5"><strong>FreeBSD Developer Assistance</strong></font><br> +We would like to thank the following FreeBSD developers for their assistance.<br><br> + +Max Laier (mlaier)<br> +Christian S.J. Peron (csjp)<br> +Andrew Thompson (thompsa)<br> +Bjoern A. Zeeb (bz)<br><br> + +among many others who help us directly, and everyone who contributes to FreeBSD.<br><br> + +<font size="5"><strong>Inactive Developers</strong></font><br> +The following individuals are no longer active contributors, having moved on because of other commitments, or employers forbidding contributions. We thank them for their past contributions.<br><br> + +Daniel Berlin (dberlin)<br> +Daniel Haischt (dsh)<br> +Espen Johansen (lsf)<br> +Scott Kamp (dingo)<br> +Bachman Kharazmi (bkw)<br> +Fernando Tarlá Cardoso Lemos (fernando)<br> +Kyle Mott (kyle)<br> +Colin Smith (colin)<br> +</p> +</div> +<div class="content" id="item6"> +<p> +Heros<br><br> +Coming soon............ +</p> +</div> +<div class="content" id="item7"> +<p> +=========================<br> + +Q: Do you have a quick install tutorial and tabs explanation.<br> + +A: Yes.<br> + + http://doc.pfsense.org/index.php/Setup_Snort_Package<br> + +=========================<br> + +Q: What interfaces can snort listen on ?<br> + +A: Right now all WAN interfaces and LAN interfaces. But if you select a LAN interface you may need to adjust the snort rules to use the LAN interface.<br> + +==========================<br> + +Q: What logs does the snort package keep. ?<br> + +A: Most of the snort logs are keept in the /var/log/snort.<br> + Snorts syslogs\' are saved to the /var/log/snort/snort_sys_0ng0.<br> + +==========================<br> + +Q: What is the best Performance setting ? or Snort is using 90% cpu and all my memory.<br> + +A: Depends how much memory you have and how many rules you want to run.; lowmem for systems with less than 256 mb memory, ac-bnfa for systems<br> + with over 256 mb of memory. The other options are; ac high memory, best performance, ac-std moderate memory, high performance,acs small<br> + memory, moderate performance,ac-banded small memory,moderate performance,ac-sparsebands small memory, high performance.<br> + + Short version: For most people ac-bnfa is the best setting.<br> + +=========================<br> + +Q: What is the Oinkmaster code ? How do I get the code ?<br> + +A: The Oinkmaster code is your personal password in order to download snort rules.<br> + You get a Oinkmaster code when you register with snort.org. It is free to register.<br> + Goto https://www.snort.org/signup to get your personal code.<br> + +=========================<br> + +Q: What is the Snort.org subscriber option? How do I become a Snort.org subscriber?<br> + +A: Snort.org subscribers get the the latest rule updates 30 days faster than registered users.<br> + Goto http://www.snort.org/vrt/buy-a-subscription/. + It is highly suggested that you get a paid subscription so that you can always have the latest rules.<br> + +=========================<br> + +Q: When did you start working on the snort package.<br> + +A: I started working on the snort package in May 2009.<br> +</p> +</div> +</div> +</body> +</html> +'; +?>
\ No newline at end of file diff --git a/config/snort/images/alert.jpg b/config/snort/images/alert.jpg Binary files differnew file mode 100644 index 00000000..96c24e35 --- /dev/null +++ b/config/snort/images/alert.jpg diff --git a/config/snort/images/down.gif b/config/snort/images/down.gif Binary files differnew file mode 100644 index 00000000..2b3c99fc --- /dev/null +++ b/config/snort/images/down.gif diff --git a/config/snort/images/down2.gif b/config/snort/images/down2.gif Binary files differnew file mode 100644 index 00000000..71bf92eb --- /dev/null +++ b/config/snort/images/down2.gif diff --git a/config/snort/images/footer.jpg b/config/snort/images/footer.jpg Binary files differnew file mode 100644 index 00000000..4af05707 --- /dev/null +++ b/config/snort/images/footer.jpg diff --git a/config/snort/images/footer2.jpg b/config/snort/images/footer2.jpg Binary files differnew file mode 100644 index 00000000..3332e085 --- /dev/null +++ b/config/snort/images/footer2.jpg diff --git a/config/snort/images/icon-table-sort-asc.png b/config/snort/images/icon-table-sort-asc.png Binary files differnew file mode 100644 index 00000000..0c127919 --- /dev/null +++ b/config/snort/images/icon-table-sort-asc.png diff --git a/config/snort/images/icon-table-sort-desc.png b/config/snort/images/icon-table-sort-desc.png Binary files differnew file mode 100644 index 00000000..5c52f2d0 --- /dev/null +++ b/config/snort/images/icon-table-sort-desc.png diff --git a/config/snort/images/icon-table-sort.png b/config/snort/images/icon-table-sort.png Binary files differnew file mode 100644 index 00000000..3cae604b --- /dev/null +++ b/config/snort/images/icon-table-sort.png diff --git a/config/snort/images/icon_excli.png b/config/snort/images/icon_excli.png Binary files differnew file mode 100644 index 00000000..4b54fa31 --- /dev/null +++ b/config/snort/images/icon_excli.png diff --git a/config/snort/images/logo.jpg b/config/snort/images/logo.jpg Binary files differnew file mode 100644 index 00000000..fa01d818 --- /dev/null +++ b/config/snort/images/logo.jpg diff --git a/config/snort/images/up.gif b/config/snort/images/up.gif Binary files differnew file mode 100644 index 00000000..89596771 --- /dev/null +++ b/config/snort/images/up.gif diff --git a/config/snort/images/up2.gif b/config/snort/images/up2.gif Binary files differnew file mode 100644 index 00000000..21c5a254 --- /dev/null +++ b/config/snort/images/up2.gif diff --git a/config/snort/javascript/jquery-1.3.2.js b/config/snort/javascript/jquery-1.3.2.js new file mode 100644 index 00000000..59b71d25 --- /dev/null +++ b/config/snort/javascript/jquery-1.3.2.js @@ -0,0 +1,4376 @@ +/*! + * jQuery JavaScript Library v1.3.2 + * http://jquery.com/ + * + * Copyright (c) 2009 John Resig + * Dual licensed under the MIT and GPL licenses. + * http://docs.jquery.com/License + * + * Date: 2009-02-19 17:34:21 -0500 (Thu, 19 Feb 2009) + * Revision: 6246 + */ +(function(){ + +var + // Will speed up references to window, and allows munging its name. + window = this, + // Will speed up references to undefined, and allows munging its name. + undefined, + // Map over jQuery in case of overwrite + _jQuery = window.jQuery, + // Map over the $ in case of overwrite + _$ = window.$, + + jQuery = window.jQuery = window.$ = function( selector, context ) { + // The jQuery object is actually just the init constructor 'enhanced' + return new jQuery.fn.init( selector, context ); + }, + + // A simple way to check for HTML strings or ID strings + // (both of which we optimize for) + quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, + // Is it a simple selector + isSimple = /^.[^:#\[\.,]*$/; + +jQuery.fn = jQuery.prototype = { + init: function( selector, context ) { + // Make sure that a selection was provided + selector = selector || document; + + // Handle $(DOMElement) + if ( selector.nodeType ) { + this[0] = selector; + this.length = 1; + this.context = selector; + return this; + } + // Handle HTML strings + if ( typeof selector === "string" ) { + // Are we dealing with HTML string or an ID? + var match = quickExpr.exec( selector ); + + // Verify a match, and that no context was specified for #id + if ( match && (match[1] || !context) ) { + + // HANDLE: $(html) -> $(array) + if ( match[1] ) + selector = jQuery.clean( [ match[1] ], context ); + + // HANDLE: $("#id") + else { + var elem = document.getElementById( match[3] ); + + // Handle the case where IE and Opera return items + // by name instead of ID + if ( elem && elem.id != match[3] ) + return jQuery().find( selector ); + + // Otherwise, we inject the element directly into the jQuery object + var ret = jQuery( elem || [] ); + ret.context = document; + ret.selector = selector; + return ret; + } + + // HANDLE: $(expr, [context]) + // (which is just equivalent to: $(content).find(expr) + } else + return jQuery( context ).find( selector ); + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( jQuery.isFunction( selector ) ) + return jQuery( document ).ready( selector ); + + // Make sure that old selector state is passed along + if ( selector.selector && selector.context ) { + this.selector = selector.selector; + this.context = selector.context; + } + + return this.setArray(jQuery.isArray( selector ) ? + selector : + jQuery.makeArray(selector)); + }, + + // Start with an empty selector + selector: "", + + // The current version of jQuery being used + jquery: "1.3.2", + + // The number of elements contained in the matched element set + size: function() { + return this.length; + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + return num === undefined ? + + // Return a 'clean' array + Array.prototype.slice.call( this ) : + + // Return just the object + this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems, name, selector ) { + // Build a new jQuery matched element set + var ret = jQuery( elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + ret.context = this.context; + + if ( name === "find" ) + ret.selector = this.selector + (this.selector ? " " : "") + selector; + else if ( name ) + ret.selector = this.selector + "." + name + "(" + selector + ")"; + + // Return the newly-formed element set + return ret; + }, + + // Force the current matched set of elements to become + // the specified array of elements (destroying the stack in the process) + // You should use pushStack() in order to do this, but maintain the stack + setArray: function( elems ) { + // Resetting the length to 0, then using the native Array push + // is a super-fast way to populate an object with array-like properties + this.length = 0; + Array.prototype.push.apply( this, elems ); + + return this; + }, + + // Execute a callback for every element in the matched set. + // (You can seed the arguments with an array of args, but this is + // only used internally.) + each: function( callback, args ) { + return jQuery.each( this, callback, args ); + }, + + // Determine the position of an element within + // the matched set of elements + index: function( elem ) { + // Locate the position of the desired element + return jQuery.inArray( + // If it receives a jQuery object, the first element is used + elem && elem.jquery ? elem[0] : elem + , this ); + }, + + attr: function( name, value, type ) { + var options = name; + + // Look for the case where we're accessing a style value + if ( typeof name === "string" ) + if ( value === undefined ) + return this[0] && jQuery[ type || "attr" ]( this[0], name ); + + else { + options = {}; + options[ name ] = value; + } + + // Check to see if we're setting style values + return this.each(function(i){ + // Set all the styles + for ( name in options ) + jQuery.attr( + type ? + this.style : + this, + name, jQuery.prop( this, options[ name ], type, i, name ) + ); + }); + }, + + css: function( key, value ) { + // ignore negative width and height values + if ( (key == 'width' || key == 'height') && parseFloat(value) < 0 ) + value = undefined; + return this.attr( key, value, "curCSS" ); + }, + + text: function( text ) { + if ( typeof text !== "object" && text != null ) + return this.empty().append( (this[0] && this[0].ownerDocument || document).createTextNode( text ) ); + + var ret = ""; + + jQuery.each( text || this, function(){ + jQuery.each( this.childNodes, function(){ + if ( this.nodeType != 8 ) + ret += this.nodeType != 1 ? + this.nodeValue : + jQuery.fn.text( [ this ] ); + }); + }); + + return ret; + }, + + wrapAll: function( html ) { + if ( this[0] ) { + // The elements to wrap the target around + var wrap = jQuery( html, this[0].ownerDocument ).clone(); + + if ( this[0].parentNode ) + wrap.insertBefore( this[0] ); + + wrap.map(function(){ + var elem = this; + + while ( elem.firstChild ) + elem = elem.firstChild; + + return elem; + }).append(this); + } + + return this; + }, + + wrapInner: function( html ) { + return this.each(function(){ + jQuery( this ).contents().wrapAll( html ); + }); + }, + + wrap: function( html ) { + return this.each(function(){ + jQuery( this ).wrapAll( html ); + }); + }, + + append: function() { + return this.domManip(arguments, true, function(elem){ + if (this.nodeType == 1) + this.appendChild( elem ); + }); + }, + + prepend: function() { + return this.domManip(arguments, true, function(elem){ + if (this.nodeType == 1) + this.insertBefore( elem, this.firstChild ); + }); + }, + + before: function() { + return this.domManip(arguments, false, function(elem){ + this.parentNode.insertBefore( elem, this ); + }); + }, + + after: function() { + return this.domManip(arguments, false, function(elem){ + this.parentNode.insertBefore( elem, this.nextSibling ); + }); + }, + + end: function() { + return this.prevObject || jQuery( [] ); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: [].push, + sort: [].sort, + splice: [].splice, + + find: function( selector ) { + if ( this.length === 1 ) { + var ret = this.pushStack( [], "find", selector ); + ret.length = 0; + jQuery.find( selector, this[0], ret ); + return ret; + } else { + return this.pushStack( jQuery.unique(jQuery.map(this, function(elem){ + return jQuery.find( selector, elem ); + })), "find", selector ); + } + }, + + clone: function( events ) { + // Do the clone + var ret = this.map(function(){ + if ( !jQuery.support.noCloneEvent && !jQuery.isXMLDoc(this) ) { + // IE copies events bound via attachEvent when + // using cloneNode. Calling detachEvent on the + // clone will also remove the events from the orignal + // In order to get around this, we use innerHTML. + // Unfortunately, this means some modifications to + // attributes in IE that are actually only stored + // as properties will not be copied (such as the + // the name attribute on an input). + var html = this.outerHTML; + if ( !html ) { + var div = this.ownerDocument.createElement("div"); + div.appendChild( this.cloneNode(true) ); + html = div.innerHTML; + } + + return jQuery.clean([html.replace(/ jQuery\d+="(?:\d+|null)"/g, "").replace(/^\s*/, "")])[0]; + } else + return this.cloneNode(true); + }); + + // Copy the events from the original to the clone + if ( events === true ) { + var orig = this.find("*").andSelf(), i = 0; + + ret.find("*").andSelf().each(function(){ + if ( this.nodeName !== orig[i].nodeName ) + return; + + var events = jQuery.data( orig[i], "events" ); + + for ( var type in events ) { + for ( var handler in events[ type ] ) { + jQuery.event.add( this, type, events[ type ][ handler ], events[ type ][ handler ].data ); + } + } + + i++; + }); + } + + // Return the cloned set + return ret; + }, + + filter: function( selector ) { + return this.pushStack( + jQuery.isFunction( selector ) && + jQuery.grep(this, function(elem, i){ + return selector.call( elem, i ); + }) || + + jQuery.multiFilter( selector, jQuery.grep(this, function(elem){ + return elem.nodeType === 1; + }) ), "filter", selector ); + }, + + closest: function( selector ) { + var pos = jQuery.expr.match.POS.test( selector ) ? jQuery(selector) : null, + closer = 0; + + return this.map(function(){ + var cur = this; + while ( cur && cur.ownerDocument ) { + if ( pos ? pos.index(cur) > -1 : jQuery(cur).is(selector) ) { + jQuery.data(cur, "closest", closer); + return cur; + } + cur = cur.parentNode; + closer++; + } + }); + }, + + not: function( selector ) { + if ( typeof selector === "string" ) + // test special case where just one selector is passed in + if ( isSimple.test( selector ) ) + return this.pushStack( jQuery.multiFilter( selector, this, true ), "not", selector ); + else + selector = jQuery.multiFilter( selector, this ); + + var isArrayLike = selector.length && selector[selector.length - 1] !== undefined && !selector.nodeType; + return this.filter(function() { + return isArrayLike ? jQuery.inArray( this, selector ) < 0 : this != selector; + }); + }, + + add: function( selector ) { + return this.pushStack( jQuery.unique( jQuery.merge( + this.get(), + typeof selector === "string" ? + jQuery( selector ) : + jQuery.makeArray( selector ) + ))); + }, + + is: function( selector ) { + return !!selector && jQuery.multiFilter( selector, this ).length > 0; + }, + + hasClass: function( selector ) { + return !!selector && this.is( "." + selector ); + }, + + val: function( value ) { + if ( value === undefined ) { + var elem = this[0]; + + if ( elem ) { + if( jQuery.nodeName( elem, 'option' ) ) + return (elem.attributes.value || {}).specified ? elem.value : elem.text; + + // We need to handle select boxes special + if ( jQuery.nodeName( elem, "select" ) ) { + var index = elem.selectedIndex, + values = [], + options = elem.options, + one = elem.type == "select-one"; + + // Nothing was selected + if ( index < 0 ) + return null; + + // Loop through all the selected options + for ( var i = one ? index : 0, max = one ? index + 1 : options.length; i < max; i++ ) { + var option = options[ i ]; + + if ( option.selected ) { + // Get the specifc value for the option + value = jQuery(option).val(); + + // We don't need an array for one selects + if ( one ) + return value; + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + } + + // Everything else, we just grab the value + return (elem.value || "").replace(/\r/g, ""); + + } + + return undefined; + } + + if ( typeof value === "number" ) + value += ''; + + return this.each(function(){ + if ( this.nodeType != 1 ) + return; + + if ( jQuery.isArray(value) && /radio|checkbox/.test( this.type ) ) + this.checked = (jQuery.inArray(this.value, value) >= 0 || + jQuery.inArray(this.name, value) >= 0); + + else if ( jQuery.nodeName( this, "select" ) ) { + var values = jQuery.makeArray(value); + + jQuery( "option", this ).each(function(){ + this.selected = (jQuery.inArray( this.value, values ) >= 0 || + jQuery.inArray( this.text, values ) >= 0); + }); + + if ( !values.length ) + this.selectedIndex = -1; + + } else + this.value = value; + }); + }, + + html: function( value ) { + return value === undefined ? + (this[0] ? + this[0].innerHTML.replace(/ jQuery\d+="(?:\d+|null)"/g, "") : + null) : + this.empty().append( value ); + }, + + replaceWith: function( value ) { + return this.after( value ).remove(); + }, + + eq: function( i ) { + return this.slice( i, +i + 1 ); + }, + + slice: function() { + return this.pushStack( Array.prototype.slice.apply( this, arguments ), + "slice", Array.prototype.slice.call(arguments).join(",") ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map(this, function(elem, i){ + return callback.call( elem, i, elem ); + })); + }, + + andSelf: function() { + return this.add( this.prevObject ); + }, + + domManip: function( args, table, callback ) { + if ( this[0] ) { + var fragment = (this[0].ownerDocument || this[0]).createDocumentFragment(), + scripts = jQuery.clean( args, (this[0].ownerDocument || this[0]), fragment ), + first = fragment.firstChild; + + if ( first ) + for ( var i = 0, l = this.length; i < l; i++ ) + callback.call( root(this[i], first), this.length > 1 || i > 0 ? + fragment.cloneNode(true) : fragment ); + + if ( scripts ) + jQuery.each( scripts, evalScript ); + } + + return this; + + function root( elem, cur ) { + return table && jQuery.nodeName(elem, "table") && jQuery.nodeName(cur, "tr") ? + (elem.getElementsByTagName("tbody")[0] || + elem.appendChild(elem.ownerDocument.createElement("tbody"))) : + elem; + } + } +}; + +// Give the init function the jQuery prototype for later instantiation +jQuery.fn.init.prototype = jQuery.fn; + +function evalScript( i, elem ) { + if ( elem.src ) + jQuery.ajax({ + url: elem.src, + async: false, + dataType: "script" + }); + + else + jQuery.globalEval( elem.text || elem.textContent || elem.innerHTML || "" ); + + if ( elem.parentNode ) + elem.parentNode.removeChild( elem ); +} + +function now(){ + return +new Date; +} + +jQuery.extend = jQuery.fn.extend = function() { + // copy reference to target object + var target = arguments[0] || {}, i = 1, length = arguments.length, deep = false, options; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + target = arguments[1] || {}; + // skip the boolean and the target + i = 2; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !jQuery.isFunction(target) ) + target = {}; + + // extend jQuery itself if only one argument is passed + if ( length == i ) { + target = this; + --i; + } + + for ( ; i < length; i++ ) + // Only deal with non-null/undefined values + if ( (options = arguments[ i ]) != null ) + // Extend the base object + for ( var name in options ) { + var src = target[ name ], copy = options[ name ]; + + // Prevent never-ending loop + if ( target === copy ) + continue; + + // Recurse if we're merging object values + if ( deep && copy && typeof copy === "object" && !copy.nodeType ) + target[ name ] = jQuery.extend( deep, + // Never move original objects, clone them + src || ( copy.length != null ? [ ] : { } ) + , copy ); + + // Don't bring in undefined values + else if ( copy !== undefined ) + target[ name ] = copy; + + } + + // Return the modified object + return target; +}; + +// exclude the following css properties to add px +var exclude = /z-?index|font-?weight|opacity|zoom|line-?height/i, + // cache defaultView + defaultView = document.defaultView || {}, + toString = Object.prototype.toString; + +jQuery.extend({ + noConflict: function( deep ) { + window.$ = _$; + + if ( deep ) + window.jQuery = _jQuery; + + return jQuery; + }, + + // See test/unit/core.js for details concerning isFunction. + // Since version 1.3, DOM methods and functions like alert + // aren't supported. They return false on IE (#2968). + isFunction: function( obj ) { + return toString.call(obj) === "[object Function]"; + }, + + isArray: function( obj ) { + return toString.call(obj) === "[object Array]"; + }, + + // check if an element is in a (or is an) XML document + isXMLDoc: function( elem ) { + return elem.nodeType === 9 && elem.documentElement.nodeName !== "HTML" || + !!elem.ownerDocument && jQuery.isXMLDoc( elem.ownerDocument ); + }, + + // Evalulates a script in a global context + globalEval: function( data ) { + if ( data && /\S/.test(data) ) { + // Inspired by code by Andrea Giammarchi + // http://webreflection.blogspot.com/2007/08/global-scope-evaluation-and-dom.html + var head = document.getElementsByTagName("head")[0] || document.documentElement, + script = document.createElement("script"); + + script.type = "text/javascript"; + if ( jQuery.support.scriptEval ) + script.appendChild( document.createTextNode( data ) ); + else + script.text = data; + + // Use insertBefore instead of appendChild to circumvent an IE6 bug. + // This arises when a base node is used (#2709). + head.insertBefore( script, head.firstChild ); + head.removeChild( script ); + } + }, + + nodeName: function( elem, name ) { + return elem.nodeName && elem.nodeName.toUpperCase() == name.toUpperCase(); + }, + + // args is for internal usage only + each: function( object, callback, args ) { + var name, i = 0, length = object.length; + + if ( args ) { + if ( length === undefined ) { + for ( name in object ) + if ( callback.apply( object[ name ], args ) === false ) + break; + } else + for ( ; i < length; ) + if ( callback.apply( object[ i++ ], args ) === false ) + break; + + // A special, fast, case for the most common use of each + } else { + if ( length === undefined ) { + for ( name in object ) + if ( callback.call( object[ name ], name, object[ name ] ) === false ) + break; + } else + for ( var value = object[0]; + i < length && callback.call( value, i, value ) !== false; value = object[++i] ){} + } + + return object; + }, + + prop: function( elem, value, type, i, name ) { + // Handle executable functions + if ( jQuery.isFunction( value ) ) + value = value.call( elem, i ); + + // Handle passing in a number to a CSS property + return typeof value === "number" && type == "curCSS" && !exclude.test( name ) ? + value + "px" : + value; + }, + + className: { + // internal only, use addClass("class") + add: function( elem, classNames ) { + jQuery.each((classNames || "").split(/\s+/), function(i, className){ + if ( elem.nodeType == 1 && !jQuery.className.has( elem.className, className ) ) + elem.className += (elem.className ? " " : "") + className; + }); + }, + + // internal only, use removeClass("class") + remove: function( elem, classNames ) { + if (elem.nodeType == 1) + elem.className = classNames !== undefined ? + jQuery.grep(elem.className.split(/\s+/), function(className){ + return !jQuery.className.has( classNames, className ); + }).join(" ") : + ""; + }, + + // internal only, use hasClass("class") + has: function( elem, className ) { + return elem && jQuery.inArray( className, (elem.className || elem).toString().split(/\s+/) ) > -1; + } + }, + + // A method for quickly swapping in/out CSS properties to get correct calculations + swap: function( elem, options, callback ) { + var old = {}; + // Remember the old values, and insert the new ones + for ( var name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + callback.call( elem ); + + // Revert the old values + for ( var name in options ) + elem.style[ name ] = old[ name ]; + }, + + css: function( elem, name, force, extra ) { + if ( name == "width" || name == "height" ) { + var val, props = { position: "absolute", visibility: "hidden", display:"block" }, which = name == "width" ? [ "Left", "Right" ] : [ "Top", "Bottom" ]; + + function getWH() { + val = name == "width" ? elem.offsetWidth : elem.offsetHeight; + + if ( extra === "border" ) + return; + + jQuery.each( which, function() { + if ( !extra ) + val -= parseFloat(jQuery.curCSS( elem, "padding" + this, true)) || 0; + if ( extra === "margin" ) + val += parseFloat(jQuery.curCSS( elem, "margin" + this, true)) || 0; + else + val -= parseFloat(jQuery.curCSS( elem, "border" + this + "Width", true)) || 0; + }); + } + + if ( elem.offsetWidth !== 0 ) + getWH(); + else + jQuery.swap( elem, props, getWH ); + + return Math.max(0, Math.round(val)); + } + + return jQuery.curCSS( elem, name, force ); + }, + + curCSS: function( elem, name, force ) { + var ret, style = elem.style; + + // We need to handle opacity special in IE + if ( name == "opacity" && !jQuery.support.opacity ) { + ret = jQuery.attr( style, "opacity" ); + + return ret == "" ? + "1" : + ret; + } + + // Make sure we're using the right name for getting the float value + if ( name.match( /float/i ) ) + name = styleFloat; + + if ( !force && style && style[ name ] ) + ret = style[ name ]; + + else if ( defaultView.getComputedStyle ) { + + // Only "float" is needed here + if ( name.match( /float/i ) ) + name = "float"; + + name = name.replace( /([A-Z])/g, "-$1" ).toLowerCase(); + + var computedStyle = defaultView.getComputedStyle( elem, null ); + + if ( computedStyle ) + ret = computedStyle.getPropertyValue( name ); + + // We should always get a number back from opacity + if ( name == "opacity" && ret == "" ) + ret = "1"; + + } else if ( elem.currentStyle ) { + var camelCase = name.replace(/\-(\w)/g, function(all, letter){ + return letter.toUpperCase(); + }); + + ret = elem.currentStyle[ name ] || elem.currentStyle[ camelCase ]; + + // From the awesome hack by Dean Edwards + // http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 + + // If we're not dealing with a regular pixel number + // but a number that has a weird ending, we need to convert it to pixels + if ( !/^\d+(px)?$/i.test( ret ) && /^\d/.test( ret ) ) { + // Remember the original values + var left = style.left, rsLeft = elem.runtimeStyle.left; + + // Put in the new values to get a computed value out + elem.runtimeStyle.left = elem.currentStyle.left; + style.left = ret || 0; + ret = style.pixelLeft + "px"; + + // Revert the changed values + style.left = left; + elem.runtimeStyle.left = rsLeft; + } + } + + return ret; + }, + + clean: function( elems, context, fragment ) { + context = context || document; + + // !context.createElement fails in IE with an error but returns typeof 'object' + if ( typeof context.createElement === "undefined" ) + context = context.ownerDocument || context[0] && context[0].ownerDocument || document; + + // If a single string is passed in and it's a single tag + // just do a createElement and skip the rest + if ( !fragment && elems.length === 1 && typeof elems[0] === "string" ) { + var match = /^<(\w+)\s*\/?>$/.exec(elems[0]); + if ( match ) + return [ context.createElement( match[1] ) ]; + } + + var ret = [], scripts = [], div = context.createElement("div"); + + jQuery.each(elems, function(i, elem){ + if ( typeof elem === "number" ) + elem += ''; + + if ( !elem ) + return; + + // Convert html string into DOM nodes + if ( typeof elem === "string" ) { + // Fix "XHTML"-style tags in all browsers + elem = elem.replace(/(<(\w+)[^>]*?)\/>/g, function(all, front, tag){ + return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i) ? + all : + front + "></" + tag + ">"; + }); + + // Trim whitespace, otherwise indexOf won't work as expected + var tags = elem.replace(/^\s+/, "").substring(0, 10).toLowerCase(); + + var wrap = + // option or optgroup + !tags.indexOf("<opt") && + [ 1, "<select multiple='multiple'>", "</select>" ] || + + !tags.indexOf("<leg") && + [ 1, "<fieldset>", "</fieldset>" ] || + + tags.match(/^<(thead|tbody|tfoot|colg|cap)/) && + [ 1, "<table>", "</table>" ] || + + !tags.indexOf("<tr") && + [ 2, "<table><tbody>", "</tbody></table>" ] || + + // <thead> matched above + (!tags.indexOf("<td") || !tags.indexOf("<th")) && + [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ] || + + !tags.indexOf("<col") && + [ 2, "<table><tbody></tbody><colgroup>", "</colgroup></table>" ] || + + // IE can't serialize <link> and <script> tags normally + !jQuery.support.htmlSerialize && + [ 1, "div<div>", "</div>" ] || + + [ 0, "", "" ]; + + // Go to html and back, then peel off extra wrappers + div.innerHTML = wrap[1] + elem + wrap[2]; + + // Move to the right depth + while ( wrap[0]-- ) + div = div.lastChild; + + // Remove IE's autoinserted <tbody> from table fragments + if ( !jQuery.support.tbody ) { + + // String was a <table>, *may* have spurious <tbody> + var hasBody = /<tbody/i.test(elem), + tbody = !tags.indexOf("<table") && !hasBody ? + div.firstChild && div.firstChild.childNodes : + + // String was a bare <thead> or <tfoot> + wrap[1] == "<table>" && !hasBody ? + div.childNodes : + []; + + for ( var j = tbody.length - 1; j >= 0 ; --j ) + if ( jQuery.nodeName( tbody[ j ], "tbody" ) && !tbody[ j ].childNodes.length ) + tbody[ j ].parentNode.removeChild( tbody[ j ] ); + + } + + // IE completely kills leading whitespace when innerHTML is used + if ( !jQuery.support.leadingWhitespace && /^\s/.test( elem ) ) + div.insertBefore( context.createTextNode( elem.match(/^\s*/)[0] ), div.firstChild ); + + elem = jQuery.makeArray( div.childNodes ); + } + + if ( elem.nodeType ) + ret.push( elem ); + else + ret = jQuery.merge( ret, elem ); + + }); + + if ( fragment ) { + for ( var i = 0; ret[i]; i++ ) { + if ( jQuery.nodeName( ret[i], "script" ) && (!ret[i].type || ret[i].type.toLowerCase() === "text/javascript") ) { + scripts.push( ret[i].parentNode ? ret[i].parentNode.removeChild( ret[i] ) : ret[i] ); + } else { + if ( ret[i].nodeType === 1 ) + ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script"))) ); + fragment.appendChild( ret[i] ); + } + } + + return scripts; + } + + return ret; + }, + + attr: function( elem, name, value ) { + // don't set attributes on text and comment nodes + if (!elem || elem.nodeType == 3 || elem.nodeType == 8) + return undefined; + + var notxml = !jQuery.isXMLDoc( elem ), + // Whether we are setting (or getting) + set = value !== undefined; + + // Try to normalize/fix the name + name = notxml && jQuery.props[ name ] || name; + + // Only do all the following if this is a node (faster for style) + // IE elem.getAttribute passes even for style + if ( elem.tagName ) { + + // These attributes require special treatment + var special = /href|src|style/.test( name ); + + // Safari mis-reports the default selected property of a hidden option + // Accessing the parent's selectedIndex property fixes it + if ( name == "selected" && elem.parentNode ) + elem.parentNode.selectedIndex; + + // If applicable, access the attribute via the DOM 0 way + if ( name in elem && notxml && !special ) { + if ( set ){ + // We can't allow the type property to be changed (since it causes problems in IE) + if ( name == "type" && jQuery.nodeName( elem, "input" ) && elem.parentNode ) + throw "type property can't be changed"; + + elem[ name ] = value; + } + + // browsers index elements by id/name on forms, give priority to attributes. + if( jQuery.nodeName( elem, "form" ) && elem.getAttributeNode(name) ) + return elem.getAttributeNode( name ).nodeValue; + + // elem.tabIndex doesn't always return the correct value when it hasn't been explicitly set + // http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + if ( name == "tabIndex" ) { + var attributeNode = elem.getAttributeNode( "tabIndex" ); + return attributeNode && attributeNode.specified + ? attributeNode.value + : elem.nodeName.match(/(button|input|object|select|textarea)/i) + ? 0 + : elem.nodeName.match(/^(a|area)$/i) && elem.href + ? 0 + : undefined; + } + + return elem[ name ]; + } + + if ( !jQuery.support.style && notxml && name == "style" ) + return jQuery.attr( elem.style, "cssText", value ); + + if ( set ) + // convert the value to a string (all browsers do this but IE) see #1070 + elem.setAttribute( name, "" + value ); + + var attr = !jQuery.support.hrefNormalized && notxml && special + // Some attributes require a special call on IE + ? elem.getAttribute( name, 2 ) + : elem.getAttribute( name ); + + // Non-existent attributes return null, we normalize to undefined + return attr === null ? undefined : attr; + } + + // elem is actually elem.style ... set the style + + // IE uses filters for opacity + if ( !jQuery.support.opacity && name == "opacity" ) { + if ( set ) { + // IE has trouble with opacity if it does not have layout + // Force it by setting the zoom level + elem.zoom = 1; + + // Set the alpha filter to set the opacity + elem.filter = (elem.filter || "").replace( /alpha\([^)]*\)/, "" ) + + (parseInt( value ) + '' == "NaN" ? "" : "alpha(opacity=" + value * 100 + ")"); + } + + return elem.filter && elem.filter.indexOf("opacity=") >= 0 ? + (parseFloat( elem.filter.match(/opacity=([^)]*)/)[1] ) / 100) + '': + ""; + } + + name = name.replace(/-([a-z])/ig, function(all, letter){ + return letter.toUpperCase(); + }); + + if ( set ) + elem[ name ] = value; + + return elem[ name ]; + }, + + trim: function( text ) { + return (text || "").replace( /^\s+|\s+$/g, "" ); + }, + + makeArray: function( array ) { + var ret = []; + + if( array != null ){ + var i = array.length; + // The window, strings (and functions) also have 'length' + if( i == null || typeof array === "string" || jQuery.isFunction(array) || array.setInterval ) + ret[0] = array; + else + while( i ) + ret[--i] = array[i]; + } + + return ret; + }, + + inArray: function( elem, array ) { + for ( var i = 0, length = array.length; i < length; i++ ) + // Use === because on IE, window == document + if ( array[ i ] === elem ) + return i; + + return -1; + }, + + merge: function( first, second ) { + // We have to loop this way because IE & Opera overwrite the length + // expando of getElementsByTagName + var i = 0, elem, pos = first.length; + // Also, we need to make sure that the correct elements are being returned + // (IE returns comment nodes in a '*' query) + if ( !jQuery.support.getAll ) { + while ( (elem = second[ i++ ]) != null ) + if ( elem.nodeType != 8 ) + first[ pos++ ] = elem; + + } else + while ( (elem = second[ i++ ]) != null ) + first[ pos++ ] = elem; + + return first; + }, + + unique: function( array ) { + var ret = [], done = {}; + + try { + + for ( var i = 0, length = array.length; i < length; i++ ) { + var id = jQuery.data( array[ i ] ); + + if ( !done[ id ] ) { + done[ id ] = true; + ret.push( array[ i ] ); + } + } + + } catch( e ) { + ret = array; + } + + return ret; + }, + + grep: function( elems, callback, inv ) { + var ret = []; + + // Go through the array, only saving the items + // that pass the validator function + for ( var i = 0, length = elems.length; i < length; i++ ) + if ( !inv != !callback( elems[ i ], i ) ) + ret.push( elems[ i ] ); + + return ret; + }, + + map: function( elems, callback ) { + var ret = []; + + // Go through the array, translating each of the items to their + // new value (or values). + for ( var i = 0, length = elems.length; i < length; i++ ) { + var value = callback( elems[ i ], i ); + + if ( value != null ) + ret[ ret.length ] = value; + } + + return ret.concat.apply( [], ret ); + } +}); + +// Use of jQuery.browser is deprecated. +// It's included for backwards compatibility and plugins, +// although they should work to migrate away. + +var userAgent = navigator.userAgent.toLowerCase(); + +// Figure out what browser is being used +jQuery.browser = { + version: (userAgent.match( /.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/ ) || [0,'0'])[1], + safari: /webkit/.test( userAgent ), + opera: /opera/.test( userAgent ), + msie: /msie/.test( userAgent ) && !/opera/.test( userAgent ), + mozilla: /mozilla/.test( userAgent ) && !/(compatible|webkit)/.test( userAgent ) +}; + +jQuery.each({ + parent: function(elem){return elem.parentNode;}, + parents: function(elem){return jQuery.dir(elem,"parentNode");}, + next: function(elem){return jQuery.nth(elem,2,"nextSibling");}, + prev: function(elem){return jQuery.nth(elem,2,"previousSibling");}, + nextAll: function(elem){return jQuery.dir(elem,"nextSibling");}, + prevAll: function(elem){return jQuery.dir(elem,"previousSibling");}, + siblings: function(elem){return jQuery.sibling(elem.parentNode.firstChild,elem);}, + children: function(elem){return jQuery.sibling(elem.firstChild);}, + contents: function(elem){return jQuery.nodeName(elem,"iframe")?elem.contentDocument||elem.contentWindow.document:jQuery.makeArray(elem.childNodes);} +}, function(name, fn){ + jQuery.fn[ name ] = function( selector ) { + var ret = jQuery.map( this, fn ); + + if ( selector && typeof selector == "string" ) + ret = jQuery.multiFilter( selector, ret ); + + return this.pushStack( jQuery.unique( ret ), name, selector ); + }; +}); + +jQuery.each({ + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function(name, original){ + jQuery.fn[ name ] = function( selector ) { + var ret = [], insert = jQuery( selector ); + + for ( var i = 0, l = insert.length; i < l; i++ ) { + var elems = (i > 0 ? this.clone(true) : this).get(); + jQuery.fn[ original ].apply( jQuery(insert[i]), elems ); + ret = ret.concat( elems ); + } + + return this.pushStack( ret, name, selector ); + }; +}); + +jQuery.each({ + removeAttr: function( name ) { + jQuery.attr( this, name, "" ); + if (this.nodeType == 1) + this.removeAttribute( name ); + }, + + addClass: function( classNames ) { + jQuery.className.add( this, classNames ); + }, + + removeClass: function( classNames ) { + jQuery.className.remove( this, classNames ); + }, + + toggleClass: function( classNames, state ) { + if( typeof state !== "boolean" ) + state = !jQuery.className.has( this, classNames ); + jQuery.className[ state ? "add" : "remove" ]( this, classNames ); + }, + + remove: function( selector ) { + if ( !selector || jQuery.filter( selector, [ this ] ).length ) { + // Prevent memory leaks + jQuery( "*", this ).add([this]).each(function(){ + jQuery.event.remove(this); + jQuery.removeData(this); + }); + if (this.parentNode) + this.parentNode.removeChild( this ); + } + }, + + empty: function() { + // Remove element nodes and prevent memory leaks + jQuery(this).children().remove(); + + // Remove any remaining nodes + while ( this.firstChild ) + this.removeChild( this.firstChild ); + } +}, function(name, fn){ + jQuery.fn[ name ] = function(){ + return this.each( fn, arguments ); + }; +}); + +// Helper function used by the dimensions and offset modules +function num(elem, prop) { + return elem[0] && parseInt( jQuery.curCSS(elem[0], prop, true), 10 ) || 0; +} +var expando = "jQuery" + now(), uuid = 0, windowData = {}; + +jQuery.extend({ + cache: {}, + + data: function( elem, name, data ) { + elem = elem == window ? + windowData : + elem; + + var id = elem[ expando ]; + + // Compute a unique ID for the element + if ( !id ) + id = elem[ expando ] = ++uuid; + + // Only generate the data cache if we're + // trying to access or manipulate it + if ( name && !jQuery.cache[ id ] ) + jQuery.cache[ id ] = {}; + + // Prevent overriding the named cache with undefined values + if ( data !== undefined ) + jQuery.cache[ id ][ name ] = data; + + // Return the named cache data, or the ID for the element + return name ? + jQuery.cache[ id ][ name ] : + id; + }, + + removeData: function( elem, name ) { + elem = elem == window ? + windowData : + elem; + + var id = elem[ expando ]; + + // If we want to remove a specific section of the element's data + if ( name ) { + if ( jQuery.cache[ id ] ) { + // Remove the section of cache data + delete jQuery.cache[ id ][ name ]; + + // If we've removed all the data, remove the element's cache + name = ""; + + for ( name in jQuery.cache[ id ] ) + break; + + if ( !name ) + jQuery.removeData( elem ); + } + + // Otherwise, we want to remove all of the element's data + } else { + // Clean up the element expando + try { + delete elem[ expando ]; + } catch(e){ + // IE has trouble directly removing the expando + // but it's ok with using removeAttribute + if ( elem.removeAttribute ) + elem.removeAttribute( expando ); + } + + // Completely remove the data cache + delete jQuery.cache[ id ]; + } + }, + queue: function( elem, type, data ) { + if ( elem ){ + + type = (type || "fx") + "queue"; + + var q = jQuery.data( elem, type ); + + if ( !q || jQuery.isArray(data) ) + q = jQuery.data( elem, type, jQuery.makeArray(data) ); + else if( data ) + q.push( data ); + + } + return q; + }, + + dequeue: function( elem, type ){ + var queue = jQuery.queue( elem, type ), + fn = queue.shift(); + + if( !type || type === "fx" ) + fn = queue[0]; + + if( fn !== undefined ) + fn.call(elem); + } +}); + +jQuery.fn.extend({ + data: function( key, value ){ + var parts = key.split("."); + parts[1] = parts[1] ? "." + parts[1] : ""; + + if ( value === undefined ) { + var data = this.triggerHandler("getData" + parts[1] + "!", [parts[0]]); + + if ( data === undefined && this.length ) + data = jQuery.data( this[0], key ); + + return data === undefined && parts[1] ? + this.data( parts[0] ) : + data; + } else + return this.trigger("setData" + parts[1] + "!", [parts[0], value]).each(function(){ + jQuery.data( this, key, value ); + }); + }, + + removeData: function( key ){ + return this.each(function(){ + jQuery.removeData( this, key ); + }); + }, + queue: function(type, data){ + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + } + + if ( data === undefined ) + return jQuery.queue( this[0], type ); + + return this.each(function(){ + var queue = jQuery.queue( this, type, data ); + + if( type == "fx" && queue.length == 1 ) + queue[0].call(this); + }); + }, + dequeue: function(type){ + return this.each(function(){ + jQuery.dequeue( this, type ); + }); + } +});/*! + * Sizzle CSS Selector Engine - v0.9.3 + * Copyright 2009, The Dojo Foundation + * Released under the MIT, BSD, and GPL Licenses. + * More information: http://sizzlejs.com/ + */ +(function(){ + +var chunker = /((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^[\]]*\]|['"][^'"]*['"]|[^[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?/g, + done = 0, + toString = Object.prototype.toString; + +var Sizzle = function(selector, context, results, seed) { + results = results || []; + context = context || document; + + if ( context.nodeType !== 1 && context.nodeType !== 9 ) + return []; + + if ( !selector || typeof selector !== "string" ) { + return results; + } + + var parts = [], m, set, checkSet, check, mode, extra, prune = true; + + // Reset the position of the chunker regexp (start from head) + chunker.lastIndex = 0; + + while ( (m = chunker.exec(selector)) !== null ) { + parts.push( m[1] ); + + if ( m[2] ) { + extra = RegExp.rightContext; + break; + } + } + + if ( parts.length > 1 && origPOS.exec( selector ) ) { + if ( parts.length === 2 && Expr.relative[ parts[0] ] ) { + set = posProcess( parts[0] + parts[1], context ); + } else { + set = Expr.relative[ parts[0] ] ? + [ context ] : + Sizzle( parts.shift(), context ); + + while ( parts.length ) { + selector = parts.shift(); + + if ( Expr.relative[ selector ] ) + selector += parts.shift(); + + set = posProcess( selector, set ); + } + } + } else { + var ret = seed ? + { expr: parts.pop(), set: makeArray(seed) } : + Sizzle.find( parts.pop(), parts.length === 1 && context.parentNode ? context.parentNode : context, isXML(context) ); + set = Sizzle.filter( ret.expr, ret.set ); + + if ( parts.length > 0 ) { + checkSet = makeArray(set); + } else { + prune = false; + } + + while ( parts.length ) { + var cur = parts.pop(), pop = cur; + + if ( !Expr.relative[ cur ] ) { + cur = ""; + } else { + pop = parts.pop(); + } + + if ( pop == null ) { + pop = context; + } + + Expr.relative[ cur ]( checkSet, pop, isXML(context) ); + } + } + + if ( !checkSet ) { + checkSet = set; + } + + if ( !checkSet ) { + throw "Syntax error, unrecognized expression: " + (cur || selector); + } + + if ( toString.call(checkSet) === "[object Array]" ) { + if ( !prune ) { + results.push.apply( results, checkSet ); + } else if ( context.nodeType === 1 ) { + for ( var i = 0; checkSet[i] != null; i++ ) { + if ( checkSet[i] && (checkSet[i] === true || checkSet[i].nodeType === 1 && contains(context, checkSet[i])) ) { + results.push( set[i] ); + } + } + } else { + for ( var i = 0; checkSet[i] != null; i++ ) { + if ( checkSet[i] && checkSet[i].nodeType === 1 ) { + results.push( set[i] ); + } + } + } + } else { + makeArray( checkSet, results ); + } + + if ( extra ) { + Sizzle( extra, context, results, seed ); + + if ( sortOrder ) { + hasDuplicate = false; + results.sort(sortOrder); + + if ( hasDuplicate ) { + for ( var i = 1; i < results.length; i++ ) { + if ( results[i] === results[i-1] ) { + results.splice(i--, 1); + } + } + } + } + } + + return results; +}; + +Sizzle.matches = function(expr, set){ + return Sizzle(expr, null, null, set); +}; + +Sizzle.find = function(expr, context, isXML){ + var set, match; + + if ( !expr ) { + return []; + } + + for ( var i = 0, l = Expr.order.length; i < l; i++ ) { + var type = Expr.order[i], match; + + if ( (match = Expr.match[ type ].exec( expr )) ) { + var left = RegExp.leftContext; + + if ( left.substr( left.length - 1 ) !== "\\" ) { + match[1] = (match[1] || "").replace(/\\/g, ""); + set = Expr.find[ type ]( match, context, isXML ); + if ( set != null ) { + expr = expr.replace( Expr.match[ type ], "" ); + break; + } + } + } + } + + if ( !set ) { + set = context.getElementsByTagName("*"); + } + + return {set: set, expr: expr}; +}; + +Sizzle.filter = function(expr, set, inplace, not){ + var old = expr, result = [], curLoop = set, match, anyFound, + isXMLFilter = set && set[0] && isXML(set[0]); + + while ( expr && set.length ) { + for ( var type in Expr.filter ) { + if ( (match = Expr.match[ type ].exec( expr )) != null ) { + var filter = Expr.filter[ type ], found, item; + anyFound = false; + + if ( curLoop == result ) { + result = []; + } + + if ( Expr.preFilter[ type ] ) { + match = Expr.preFilter[ type ]( match, curLoop, inplace, result, not, isXMLFilter ); + + if ( !match ) { + anyFound = found = true; + } else if ( match === true ) { + continue; + } + } + + if ( match ) { + for ( var i = 0; (item = curLoop[i]) != null; i++ ) { + if ( item ) { + found = filter( item, match, i, curLoop ); + var pass = not ^ !!found; + + if ( inplace && found != null ) { + if ( pass ) { + anyFound = true; + } else { + curLoop[i] = false; + } + } else if ( pass ) { + result.push( item ); + anyFound = true; + } + } + } + } + + if ( found !== undefined ) { + if ( !inplace ) { + curLoop = result; + } + + expr = expr.replace( Expr.match[ type ], "" ); + + if ( !anyFound ) { + return []; + } + + break; + } + } + } + + // Improper expression + if ( expr == old ) { + if ( anyFound == null ) { + throw "Syntax error, unrecognized expression: " + expr; + } else { + break; + } + } + + old = expr; + } + + return curLoop; +}; + +var Expr = Sizzle.selectors = { + order: [ "ID", "NAME", "TAG" ], + match: { + ID: /#((?:[\w\u00c0-\uFFFF_-]|\\.)+)/, + CLASS: /\.((?:[\w\u00c0-\uFFFF_-]|\\.)+)/, + NAME: /\[name=['"]*((?:[\w\u00c0-\uFFFF_-]|\\.)+)['"]*\]/, + ATTR: /\[\s*((?:[\w\u00c0-\uFFFF_-]|\\.)+)\s*(?:(\S?=)\s*(['"]*)(.*?)\3|)\s*\]/, + TAG: /^((?:[\w\u00c0-\uFFFF\*_-]|\\.)+)/, + CHILD: /:(only|nth|last|first)-child(?:\((even|odd|[\dn+-]*)\))?/, + POS: /:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^-]|$)/, + PSEUDO: /:((?:[\w\u00c0-\uFFFF_-]|\\.)+)(?:\((['"]*)((?:\([^\)]+\)|[^\2\(\)]*)+)\2\))?/ + }, + attrMap: { + "class": "className", + "for": "htmlFor" + }, + attrHandle: { + href: function(elem){ + return elem.getAttribute("href"); + } + }, + relative: { + "+": function(checkSet, part, isXML){ + var isPartStr = typeof part === "string", + isTag = isPartStr && !/\W/.test(part), + isPartStrNotTag = isPartStr && !isTag; + + if ( isTag && !isXML ) { + part = part.toUpperCase(); + } + + for ( var i = 0, l = checkSet.length, elem; i < l; i++ ) { + if ( (elem = checkSet[i]) ) { + while ( (elem = elem.previousSibling) && elem.nodeType !== 1 ) {} + + checkSet[i] = isPartStrNotTag || elem && elem.nodeName === part ? + elem || false : + elem === part; + } + } + + if ( isPartStrNotTag ) { + Sizzle.filter( part, checkSet, true ); + } + }, + ">": function(checkSet, part, isXML){ + var isPartStr = typeof part === "string"; + + if ( isPartStr && !/\W/.test(part) ) { + part = isXML ? part : part.toUpperCase(); + + for ( var i = 0, l = checkSet.length; i < l; i++ ) { + var elem = checkSet[i]; + if ( elem ) { + var parent = elem.parentNode; + checkSet[i] = parent.nodeName === part ? parent : false; + } + } + } else { + for ( var i = 0, l = checkSet.length; i < l; i++ ) { + var elem = checkSet[i]; + if ( elem ) { + checkSet[i] = isPartStr ? + elem.parentNode : + elem.parentNode === part; + } + } + + if ( isPartStr ) { + Sizzle.filter( part, checkSet, true ); + } + } + }, + "": function(checkSet, part, isXML){ + var doneName = done++, checkFn = dirCheck; + + if ( !part.match(/\W/) ) { + var nodeCheck = part = isXML ? part : part.toUpperCase(); + checkFn = dirNodeCheck; + } + + checkFn("parentNode", part, doneName, checkSet, nodeCheck, isXML); + }, + "~": function(checkSet, part, isXML){ + var doneName = done++, checkFn = dirCheck; + + if ( typeof part === "string" && !part.match(/\W/) ) { + var nodeCheck = part = isXML ? part : part.toUpperCase(); + checkFn = dirNodeCheck; + } + + checkFn("previousSibling", part, doneName, checkSet, nodeCheck, isXML); + } + }, + find: { + ID: function(match, context, isXML){ + if ( typeof context.getElementById !== "undefined" && !isXML ) { + var m = context.getElementById(match[1]); + return m ? [m] : []; + } + }, + NAME: function(match, context, isXML){ + if ( typeof context.getElementsByName !== "undefined" ) { + var ret = [], results = context.getElementsByName(match[1]); + + for ( var i = 0, l = results.length; i < l; i++ ) { + if ( results[i].getAttribute("name") === match[1] ) { + ret.push( results[i] ); + } + } + + return ret.length === 0 ? null : ret; + } + }, + TAG: function(match, context){ + return context.getElementsByTagName(match[1]); + } + }, + preFilter: { + CLASS: function(match, curLoop, inplace, result, not, isXML){ + match = " " + match[1].replace(/\\/g, "") + " "; + + if ( isXML ) { + return match; + } + + for ( var i = 0, elem; (elem = curLoop[i]) != null; i++ ) { + if ( elem ) { + if ( not ^ (elem.className && (" " + elem.className + " ").indexOf(match) >= 0) ) { + if ( !inplace ) + result.push( elem ); + } else if ( inplace ) { + curLoop[i] = false; + } + } + } + + return false; + }, + ID: function(match){ + return match[1].replace(/\\/g, ""); + }, + TAG: function(match, curLoop){ + for ( var i = 0; curLoop[i] === false; i++ ){} + return curLoop[i] && isXML(curLoop[i]) ? match[1] : match[1].toUpperCase(); + }, + CHILD: function(match){ + if ( match[1] == "nth" ) { + // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' + var test = /(-?)(\d*)n((?:\+|-)?\d*)/.exec( + match[2] == "even" && "2n" || match[2] == "odd" && "2n+1" || + !/\D/.test( match[2] ) && "0n+" + match[2] || match[2]); + + // calculate the numbers (first)n+(last) including if they are negative + match[2] = (test[1] + (test[2] || 1)) - 0; + match[3] = test[3] - 0; + } + + // TODO: Move to normal caching system + match[0] = done++; + + return match; + }, + ATTR: function(match, curLoop, inplace, result, not, isXML){ + var name = match[1].replace(/\\/g, ""); + + if ( !isXML && Expr.attrMap[name] ) { + match[1] = Expr.attrMap[name]; + } + + if ( match[2] === "~=" ) { + match[4] = " " + match[4] + " "; + } + + return match; + }, + PSEUDO: function(match, curLoop, inplace, result, not){ + if ( match[1] === "not" ) { + // If we're dealing with a complex expression, or a simple one + if ( match[3].match(chunker).length > 1 || /^\w/.test(match[3]) ) { + match[3] = Sizzle(match[3], null, null, curLoop); + } else { + var ret = Sizzle.filter(match[3], curLoop, inplace, true ^ not); + if ( !inplace ) { + result.push.apply( result, ret ); + } + return false; + } + } else if ( Expr.match.POS.test( match[0] ) || Expr.match.CHILD.test( match[0] ) ) { + return true; + } + + return match; + }, + POS: function(match){ + match.unshift( true ); + return match; + } + }, + filters: { + enabled: function(elem){ + return elem.disabled === false && elem.type !== "hidden"; + }, + disabled: function(elem){ + return elem.disabled === true; + }, + checked: function(elem){ + return elem.checked === true; + }, + selected: function(elem){ + // Accessing this property makes selected-by-default + // options in Safari work properly + elem.parentNode.selectedIndex; + return elem.selected === true; + }, + parent: function(elem){ + return !!elem.firstChild; + }, + empty: function(elem){ + return !elem.firstChild; + }, + has: function(elem, i, match){ + return !!Sizzle( match[3], elem ).length; + }, + header: function(elem){ + return /h\d/i.test( elem.nodeName ); + }, + text: function(elem){ + return "text" === elem.type; + }, + radio: function(elem){ + return "radio" === elem.type; + }, + checkbox: function(elem){ + return "checkbox" === elem.type; + }, + file: function(elem){ + return "file" === elem.type; + }, + password: function(elem){ + return "password" === elem.type; + }, + submit: function(elem){ + return "submit" === elem.type; + }, + image: function(elem){ + return "image" === elem.type; + }, + reset: function(elem){ + return "reset" === elem.type; + }, + button: function(elem){ + return "button" === elem.type || elem.nodeName.toUpperCase() === "BUTTON"; + }, + input: function(elem){ + return /input|select|textarea|button/i.test(elem.nodeName); + } + }, + setFilters: { + first: function(elem, i){ + return i === 0; + }, + last: function(elem, i, match, array){ + return i === array.length - 1; + }, + even: function(elem, i){ + return i % 2 === 0; + }, + odd: function(elem, i){ + return i % 2 === 1; + }, + lt: function(elem, i, match){ + return i < match[3] - 0; + }, + gt: function(elem, i, match){ + return i > match[3] - 0; + }, + nth: function(elem, i, match){ + return match[3] - 0 == i; + }, + eq: function(elem, i, match){ + return match[3] - 0 == i; + } + }, + filter: { + PSEUDO: function(elem, match, i, array){ + var name = match[1], filter = Expr.filters[ name ]; + + if ( filter ) { + return filter( elem, i, match, array ); + } else if ( name === "contains" ) { + return (elem.textContent || elem.innerText || "").indexOf(match[3]) >= 0; + } else if ( name === "not" ) { + var not = match[3]; + + for ( var i = 0, l = not.length; i < l; i++ ) { + if ( not[i] === elem ) { + return false; + } + } + + return true; + } + }, + CHILD: function(elem, match){ + var type = match[1], node = elem; + switch (type) { + case 'only': + case 'first': + while (node = node.previousSibling) { + if ( node.nodeType === 1 ) return false; + } + if ( type == 'first') return true; + node = elem; + case 'last': + while (node = node.nextSibling) { + if ( node.nodeType === 1 ) return false; + } + return true; + case 'nth': + var first = match[2], last = match[3]; + + if ( first == 1 && last == 0 ) { + return true; + } + + var doneName = match[0], + parent = elem.parentNode; + + if ( parent && (parent.sizcache !== doneName || !elem.nodeIndex) ) { + var count = 0; + for ( node = parent.firstChild; node; node = node.nextSibling ) { + if ( node.nodeType === 1 ) { + node.nodeIndex = ++count; + } + } + parent.sizcache = doneName; + } + + var diff = elem.nodeIndex - last; + if ( first == 0 ) { + return diff == 0; + } else { + return ( diff % first == 0 && diff / first >= 0 ); + } + } + }, + ID: function(elem, match){ + return elem.nodeType === 1 && elem.getAttribute("id") === match; + }, + TAG: function(elem, match){ + return (match === "*" && elem.nodeType === 1) || elem.nodeName === match; + }, + CLASS: function(elem, match){ + return (" " + (elem.className || elem.getAttribute("class")) + " ") + .indexOf( match ) > -1; + }, + ATTR: function(elem, match){ + var name = match[1], + result = Expr.attrHandle[ name ] ? + Expr.attrHandle[ name ]( elem ) : + elem[ name ] != null ? + elem[ name ] : + elem.getAttribute( name ), + value = result + "", + type = match[2], + check = match[4]; + + return result == null ? + type === "!=" : + type === "=" ? + value === check : + type === "*=" ? + value.indexOf(check) >= 0 : + type === "~=" ? + (" " + value + " ").indexOf(check) >= 0 : + !check ? + value && result !== false : + type === "!=" ? + value != check : + type === "^=" ? + value.indexOf(check) === 0 : + type === "$=" ? + value.substr(value.length - check.length) === check : + type === "|=" ? + value === check || value.substr(0, check.length + 1) === check + "-" : + false; + }, + POS: function(elem, match, i, array){ + var name = match[2], filter = Expr.setFilters[ name ]; + + if ( filter ) { + return filter( elem, i, match, array ); + } + } + } +}; + +var origPOS = Expr.match.POS; + +for ( var type in Expr.match ) { + Expr.match[ type ] = RegExp( Expr.match[ type ].source + /(?![^\[]*\])(?![^\(]*\))/.source ); +} + +var makeArray = function(array, results) { + array = Array.prototype.slice.call( array ); + + if ( results ) { + results.push.apply( results, array ); + return results; + } + + return array; +}; + +// Perform a simple check to determine if the browser is capable of +// converting a NodeList to an array using builtin methods. +try { + Array.prototype.slice.call( document.documentElement.childNodes ); + +// Provide a fallback method if it does not work +} catch(e){ + makeArray = function(array, results) { + var ret = results || []; + + if ( toString.call(array) === "[object Array]" ) { + Array.prototype.push.apply( ret, array ); + } else { + if ( typeof array.length === "number" ) { + for ( var i = 0, l = array.length; i < l; i++ ) { + ret.push( array[i] ); + } + } else { + for ( var i = 0; array[i]; i++ ) { + ret.push( array[i] ); + } + } + } + + return ret; + }; +} + +var sortOrder; + +if ( document.documentElement.compareDocumentPosition ) { + sortOrder = function( a, b ) { + var ret = a.compareDocumentPosition(b) & 4 ? -1 : a === b ? 0 : 1; + if ( ret === 0 ) { + hasDuplicate = true; + } + return ret; + }; +} else if ( "sourceIndex" in document.documentElement ) { + sortOrder = function( a, b ) { + var ret = a.sourceIndex - b.sourceIndex; + if ( ret === 0 ) { + hasDuplicate = true; + } + return ret; + }; +} else if ( document.createRange ) { + sortOrder = function( a, b ) { + var aRange = a.ownerDocument.createRange(), bRange = b.ownerDocument.createRange(); + aRange.selectNode(a); + aRange.collapse(true); + bRange.selectNode(b); + bRange.collapse(true); + var ret = aRange.compareBoundaryPoints(Range.START_TO_END, bRange); + if ( ret === 0 ) { + hasDuplicate = true; + } + return ret; + }; +} + +// Check to see if the browser returns elements by name when +// querying by getElementById (and provide a workaround) +(function(){ + // We're going to inject a fake input element with a specified name + var form = document.createElement("form"), + id = "script" + (new Date).getTime(); + form.innerHTML = "<input name='" + id + "'/>"; + + // Inject it into the root element, check its status, and remove it quickly + var root = document.documentElement; + root.insertBefore( form, root.firstChild ); + + // The workaround has to do additional checks after a getElementById + // Which slows things down for other browsers (hence the branching) + if ( !!document.getElementById( id ) ) { + Expr.find.ID = function(match, context, isXML){ + if ( typeof context.getElementById !== "undefined" && !isXML ) { + var m = context.getElementById(match[1]); + return m ? m.id === match[1] || typeof m.getAttributeNode !== "undefined" && m.getAttributeNode("id").nodeValue === match[1] ? [m] : undefined : []; + } + }; + + Expr.filter.ID = function(elem, match){ + var node = typeof elem.getAttributeNode !== "undefined" && elem.getAttributeNode("id"); + return elem.nodeType === 1 && node && node.nodeValue === match; + }; + } + + root.removeChild( form ); +})(); + +(function(){ + // Check to see if the browser returns only elements + // when doing getElementsByTagName("*") + + // Create a fake element + var div = document.createElement("div"); + div.appendChild( document.createComment("") ); + + // Make sure no comments are found + if ( div.getElementsByTagName("*").length > 0 ) { + Expr.find.TAG = function(match, context){ + var results = context.getElementsByTagName(match[1]); + + // Filter out possible comments + if ( match[1] === "*" ) { + var tmp = []; + + for ( var i = 0; results[i]; i++ ) { + if ( results[i].nodeType === 1 ) { + tmp.push( results[i] ); + } + } + + results = tmp; + } + + return results; + }; + } + + // Check to see if an attribute returns normalized href attributes + div.innerHTML = "<a href='#'></a>"; + if ( div.firstChild && typeof div.firstChild.getAttribute !== "undefined" && + div.firstChild.getAttribute("href") !== "#" ) { + Expr.attrHandle.href = function(elem){ + return elem.getAttribute("href", 2); + }; + } +})(); + +if ( document.querySelectorAll ) (function(){ + var oldSizzle = Sizzle, div = document.createElement("div"); + div.innerHTML = "<p class='TEST'></p>"; + + // Safari can't handle uppercase or unicode characters when + // in quirks mode. + if ( div.querySelectorAll && div.querySelectorAll(".TEST").length === 0 ) { + return; + } + + Sizzle = function(query, context, extra, seed){ + context = context || document; + + // Only use querySelectorAll on non-XML documents + // (ID selectors don't work in non-HTML documents) + if ( !seed && context.nodeType === 9 && !isXML(context) ) { + try { + return makeArray( context.querySelectorAll(query), extra ); + } catch(e){} + } + + return oldSizzle(query, context, extra, seed); + }; + + Sizzle.find = oldSizzle.find; + Sizzle.filter = oldSizzle.filter; + Sizzle.selectors = oldSizzle.selectors; + Sizzle.matches = oldSizzle.matches; +})(); + +if ( document.getElementsByClassName && document.documentElement.getElementsByClassName ) (function(){ + var div = document.createElement("div"); + div.innerHTML = "<div class='test e'></div><div class='test'></div>"; + + // Opera can't find a second classname (in 9.6) + if ( div.getElementsByClassName("e").length === 0 ) + return; + + // Safari caches class attributes, doesn't catch changes (in 3.2) + div.lastChild.className = "e"; + + if ( div.getElementsByClassName("e").length === 1 ) + return; + + Expr.order.splice(1, 0, "CLASS"); + Expr.find.CLASS = function(match, context, isXML) { + if ( typeof context.getElementsByClassName !== "undefined" && !isXML ) { + return context.getElementsByClassName(match[1]); + } + }; +})(); + +function dirNodeCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { + var sibDir = dir == "previousSibling" && !isXML; + for ( var i = 0, l = checkSet.length; i < l; i++ ) { + var elem = checkSet[i]; + if ( elem ) { + if ( sibDir && elem.nodeType === 1 ){ + elem.sizcache = doneName; + elem.sizset = i; + } + elem = elem[dir]; + var match = false; + + while ( elem ) { + if ( elem.sizcache === doneName ) { + match = checkSet[elem.sizset]; + break; + } + + if ( elem.nodeType === 1 && !isXML ){ + elem.sizcache = doneName; + elem.sizset = i; + } + + if ( elem.nodeName === cur ) { + match = elem; + break; + } + + elem = elem[dir]; + } + + checkSet[i] = match; + } + } +} + +function dirCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { + var sibDir = dir == "previousSibling" && !isXML; + for ( var i = 0, l = checkSet.length; i < l; i++ ) { + var elem = checkSet[i]; + if ( elem ) { + if ( sibDir && elem.nodeType === 1 ) { + elem.sizcache = doneName; + elem.sizset = i; + } + elem = elem[dir]; + var match = false; + + while ( elem ) { + if ( elem.sizcache === doneName ) { + match = checkSet[elem.sizset]; + break; + } + + if ( elem.nodeType === 1 ) { + if ( !isXML ) { + elem.sizcache = doneName; + elem.sizset = i; + } + if ( typeof cur !== "string" ) { + if ( elem === cur ) { + match = true; + break; + } + + } else if ( Sizzle.filter( cur, [elem] ).length > 0 ) { + match = elem; + break; + } + } + + elem = elem[dir]; + } + + checkSet[i] = match; + } + } +} + +var contains = document.compareDocumentPosition ? function(a, b){ + return a.compareDocumentPosition(b) & 16; +} : function(a, b){ + return a !== b && (a.contains ? a.contains(b) : true); +}; + +var isXML = function(elem){ + return elem.nodeType === 9 && elem.documentElement.nodeName !== "HTML" || + !!elem.ownerDocument && isXML( elem.ownerDocument ); +}; + +var posProcess = function(selector, context){ + var tmpSet = [], later = "", match, + root = context.nodeType ? [context] : context; + + // Position selectors must be done after the filter + // And so must :not(positional) so we move all PSEUDOs to the end + while ( (match = Expr.match.PSEUDO.exec( selector )) ) { + later += match[0]; + selector = selector.replace( Expr.match.PSEUDO, "" ); + } + + selector = Expr.relative[selector] ? selector + "*" : selector; + + for ( var i = 0, l = root.length; i < l; i++ ) { + Sizzle( selector, root[i], tmpSet ); + } + + return Sizzle.filter( later, tmpSet ); +}; + +// EXPOSE +jQuery.find = Sizzle; +jQuery.filter = Sizzle.filter; +jQuery.expr = Sizzle.selectors; +jQuery.expr[":"] = jQuery.expr.filters; + +Sizzle.selectors.filters.hidden = function(elem){ + return elem.offsetWidth === 0 || elem.offsetHeight === 0; +}; + +Sizzle.selectors.filters.visible = function(elem){ + return elem.offsetWidth > 0 || elem.offsetHeight > 0; +}; + +Sizzle.selectors.filters.animated = function(elem){ + return jQuery.grep(jQuery.timers, function(fn){ + return elem === fn.elem; + }).length; +}; + +jQuery.multiFilter = function( expr, elems, not ) { + if ( not ) { + expr = ":not(" + expr + ")"; + } + + return Sizzle.matches(expr, elems); +}; + +jQuery.dir = function( elem, dir ){ + var matched = [], cur = elem[dir]; + while ( cur && cur != document ) { + if ( cur.nodeType == 1 ) + matched.push( cur ); + cur = cur[dir]; + } + return matched; +}; + +jQuery.nth = function(cur, result, dir, elem){ + result = result || 1; + var num = 0; + + for ( ; cur; cur = cur[dir] ) + if ( cur.nodeType == 1 && ++num == result ) + break; + + return cur; +}; + +jQuery.sibling = function(n, elem){ + var r = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType == 1 && n != elem ) + r.push( n ); + } + + return r; +}; + +return; + +window.Sizzle = Sizzle; + +})(); +/* + * A number of helper functions used for managing events. + * Many of the ideas behind this code originated from + * Dean Edwards' addEvent library. + */ +jQuery.event = { + + // Bind an event to an element + // Original by Dean Edwards + add: function(elem, types, handler, data) { + if ( elem.nodeType == 3 || elem.nodeType == 8 ) + return; + + // For whatever reason, IE has trouble passing the window object + // around, causing it to be cloned in the process + if ( elem.setInterval && elem != window ) + elem = window; + + // Make sure that the function being executed has a unique ID + if ( !handler.guid ) + handler.guid = this.guid++; + + // if data is passed, bind to handler + if ( data !== undefined ) { + // Create temporary function pointer to original handler + var fn = handler; + + // Create unique handler function, wrapped around original handler + handler = this.proxy( fn ); + + // Store data in unique handler + handler.data = data; + } + + // Init the element's event structure + var events = jQuery.data(elem, "events") || jQuery.data(elem, "events", {}), + handle = jQuery.data(elem, "handle") || jQuery.data(elem, "handle", function(){ + // Handle the second event of a trigger and when + // an event is called after a page has unloaded + return typeof jQuery !== "undefined" && !jQuery.event.triggered ? + jQuery.event.handle.apply(arguments.callee.elem, arguments) : + undefined; + }); + // Add elem as a property of the handle function + // This is to prevent a memory leak with non-native + // event in IE. + handle.elem = elem; + + // Handle multiple events separated by a space + // jQuery(...).bind("mouseover mouseout", fn); + jQuery.each(types.split(/\s+/), function(index, type) { + // Namespaced event handlers + var namespaces = type.split("."); + type = namespaces.shift(); + handler.type = namespaces.slice().sort().join("."); + + // Get the current list of functions bound to this event + var handlers = events[type]; + + if ( jQuery.event.specialAll[type] ) + jQuery.event.specialAll[type].setup.call(elem, data, namespaces); + + // Init the event handler queue + if (!handlers) { + handlers = events[type] = {}; + + // Check for a special event handler + // Only use addEventListener/attachEvent if the special + // events handler returns false + if ( !jQuery.event.special[type] || jQuery.event.special[type].setup.call(elem, data, namespaces) === false ) { + // Bind the global event handler to the element + if (elem.addEventListener) + elem.addEventListener(type, handle, false); + else if (elem.attachEvent) + elem.attachEvent("on" + type, handle); + } + } + + // Add the function to the element's handler list + handlers[handler.guid] = handler; + + // Keep track of which events have been used, for global triggering + jQuery.event.global[type] = true; + }); + + // Nullify elem to prevent memory leaks in IE + elem = null; + }, + + guid: 1, + global: {}, + + // Detach an event or set of events from an element + remove: function(elem, types, handler) { + // don't do events on text and comment nodes + if ( elem.nodeType == 3 || elem.nodeType == 8 ) + return; + + var events = jQuery.data(elem, "events"), ret, index; + + if ( events ) { + // Unbind all events for the element + if ( types === undefined || (typeof types === "string" && types.charAt(0) == ".") ) + for ( var type in events ) + this.remove( elem, type + (types || "") ); + else { + // types is actually an event object here + if ( types.type ) { + handler = types.handler; + types = types.type; + } + + // Handle multiple events seperated by a space + // jQuery(...).unbind("mouseover mouseout", fn); + jQuery.each(types.split(/\s+/), function(index, type){ + // Namespaced event handlers + var namespaces = type.split("."); + type = namespaces.shift(); + var namespace = RegExp("(^|\\.)" + namespaces.slice().sort().join(".*\\.") + "(\\.|$)"); + + if ( events[type] ) { + // remove the given handler for the given type + if ( handler ) + delete events[type][handler.guid]; + + // remove all handlers for the given type + else + for ( var handle in events[type] ) + // Handle the removal of namespaced events + if ( namespace.test(events[type][handle].type) ) + delete events[type][handle]; + + if ( jQuery.event.specialAll[type] ) + jQuery.event.specialAll[type].teardown.call(elem, namespaces); + + // remove generic event handler if no more handlers exist + for ( ret in events[type] ) break; + if ( !ret ) { + if ( !jQuery.event.special[type] || jQuery.event.special[type].teardown.call(elem, namespaces) === false ) { + if (elem.removeEventListener) + elem.removeEventListener(type, jQuery.data(elem, "handle"), false); + else if (elem.detachEvent) + elem.detachEvent("on" + type, jQuery.data(elem, "handle")); + } + ret = null; + delete events[type]; + } + } + }); + } + + // Remove the expando if it's no longer used + for ( ret in events ) break; + if ( !ret ) { + var handle = jQuery.data( elem, "handle" ); + if ( handle ) handle.elem = null; + jQuery.removeData( elem, "events" ); + jQuery.removeData( elem, "handle" ); + } + } + }, + + // bubbling is internal + trigger: function( event, data, elem, bubbling ) { + // Event object or event type + var type = event.type || event; + + if( !bubbling ){ + event = typeof event === "object" ? + // jQuery.Event object + event[expando] ? event : + // Object literal + jQuery.extend( jQuery.Event(type), event ) : + // Just the event type (string) + jQuery.Event(type); + + if ( type.indexOf("!") >= 0 ) { + event.type = type = type.slice(0, -1); + event.exclusive = true; + } + + // Handle a global trigger + if ( !elem ) { + // Don't bubble custom events when global (to avoid too much overhead) + event.stopPropagation(); + // Only trigger if we've ever bound an event for it + if ( this.global[type] ) + jQuery.each( jQuery.cache, function(){ + if ( this.events && this.events[type] ) + jQuery.event.trigger( event, data, this.handle.elem ); + }); + } + + // Handle triggering a single element + + // don't do events on text and comment nodes + if ( !elem || elem.nodeType == 3 || elem.nodeType == 8 ) + return undefined; + + // Clean up in case it is reused + event.result = undefined; + event.target = elem; + + // Clone the incoming data, if any + data = jQuery.makeArray(data); + data.unshift( event ); + } + + event.currentTarget = elem; + + // Trigger the event, it is assumed that "handle" is a function + var handle = jQuery.data(elem, "handle"); + if ( handle ) + handle.apply( elem, data ); + + // Handle triggering native .onfoo handlers (and on links since we don't call .click() for links) + if ( (!elem[type] || (jQuery.nodeName(elem, 'a') && type == "click")) && elem["on"+type] && elem["on"+type].apply( elem, data ) === false ) + event.result = false; + + // Trigger the native events (except for clicks on links) + if ( !bubbling && elem[type] && !event.isDefaultPrevented() && !(jQuery.nodeName(elem, 'a') && type == "click") ) { + this.triggered = true; + try { + elem[ type ](); + // prevent IE from throwing an error for some hidden elements + } catch (e) {} + } + + this.triggered = false; + + if ( !event.isPropagationStopped() ) { + var parent = elem.parentNode || elem.ownerDocument; + if ( parent ) + jQuery.event.trigger(event, data, parent, true); + } + }, + + handle: function(event) { + // returned undefined or false + var all, handlers; + + event = arguments[0] = jQuery.event.fix( event || window.event ); + event.currentTarget = this; + + // Namespaced event handlers + var namespaces = event.type.split("."); + event.type = namespaces.shift(); + + // Cache this now, all = true means, any handler + all = !namespaces.length && !event.exclusive; + + var namespace = RegExp("(^|\\.)" + namespaces.slice().sort().join(".*\\.") + "(\\.|$)"); + + handlers = ( jQuery.data(this, "events") || {} )[event.type]; + + for ( var j in handlers ) { + var handler = handlers[j]; + + // Filter the functions by class + if ( all || namespace.test(handler.type) ) { + // Pass in a reference to the handler function itself + // So that we can later remove it + event.handler = handler; + event.data = handler.data; + + var ret = handler.apply(this, arguments); + + if( ret !== undefined ){ + event.result = ret; + if ( ret === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + + if( event.isImmediatePropagationStopped() ) + break; + + } + } + }, + + props: "altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode metaKey newValue originalTarget pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target toElement view wheelDelta which".split(" "), + + fix: function(event) { + if ( event[expando] ) + return event; + + // store a copy of the original event object + // and "clone" to set read-only properties + var originalEvent = event; + event = jQuery.Event( originalEvent ); + + for ( var i = this.props.length, prop; i; ){ + prop = this.props[ --i ]; + event[ prop ] = originalEvent[ prop ]; + } + + // Fix target property, if necessary + if ( !event.target ) + event.target = event.srcElement || document; // Fixes #1925 where srcElement might not be defined either + + // check if target is a textnode (safari) + if ( event.target.nodeType == 3 ) + event.target = event.target.parentNode; + + // Add relatedTarget, if necessary + if ( !event.relatedTarget && event.fromElement ) + event.relatedTarget = event.fromElement == event.target ? event.toElement : event.fromElement; + + // Calculate pageX/Y if missing and clientX/Y available + if ( event.pageX == null && event.clientX != null ) { + var doc = document.documentElement, body = document.body; + event.pageX = event.clientX + (doc && doc.scrollLeft || body && body.scrollLeft || 0) - (doc.clientLeft || 0); + event.pageY = event.clientY + (doc && doc.scrollTop || body && body.scrollTop || 0) - (doc.clientTop || 0); + } + + // Add which for key events + if ( !event.which && ((event.charCode || event.charCode === 0) ? event.charCode : event.keyCode) ) + event.which = event.charCode || event.keyCode; + + // Add metaKey to non-Mac browsers (use ctrl for PC's and Meta for Macs) + if ( !event.metaKey && event.ctrlKey ) + event.metaKey = event.ctrlKey; + + // Add which for click: 1 == left; 2 == middle; 3 == right + // Note: button is not normalized, so don't use it + if ( !event.which && event.button ) + event.which = (event.button & 1 ? 1 : ( event.button & 2 ? 3 : ( event.button & 4 ? 2 : 0 ) )); + + return event; + }, + + proxy: function( fn, proxy ){ + proxy = proxy || function(){ return fn.apply(this, arguments); }; + // Set the guid of unique handler to the same of original handler, so it can be removed + proxy.guid = fn.guid = fn.guid || proxy.guid || this.guid++; + // So proxy can be declared as an argument + return proxy; + }, + + special: { + ready: { + // Make sure the ready event is setup + setup: bindReady, + teardown: function() {} + } + }, + + specialAll: { + live: { + setup: function( selector, namespaces ){ + jQuery.event.add( this, namespaces[0], liveHandler ); + }, + teardown: function( namespaces ){ + if ( namespaces.length ) { + var remove = 0, name = RegExp("(^|\\.)" + namespaces[0] + "(\\.|$)"); + + jQuery.each( (jQuery.data(this, "events").live || {}), function(){ + if ( name.test(this.type) ) + remove++; + }); + + if ( remove < 1 ) + jQuery.event.remove( this, namespaces[0], liveHandler ); + } + } + } + } +}; + +jQuery.Event = function( src ){ + // Allow instantiation without the 'new' keyword + if( !this.preventDefault ) + return new jQuery.Event(src); + + // Event object + if( src && src.type ){ + this.originalEvent = src; + this.type = src.type; + // Event type + }else + this.type = src; + + // timeStamp is buggy for some events on Firefox(#3843) + // So we won't rely on the native value + this.timeStamp = now(); + + // Mark it as fixed + this[expando] = true; +}; + +function returnFalse(){ + return false; +} +function returnTrue(){ + return true; +} + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + preventDefault: function() { + this.isDefaultPrevented = returnTrue; + + var e = this.originalEvent; + if( !e ) + return; + // if preventDefault exists run it on the original event + if (e.preventDefault) + e.preventDefault(); + // otherwise set the returnValue property of the original event to false (IE) + e.returnValue = false; + }, + stopPropagation: function() { + this.isPropagationStopped = returnTrue; + + var e = this.originalEvent; + if( !e ) + return; + // if stopPropagation exists run it on the original event + if (e.stopPropagation) + e.stopPropagation(); + // otherwise set the cancelBubble property of the original event to true (IE) + e.cancelBubble = true; + }, + stopImmediatePropagation:function(){ + this.isImmediatePropagationStopped = returnTrue; + this.stopPropagation(); + }, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse +}; +// Checks if an event happened on an element within another element +// Used in jQuery.event.special.mouseenter and mouseleave handlers +var withinElement = function(event) { + // Check if mouse(over|out) are still within the same parent element + var parent = event.relatedTarget; + // Traverse up the tree + while ( parent && parent != this ) + try { parent = parent.parentNode; } + catch(e) { parent = this; } + + if( parent != this ){ + // set the correct event type + event.type = event.data; + // handle event if we actually just moused on to a non sub-element + jQuery.event.handle.apply( this, arguments ); + } +}; + +jQuery.each({ + mouseover: 'mouseenter', + mouseout: 'mouseleave' +}, function( orig, fix ){ + jQuery.event.special[ fix ] = { + setup: function(){ + jQuery.event.add( this, orig, withinElement, fix ); + }, + teardown: function(){ + jQuery.event.remove( this, orig, withinElement ); + } + }; +}); + +jQuery.fn.extend({ + bind: function( type, data, fn ) { + return type == "unload" ? this.one(type, data, fn) : this.each(function(){ + jQuery.event.add( this, type, fn || data, fn && data ); + }); + }, + + one: function( type, data, fn ) { + var one = jQuery.event.proxy( fn || data, function(event) { + jQuery(this).unbind(event, one); + return (fn || data).apply( this, arguments ); + }); + return this.each(function(){ + jQuery.event.add( this, type, one, fn && data); + }); + }, + + unbind: function( type, fn ) { + return this.each(function(){ + jQuery.event.remove( this, type, fn ); + }); + }, + + trigger: function( type, data ) { + return this.each(function(){ + jQuery.event.trigger( type, data, this ); + }); + }, + + triggerHandler: function( type, data ) { + if( this[0] ){ + var event = jQuery.Event(type); + event.preventDefault(); + event.stopPropagation(); + jQuery.event.trigger( event, data, this[0] ); + return event.result; + } + }, + + toggle: function( fn ) { + // Save reference to arguments for access in closure + var args = arguments, i = 1; + + // link all the functions, so any of them can unbind this click handler + while( i < args.length ) + jQuery.event.proxy( fn, args[i++] ); + + return this.click( jQuery.event.proxy( fn, function(event) { + // Figure out which function to execute + this.lastToggle = ( this.lastToggle || 0 ) % i; + + // Make sure that clicks stop + event.preventDefault(); + + // and execute the function + return args[ this.lastToggle++ ].apply( this, arguments ) || false; + })); + }, + + hover: function(fnOver, fnOut) { + return this.mouseenter(fnOver).mouseleave(fnOut); + }, + + ready: function(fn) { + // Attach the listeners + bindReady(); + + // If the DOM is already ready + if ( jQuery.isReady ) + // Execute the function immediately + fn.call( document, jQuery ); + + // Otherwise, remember the function for later + else + // Add the function to the wait list + jQuery.readyList.push( fn ); + + return this; + }, + + live: function( type, fn ){ + var proxy = jQuery.event.proxy( fn ); + proxy.guid += this.selector + type; + + jQuery(document).bind( liveConvert(type, this.selector), this.selector, proxy ); + + return this; + }, + + die: function( type, fn ){ + jQuery(document).unbind( liveConvert(type, this.selector), fn ? { guid: fn.guid + this.selector + type } : null ); + return this; + } +}); + +function liveHandler( event ){ + var check = RegExp("(^|\\.)" + event.type + "(\\.|$)"), + stop = true, + elems = []; + + jQuery.each(jQuery.data(this, "events").live || [], function(i, fn){ + if ( check.test(fn.type) ) { + var elem = jQuery(event.target).closest(fn.data)[0]; + if ( elem ) + elems.push({ elem: elem, fn: fn }); + } + }); + + elems.sort(function(a,b) { + return jQuery.data(a.elem, "closest") - jQuery.data(b.elem, "closest"); + }); + + jQuery.each(elems, function(){ + if ( this.fn.call(this.elem, event, this.fn.data) === false ) + return (stop = false); + }); + + return stop; +} + +function liveConvert(type, selector){ + return ["live", type, selector.replace(/\./g, "`").replace(/ /g, "|")].join("."); +} + +jQuery.extend({ + isReady: false, + readyList: [], + // Handle when the DOM is ready + ready: function() { + // Make sure that the DOM is not already loaded + if ( !jQuery.isReady ) { + // Remember that the DOM is ready + jQuery.isReady = true; + + // If there are functions bound, to execute + if ( jQuery.readyList ) { + // Execute all of them + jQuery.each( jQuery.readyList, function(){ + this.call( document, jQuery ); + }); + + // Reset the list of functions + jQuery.readyList = null; + } + + // Trigger any bound ready events + jQuery(document).triggerHandler("ready"); + } + } +}); + +var readyBound = false; + +function bindReady(){ + if ( readyBound ) return; + readyBound = true; + + // Mozilla, Opera and webkit nightlies currently support this event + if ( document.addEventListener ) { + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", function(){ + document.removeEventListener( "DOMContentLoaded", arguments.callee, false ); + jQuery.ready(); + }, false ); + + // If IE event model is used + } else if ( document.attachEvent ) { + // ensure firing before onload, + // maybe late but safe also for iframes + document.attachEvent("onreadystatechange", function(){ + if ( document.readyState === "complete" ) { + document.detachEvent( "onreadystatechange", arguments.callee ); + jQuery.ready(); + } + }); + + // If IE and not an iframe + // continually check to see if the document is ready + if ( document.documentElement.doScroll && window == window.top ) (function(){ + if ( jQuery.isReady ) return; + + try { + // If IE is used, use the trick by Diego Perini + // http://javascript.nwbox.com/IEContentLoaded/ + document.documentElement.doScroll("left"); + } catch( error ) { + setTimeout( arguments.callee, 0 ); + return; + } + + // and execute any waiting functions + jQuery.ready(); + })(); + } + + // A fallback to window.onload, that will always work + jQuery.event.add( window, "load", jQuery.ready ); +} + +jQuery.each( ("blur,focus,load,resize,scroll,unload,click,dblclick," + + "mousedown,mouseup,mousemove,mouseover,mouseout,mouseenter,mouseleave," + + "change,select,submit,keydown,keypress,keyup,error").split(","), function(i, name){ + + // Handle event binding + jQuery.fn[name] = function(fn){ + return fn ? this.bind(name, fn) : this.trigger(name); + }; +}); + +// Prevent memory leaks in IE +// And prevent errors on refresh with events like mouseover in other browsers +// Window isn't included so as not to unbind existing unload events +jQuery( window ).bind( 'unload', function(){ + for ( var id in jQuery.cache ) + // Skip the window + if ( id != 1 && jQuery.cache[ id ].handle ) + jQuery.event.remove( jQuery.cache[ id ].handle.elem ); +}); +(function(){ + + jQuery.support = {}; + + var root = document.documentElement, + script = document.createElement("script"), + div = document.createElement("div"), + id = "script" + (new Date).getTime(); + + div.style.display = "none"; + div.innerHTML = ' <link/><table></table><a href="/a" style="color:red;float:left;opacity:.5;">a</a><select><option>text</option></select><object><param/></object>'; + + var all = div.getElementsByTagName("*"), + a = div.getElementsByTagName("a")[0]; + + // Can't get basic test support + if ( !all || !all.length || !a ) { + return; + } + + jQuery.support = { + // IE strips leading whitespace when .innerHTML is used + leadingWhitespace: div.firstChild.nodeType == 3, + + // Make sure that tbody elements aren't automatically inserted + // IE will insert them into empty tables + tbody: !div.getElementsByTagName("tbody").length, + + // Make sure that you can get all elements in an <object> element + // IE 7 always returns no results + objectAll: !!div.getElementsByTagName("object")[0] + .getElementsByTagName("*").length, + + // Make sure that link elements get serialized correctly by innerHTML + // This requires a wrapper element in IE + htmlSerialize: !!div.getElementsByTagName("link").length, + + // Get the style information from getAttribute + // (IE uses .cssText insted) + style: /red/.test( a.getAttribute("style") ), + + // Make sure that URLs aren't manipulated + // (IE normalizes it by default) + hrefNormalized: a.getAttribute("href") === "/a", + + // Make sure that element opacity exists + // (IE uses filter instead) + opacity: a.style.opacity === "0.5", + + // Verify style float existence + // (IE uses styleFloat instead of cssFloat) + cssFloat: !!a.style.cssFloat, + + // Will be defined later + scriptEval: false, + noCloneEvent: true, + boxModel: null + }; + + script.type = "text/javascript"; + try { + script.appendChild( document.createTextNode( "window." + id + "=1;" ) ); + } catch(e){} + + root.insertBefore( script, root.firstChild ); + + // Make sure that the execution of code works by injecting a script + // tag with appendChild/createTextNode + // (IE doesn't support this, fails, and uses .text instead) + if ( window[ id ] ) { + jQuery.support.scriptEval = true; + delete window[ id ]; + } + + root.removeChild( script ); + + if ( div.attachEvent && div.fireEvent ) { + div.attachEvent("onclick", function(){ + // Cloning a node shouldn't copy over any + // bound event handlers (IE does this) + jQuery.support.noCloneEvent = false; + div.detachEvent("onclick", arguments.callee); + }); + div.cloneNode(true).fireEvent("onclick"); + } + + // Figure out if the W3C box model works as expected + // document.body must exist before we can do this + jQuery(function(){ + var div = document.createElement("div"); + div.style.width = div.style.paddingLeft = "1px"; + + document.body.appendChild( div ); + jQuery.boxModel = jQuery.support.boxModel = div.offsetWidth === 2; + document.body.removeChild( div ).style.display = 'none'; + }); +})(); + +var styleFloat = jQuery.support.cssFloat ? "cssFloat" : "styleFloat"; + +jQuery.props = { + "for": "htmlFor", + "class": "className", + "float": styleFloat, + cssFloat: styleFloat, + styleFloat: styleFloat, + readonly: "readOnly", + maxlength: "maxLength", + cellspacing: "cellSpacing", + rowspan: "rowSpan", + tabindex: "tabIndex" +}; +jQuery.fn.extend({ + // Keep a copy of the old load + _load: jQuery.fn.load, + + load: function( url, params, callback ) { + if ( typeof url !== "string" ) + return this._load( url ); + + var off = url.indexOf(" "); + if ( off >= 0 ) { + var selector = url.slice(off, url.length); + url = url.slice(0, off); + } + + // Default to a GET request + var type = "GET"; + + // If the second parameter was provided + if ( params ) + // If it's a function + if ( jQuery.isFunction( params ) ) { + // We assume that it's the callback + callback = params; + params = null; + + // Otherwise, build a param string + } else if( typeof params === "object" ) { + params = jQuery.param( params ); + type = "POST"; + } + + var self = this; + + // Request the remote document + jQuery.ajax({ + url: url, + type: type, + dataType: "html", + data: params, + complete: function(res, status){ + // If successful, inject the HTML into all the matched elements + if ( status == "success" || status == "notmodified" ) + // See if a selector was specified + self.html( selector ? + // Create a dummy div to hold the results + jQuery("<div/>") + // inject the contents of the document in, removing the scripts + // to avoid any 'Permission Denied' errors in IE + .append(res.responseText.replace(/<script(.|\s)*?\/script>/g, "")) + + // Locate the specified elements + .find(selector) : + + // If not, just inject the full result + res.responseText ); + + if( callback ) + self.each( callback, [res.responseText, status, res] ); + } + }); + return this; + }, + + serialize: function() { + return jQuery.param(this.serializeArray()); + }, + serializeArray: function() { + return this.map(function(){ + return this.elements ? jQuery.makeArray(this.elements) : this; + }) + .filter(function(){ + return this.name && !this.disabled && + (this.checked || /select|textarea/i.test(this.nodeName) || + /text|hidden|password|search/i.test(this.type)); + }) + .map(function(i, elem){ + var val = jQuery(this).val(); + return val == null ? null : + jQuery.isArray(val) ? + jQuery.map( val, function(val, i){ + return {name: elem.name, value: val}; + }) : + {name: elem.name, value: val}; + }).get(); + } +}); + +// Attach a bunch of functions for handling common AJAX events +jQuery.each( "ajaxStart,ajaxStop,ajaxComplete,ajaxError,ajaxSuccess,ajaxSend".split(","), function(i,o){ + jQuery.fn[o] = function(f){ + return this.bind(o, f); + }; +}); + +var jsc = now(); + +jQuery.extend({ + + get: function( url, data, callback, type ) { + // shift arguments if data argument was ommited + if ( jQuery.isFunction( data ) ) { + callback = data; + data = null; + } + + return jQuery.ajax({ + type: "GET", + url: url, + data: data, + success: callback, + dataType: type + }); + }, + + getScript: function( url, callback ) { + return jQuery.get(url, null, callback, "script"); + }, + + getJSON: function( url, data, callback ) { + return jQuery.get(url, data, callback, "json"); + }, + + post: function( url, data, callback, type ) { + if ( jQuery.isFunction( data ) ) { + callback = data; + data = {}; + } + + return jQuery.ajax({ + type: "POST", + url: url, + data: data, + success: callback, + dataType: type + }); + }, + + ajaxSetup: function( settings ) { + jQuery.extend( jQuery.ajaxSettings, settings ); + }, + + ajaxSettings: { + url: location.href, + global: true, + type: "GET", + contentType: "application/x-www-form-urlencoded", + processData: true, + async: true, + /* + timeout: 0, + data: null, + username: null, + password: null, + */ + // Create the request object; Microsoft failed to properly + // implement the XMLHttpRequest in IE7, so we use the ActiveXObject when it is available + // This function can be overriden by calling jQuery.ajaxSetup + xhr:function(){ + return window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest(); + }, + accepts: { + xml: "application/xml, text/xml", + html: "text/html", + script: "text/javascript, application/javascript", + json: "application/json, text/javascript", + text: "text/plain", + _default: "*/*" + } + }, + + // Last-Modified header cache for next request + lastModified: {}, + + ajax: function( s ) { + // Extend the settings, but re-extend 's' so that it can be + // checked again later (in the test suite, specifically) + s = jQuery.extend(true, s, jQuery.extend(true, {}, jQuery.ajaxSettings, s)); + + var jsonp, jsre = /=\?(&|$)/g, status, data, + type = s.type.toUpperCase(); + + // convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) + s.data = jQuery.param(s.data); + + // Handle JSONP Parameter Callbacks + if ( s.dataType == "jsonp" ) { + if ( type == "GET" ) { + if ( !s.url.match(jsre) ) + s.url += (s.url.match(/\?/) ? "&" : "?") + (s.jsonp || "callback") + "=?"; + } else if ( !s.data || !s.data.match(jsre) ) + s.data = (s.data ? s.data + "&" : "") + (s.jsonp || "callback") + "=?"; + s.dataType = "json"; + } + + // Build temporary JSONP function + if ( s.dataType == "json" && (s.data && s.data.match(jsre) || s.url.match(jsre)) ) { + jsonp = "jsonp" + jsc++; + + // Replace the =? sequence both in the query string and the data + if ( s.data ) + s.data = (s.data + "").replace(jsre, "=" + jsonp + "$1"); + s.url = s.url.replace(jsre, "=" + jsonp + "$1"); + + // We need to make sure + // that a JSONP style response is executed properly + s.dataType = "script"; + + // Handle JSONP-style loading + window[ jsonp ] = function(tmp){ + data = tmp; + success(); + complete(); + // Garbage collect + window[ jsonp ] = undefined; + try{ delete window[ jsonp ]; } catch(e){} + if ( head ) + head.removeChild( script ); + }; + } + + if ( s.dataType == "script" && s.cache == null ) + s.cache = false; + + if ( s.cache === false && type == "GET" ) { + var ts = now(); + // try replacing _= if it is there + var ret = s.url.replace(/(\?|&)_=.*?(&|$)/, "$1_=" + ts + "$2"); + // if nothing was replaced, add timestamp to the end + s.url = ret + ((ret == s.url) ? (s.url.match(/\?/) ? "&" : "?") + "_=" + ts : ""); + } + + // If data is available, append data to url for get requests + if ( s.data && type == "GET" ) { + s.url += (s.url.match(/\?/) ? "&" : "?") + s.data; + + // IE likes to send both get and post data, prevent this + s.data = null; + } + + // Watch for a new set of requests + if ( s.global && ! jQuery.active++ ) + jQuery.event.trigger( "ajaxStart" ); + + // Matches an absolute URL, and saves the domain + var parts = /^(\w+:)?\/\/([^\/?#]+)/.exec( s.url ); + + // If we're requesting a remote document + // and trying to load JSON or Script with a GET + if ( s.dataType == "script" && type == "GET" && parts + && ( parts[1] && parts[1] != location.protocol || parts[2] != location.host )){ + + var head = document.getElementsByTagName("head")[0]; + var script = document.createElement("script"); + script.src = s.url; + if (s.scriptCharset) + script.charset = s.scriptCharset; + + // Handle Script loading + if ( !jsonp ) { + var done = false; + + // Attach handlers for all browsers + script.onload = script.onreadystatechange = function(){ + if ( !done && (!this.readyState || + this.readyState == "loaded" || this.readyState == "complete") ) { + done = true; + success(); + complete(); + + // Handle memory leak in IE + script.onload = script.onreadystatechange = null; + head.removeChild( script ); + } + }; + } + + head.appendChild(script); + + // We handle everything using the script element injection + return undefined; + } + + var requestDone = false; + + // Create the request object + var xhr = s.xhr(); + + // Open the socket + // Passing null username, generates a login popup on Opera (#2865) + if( s.username ) + xhr.open(type, s.url, s.async, s.username, s.password); + else + xhr.open(type, s.url, s.async); + + // Need an extra try/catch for cross domain requests in Firefox 3 + try { + // Set the correct header, if data is being sent + if ( s.data ) + xhr.setRequestHeader("Content-Type", s.contentType); + + // Set the If-Modified-Since header, if ifModified mode. + if ( s.ifModified ) + xhr.setRequestHeader("If-Modified-Since", + jQuery.lastModified[s.url] || "Thu, 01 Jan 1970 00:00:00 GMT" ); + + // Set header so the called script knows that it's an XMLHttpRequest + xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); + + // Set the Accepts header for the server, depending on the dataType + xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ? + s.accepts[ s.dataType ] + ", */*" : + s.accepts._default ); + } catch(e){} + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && s.beforeSend(xhr, s) === false ) { + // Handle the global AJAX counter + if ( s.global && ! --jQuery.active ) + jQuery.event.trigger( "ajaxStop" ); + // close opended socket + xhr.abort(); + return false; + } + + if ( s.global ) + jQuery.event.trigger("ajaxSend", [xhr, s]); + + // Wait for a response to come back + var onreadystatechange = function(isTimeout){ + // The request was aborted, clear the interval and decrement jQuery.active + if (xhr.readyState == 0) { + if (ival) { + // clear poll interval + clearInterval(ival); + ival = null; + // Handle the global AJAX counter + if ( s.global && ! --jQuery.active ) + jQuery.event.trigger( "ajaxStop" ); + } + // The transfer is complete and the data is available, or the request timed out + } else if ( !requestDone && xhr && (xhr.readyState == 4 || isTimeout == "timeout") ) { + requestDone = true; + + // clear poll interval + if (ival) { + clearInterval(ival); + ival = null; + } + + status = isTimeout == "timeout" ? "timeout" : + !jQuery.httpSuccess( xhr ) ? "error" : + s.ifModified && jQuery.httpNotModified( xhr, s.url ) ? "notmodified" : + "success"; + + if ( status == "success" ) { + // Watch for, and catch, XML document parse errors + try { + // process the data (runs the xml through httpData regardless of callback) + data = jQuery.httpData( xhr, s.dataType, s ); + } catch(e) { + status = "parsererror"; + } + } + + // Make sure that the request was successful or notmodified + if ( status == "success" ) { + // Cache Last-Modified header, if ifModified mode. + var modRes; + try { + modRes = xhr.getResponseHeader("Last-Modified"); + } catch(e) {} // swallow exception thrown by FF if header is not available + + if ( s.ifModified && modRes ) + jQuery.lastModified[s.url] = modRes; + + // JSONP handles its own success callback + if ( !jsonp ) + success(); + } else + jQuery.handleError(s, xhr, status); + + // Fire the complete handlers + complete(); + + if ( isTimeout ) + xhr.abort(); + + // Stop memory leaks + if ( s.async ) + xhr = null; + } + }; + + if ( s.async ) { + // don't attach the handler to the request, just poll it instead + var ival = setInterval(onreadystatechange, 13); + + // Timeout checker + if ( s.timeout > 0 ) + setTimeout(function(){ + // Check to see if the request is still happening + if ( xhr && !requestDone ) + onreadystatechange( "timeout" ); + }, s.timeout); + } + + // Send the data + try { + xhr.send(s.data); + } catch(e) { + jQuery.handleError(s, xhr, null, e); + } + + // firefox 1.5 doesn't fire statechange for sync requests + if ( !s.async ) + onreadystatechange(); + + function success(){ + // If a local callback was specified, fire it and pass it the data + if ( s.success ) + s.success( data, status ); + + // Fire the global callback + if ( s.global ) + jQuery.event.trigger( "ajaxSuccess", [xhr, s] ); + } + + function complete(){ + // Process result + if ( s.complete ) + s.complete(xhr, status); + + // The request was completed + if ( s.global ) + jQuery.event.trigger( "ajaxComplete", [xhr, s] ); + + // Handle the global AJAX counter + if ( s.global && ! --jQuery.active ) + jQuery.event.trigger( "ajaxStop" ); + } + + // return XMLHttpRequest to allow aborting the request etc. + return xhr; + }, + + handleError: function( s, xhr, status, e ) { + // If a local callback was specified, fire it + if ( s.error ) s.error( xhr, status, e ); + + // Fire the global callback + if ( s.global ) + jQuery.event.trigger( "ajaxError", [xhr, s, e] ); + }, + + // Counter for holding the number of active queries + active: 0, + + // Determines if an XMLHttpRequest was successful or not + httpSuccess: function( xhr ) { + try { + // IE error sometimes returns 1223 when it should be 204 so treat it as success, see #1450 + return !xhr.status && location.protocol == "file:" || + ( xhr.status >= 200 && xhr.status < 300 ) || xhr.status == 304 || xhr.status == 1223; + } catch(e){} + return false; + }, + + // Determines if an XMLHttpRequest returns NotModified + httpNotModified: function( xhr, url ) { + try { + var xhrRes = xhr.getResponseHeader("Last-Modified"); + + // Firefox always returns 200. check Last-Modified date + return xhr.status == 304 || xhrRes == jQuery.lastModified[url]; + } catch(e){} + return false; + }, + + httpData: function( xhr, type, s ) { + var ct = xhr.getResponseHeader("content-type"), + xml = type == "xml" || !type && ct && ct.indexOf("xml") >= 0, + data = xml ? xhr.responseXML : xhr.responseText; + + if ( xml && data.documentElement.tagName == "parsererror" ) + throw "parsererror"; + + // Allow a pre-filtering function to sanitize the response + // s != null is checked to keep backwards compatibility + if( s && s.dataFilter ) + data = s.dataFilter( data, type ); + + // The filter can actually parse the response + if( typeof data === "string" ){ + + // If the type is "script", eval it in global context + if ( type == "script" ) + jQuery.globalEval( data ); + + // Get the JavaScript object, if JSON is used. + if ( type == "json" ) + data = window["eval"]("(" + data + ")"); + } + + return data; + }, + + // Serialize an array of form elements or a set of + // key/values into a query string + param: function( a ) { + var s = [ ]; + + function add( key, value ){ + s[ s.length ] = encodeURIComponent(key) + '=' + encodeURIComponent(value); + }; + + // If an array was passed in, assume that it is an array + // of form elements + if ( jQuery.isArray(a) || a.jquery ) + // Serialize the form elements + jQuery.each( a, function(){ + add( this.name, this.value ); + }); + + // Otherwise, assume that it's an object of key/value pairs + else + // Serialize the key/values + for ( var j in a ) + // If the value is an array then the key names need to be repeated + if ( jQuery.isArray(a[j]) ) + jQuery.each( a[j], function(){ + add( j, this ); + }); + else + add( j, jQuery.isFunction(a[j]) ? a[j]() : a[j] ); + + // Return the resulting serialization + return s.join("&").replace(/%20/g, "+"); + } + +}); +var elemdisplay = {}, + timerId, + fxAttrs = [ + // height animations + [ "height", "marginTop", "marginBottom", "paddingTop", "paddingBottom" ], + // width animations + [ "width", "marginLeft", "marginRight", "paddingLeft", "paddingRight" ], + // opacity animations + [ "opacity" ] + ]; + +function genFx( type, num ){ + var obj = {}; + jQuery.each( fxAttrs.concat.apply([], fxAttrs.slice(0,num)), function(){ + obj[ this ] = type; + }); + return obj; +} + +jQuery.fn.extend({ + show: function(speed,callback){ + if ( speed ) { + return this.animate( genFx("show", 3), speed, callback); + } else { + for ( var i = 0, l = this.length; i < l; i++ ){ + var old = jQuery.data(this[i], "olddisplay"); + + this[i].style.display = old || ""; + + if ( jQuery.css(this[i], "display") === "none" ) { + var tagName = this[i].tagName, display; + + if ( elemdisplay[ tagName ] ) { + display = elemdisplay[ tagName ]; + } else { + var elem = jQuery("<" + tagName + " />").appendTo("body"); + + display = elem.css("display"); + if ( display === "none" ) + display = "block"; + + elem.remove(); + + elemdisplay[ tagName ] = display; + } + + jQuery.data(this[i], "olddisplay", display); + } + } + + // Set the display of the elements in a second loop + // to avoid the constant reflow + for ( var i = 0, l = this.length; i < l; i++ ){ + this[i].style.display = jQuery.data(this[i], "olddisplay") || ""; + } + + return this; + } + }, + + hide: function(speed,callback){ + if ( speed ) { + return this.animate( genFx("hide", 3), speed, callback); + } else { + for ( var i = 0, l = this.length; i < l; i++ ){ + var old = jQuery.data(this[i], "olddisplay"); + if ( !old && old !== "none" ) + jQuery.data(this[i], "olddisplay", jQuery.css(this[i], "display")); + } + + // Set the display of the elements in a second loop + // to avoid the constant reflow + for ( var i = 0, l = this.length; i < l; i++ ){ + this[i].style.display = "none"; + } + + return this; + } + }, + + // Save the old toggle function + _toggle: jQuery.fn.toggle, + + toggle: function( fn, fn2 ){ + var bool = typeof fn === "boolean"; + + return jQuery.isFunction(fn) && jQuery.isFunction(fn2) ? + this._toggle.apply( this, arguments ) : + fn == null || bool ? + this.each(function(){ + var state = bool ? fn : jQuery(this).is(":hidden"); + jQuery(this)[ state ? "show" : "hide" ](); + }) : + this.animate(genFx("toggle", 3), fn, fn2); + }, + + fadeTo: function(speed,to,callback){ + return this.animate({opacity: to}, speed, callback); + }, + + animate: function( prop, speed, easing, callback ) { + var optall = jQuery.speed(speed, easing, callback); + + return this[ optall.queue === false ? "each" : "queue" ](function(){ + + var opt = jQuery.extend({}, optall), p, + hidden = this.nodeType == 1 && jQuery(this).is(":hidden"), + self = this; + + for ( p in prop ) { + if ( prop[p] == "hide" && hidden || prop[p] == "show" && !hidden ) + return opt.complete.call(this); + + if ( ( p == "height" || p == "width" ) && this.style ) { + // Store display property + opt.display = jQuery.css(this, "display"); + + // Make sure that nothing sneaks out + opt.overflow = this.style.overflow; + } + } + + if ( opt.overflow != null ) + this.style.overflow = "hidden"; + + opt.curAnim = jQuery.extend({}, prop); + + jQuery.each( prop, function(name, val){ + var e = new jQuery.fx( self, opt, name ); + + if ( /toggle|show|hide/.test(val) ) + e[ val == "toggle" ? hidden ? "show" : "hide" : val ]( prop ); + else { + var parts = val.toString().match(/^([+-]=)?([\d+-.]+)(.*)$/), + start = e.cur(true) || 0; + + if ( parts ) { + var end = parseFloat(parts[2]), + unit = parts[3] || "px"; + + // We need to compute starting value + if ( unit != "px" ) { + self.style[ name ] = (end || 1) + unit; + start = ((end || 1) / e.cur(true)) * start; + self.style[ name ] = start + unit; + } + + // If a +=/-= token was provided, we're doing a relative animation + if ( parts[1] ) + end = ((parts[1] == "-=" ? -1 : 1) * end) + start; + + e.custom( start, end, unit ); + } else + e.custom( start, val, "" ); + } + }); + + // For JS strict compliance + return true; + }); + }, + + stop: function(clearQueue, gotoEnd){ + var timers = jQuery.timers; + + if (clearQueue) + this.queue([]); + + this.each(function(){ + // go in reverse order so anything added to the queue during the loop is ignored + for ( var i = timers.length - 1; i >= 0; i-- ) + if ( timers[i].elem == this ) { + if (gotoEnd) + // force the next step to be the last + timers[i](true); + timers.splice(i, 1); + } + }); + + // start the next in the queue if the last step wasn't forced + if (!gotoEnd) + this.dequeue(); + + return this; + } + +}); + +// Generate shortcuts for custom animations +jQuery.each({ + slideDown: genFx("show", 1), + slideUp: genFx("hide", 1), + slideToggle: genFx("toggle", 1), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" } +}, function( name, props ){ + jQuery.fn[ name ] = function( speed, callback ){ + return this.animate( props, speed, callback ); + }; +}); + +jQuery.extend({ + + speed: function(speed, easing, fn) { + var opt = typeof speed === "object" ? speed : { + complete: fn || !fn && easing || + jQuery.isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !jQuery.isFunction(easing) && easing + }; + + opt.duration = jQuery.fx.off ? 0 : typeof opt.duration === "number" ? opt.duration : + jQuery.fx.speeds[opt.duration] || jQuery.fx.speeds._default; + + // Queueing + opt.old = opt.complete; + opt.complete = function(){ + if ( opt.queue !== false ) + jQuery(this).dequeue(); + if ( jQuery.isFunction( opt.old ) ) + opt.old.call( this ); + }; + + return opt; + }, + + easing: { + linear: function( p, n, firstNum, diff ) { + return firstNum + diff * p; + }, + swing: function( p, n, firstNum, diff ) { + return ((-Math.cos(p*Math.PI)/2) + 0.5) * diff + firstNum; + } + }, + + timers: [], + + fx: function( elem, options, prop ){ + this.options = options; + this.elem = elem; + this.prop = prop; + + if ( !options.orig ) + options.orig = {}; + } + +}); + +jQuery.fx.prototype = { + + // Simple function for setting a style value + update: function(){ + if ( this.options.step ) + this.options.step.call( this.elem, this.now, this ); + + (jQuery.fx.step[this.prop] || jQuery.fx.step._default)( this ); + + // Set display property to block for height/width animations + if ( ( this.prop == "height" || this.prop == "width" ) && this.elem.style ) + this.elem.style.display = "block"; + }, + + // Get the current size + cur: function(force){ + if ( this.elem[this.prop] != null && (!this.elem.style || this.elem.style[this.prop] == null) ) + return this.elem[ this.prop ]; + + var r = parseFloat(jQuery.css(this.elem, this.prop, force)); + return r && r > -10000 ? r : parseFloat(jQuery.curCSS(this.elem, this.prop)) || 0; + }, + + // Start an animation from one number to another + custom: function(from, to, unit){ + this.startTime = now(); + this.start = from; + this.end = to; + this.unit = unit || this.unit || "px"; + this.now = this.start; + this.pos = this.state = 0; + + var self = this; + function t(gotoEnd){ + return self.step(gotoEnd); + } + + t.elem = this.elem; + + if ( t() && jQuery.timers.push(t) && !timerId ) { + timerId = setInterval(function(){ + var timers = jQuery.timers; + + for ( var i = 0; i < timers.length; i++ ) + if ( !timers[i]() ) + timers.splice(i--, 1); + + if ( !timers.length ) { + clearInterval( timerId ); + timerId = undefined; + } + }, 13); + } + }, + + // Simple 'show' function + show: function(){ + // Remember where we started, so that we can go back to it later + this.options.orig[this.prop] = jQuery.attr( this.elem.style, this.prop ); + this.options.show = true; + + // Begin the animation + // Make sure that we start at a small width/height to avoid any + // flash of content + this.custom(this.prop == "width" || this.prop == "height" ? 1 : 0, this.cur()); + + // Start by showing the element + jQuery(this.elem).show(); + }, + + // Simple 'hide' function + hide: function(){ + // Remember where we started, so that we can go back to it later + this.options.orig[this.prop] = jQuery.attr( this.elem.style, this.prop ); + this.options.hide = true; + + // Begin the animation + this.custom(this.cur(), 0); + }, + + // Each step of an animation + step: function(gotoEnd){ + var t = now(); + + if ( gotoEnd || t >= this.options.duration + this.startTime ) { + this.now = this.end; + this.pos = this.state = 1; + this.update(); + + this.options.curAnim[ this.prop ] = true; + + var done = true; + for ( var i in this.options.curAnim ) + if ( this.options.curAnim[i] !== true ) + done = false; + + if ( done ) { + if ( this.options.display != null ) { + // Reset the overflow + this.elem.style.overflow = this.options.overflow; + + // Reset the display + this.elem.style.display = this.options.display; + if ( jQuery.css(this.elem, "display") == "none" ) + this.elem.style.display = "block"; + } + + // Hide the element if the "hide" operation was done + if ( this.options.hide ) + jQuery(this.elem).hide(); + + // Reset the properties, if the item has been hidden or shown + if ( this.options.hide || this.options.show ) + for ( var p in this.options.curAnim ) + jQuery.attr(this.elem.style, p, this.options.orig[p]); + + // Execute the complete function + this.options.complete.call( this.elem ); + } + + return false; + } else { + var n = t - this.startTime; + this.state = n / this.options.duration; + + // Perform the easing function, defaults to swing + this.pos = jQuery.easing[this.options.easing || (jQuery.easing.swing ? "swing" : "linear")](this.state, n, 0, 1, this.options.duration); + this.now = this.start + ((this.end - this.start) * this.pos); + + // Perform the next step of the animation + this.update(); + } + + return true; + } + +}; + +jQuery.extend( jQuery.fx, { + speeds:{ + slow: 600, + fast: 200, + // Default speed + _default: 400 + }, + step: { + + opacity: function(fx){ + jQuery.attr(fx.elem.style, "opacity", fx.now); + }, + + _default: function(fx){ + if ( fx.elem.style && fx.elem.style[ fx.prop ] != null ) + fx.elem.style[ fx.prop ] = fx.now + fx.unit; + else + fx.elem[ fx.prop ] = fx.now; + } + } +}); +if ( document.documentElement["getBoundingClientRect"] ) + jQuery.fn.offset = function() { + if ( !this[0] ) return { top: 0, left: 0 }; + if ( this[0] === this[0].ownerDocument.body ) return jQuery.offset.bodyOffset( this[0] ); + var box = this[0].getBoundingClientRect(), doc = this[0].ownerDocument, body = doc.body, docElem = doc.documentElement, + clientTop = docElem.clientTop || body.clientTop || 0, clientLeft = docElem.clientLeft || body.clientLeft || 0, + top = box.top + (self.pageYOffset || jQuery.boxModel && docElem.scrollTop || body.scrollTop ) - clientTop, + left = box.left + (self.pageXOffset || jQuery.boxModel && docElem.scrollLeft || body.scrollLeft) - clientLeft; + return { top: top, left: left }; + }; +else + jQuery.fn.offset = function() { + if ( !this[0] ) return { top: 0, left: 0 }; + if ( this[0] === this[0].ownerDocument.body ) return jQuery.offset.bodyOffset( this[0] ); + jQuery.offset.initialized || jQuery.offset.initialize(); + + var elem = this[0], offsetParent = elem.offsetParent, prevOffsetParent = elem, + doc = elem.ownerDocument, computedStyle, docElem = doc.documentElement, + body = doc.body, defaultView = doc.defaultView, + prevComputedStyle = defaultView.getComputedStyle(elem, null), + top = elem.offsetTop, left = elem.offsetLeft; + + while ( (elem = elem.parentNode) && elem !== body && elem !== docElem ) { + computedStyle = defaultView.getComputedStyle(elem, null); + top -= elem.scrollTop, left -= elem.scrollLeft; + if ( elem === offsetParent ) { + top += elem.offsetTop, left += elem.offsetLeft; + if ( jQuery.offset.doesNotAddBorder && !(jQuery.offset.doesAddBorderForTableAndCells && /^t(able|d|h)$/i.test(elem.tagName)) ) + top += parseInt( computedStyle.borderTopWidth, 10) || 0, + left += parseInt( computedStyle.borderLeftWidth, 10) || 0; + prevOffsetParent = offsetParent, offsetParent = elem.offsetParent; + } + if ( jQuery.offset.subtractsBorderForOverflowNotVisible && computedStyle.overflow !== "visible" ) + top += parseInt( computedStyle.borderTopWidth, 10) || 0, + left += parseInt( computedStyle.borderLeftWidth, 10) || 0; + prevComputedStyle = computedStyle; + } + + if ( prevComputedStyle.position === "relative" || prevComputedStyle.position === "static" ) + top += body.offsetTop, + left += body.offsetLeft; + + if ( prevComputedStyle.position === "fixed" ) + top += Math.max(docElem.scrollTop, body.scrollTop), + left += Math.max(docElem.scrollLeft, body.scrollLeft); + + return { top: top, left: left }; + }; + +jQuery.offset = { + initialize: function() { + if ( this.initialized ) return; + var body = document.body, container = document.createElement('div'), innerDiv, checkDiv, table, td, rules, prop, bodyMarginTop = body.style.marginTop, + html = '<div style="position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;"><div></div></div><table style="position:absolute;top:0;left:0;margin:0;border:5px solid #000;padding:0;width:1px;height:1px;" cellpadding="0" cellspacing="0"><tr><td></td></tr></table>'; + + rules = { position: 'absolute', top: 0, left: 0, margin: 0, border: 0, width: '1px', height: '1px', visibility: 'hidden' }; + for ( prop in rules ) container.style[prop] = rules[prop]; + + container.innerHTML = html; + body.insertBefore(container, body.firstChild); + innerDiv = container.firstChild, checkDiv = innerDiv.firstChild, td = innerDiv.nextSibling.firstChild.firstChild; + + this.doesNotAddBorder = (checkDiv.offsetTop !== 5); + this.doesAddBorderForTableAndCells = (td.offsetTop === 5); + + innerDiv.style.overflow = 'hidden', innerDiv.style.position = 'relative'; + this.subtractsBorderForOverflowNotVisible = (checkDiv.offsetTop === -5); + + body.style.marginTop = '1px'; + this.doesNotIncludeMarginInBodyOffset = (body.offsetTop === 0); + body.style.marginTop = bodyMarginTop; + + body.removeChild(container); + this.initialized = true; + }, + + bodyOffset: function(body) { + jQuery.offset.initialized || jQuery.offset.initialize(); + var top = body.offsetTop, left = body.offsetLeft; + if ( jQuery.offset.doesNotIncludeMarginInBodyOffset ) + top += parseInt( jQuery.curCSS(body, 'marginTop', true), 10 ) || 0, + left += parseInt( jQuery.curCSS(body, 'marginLeft', true), 10 ) || 0; + return { top: top, left: left }; + } +}; + + +jQuery.fn.extend({ + position: function() { + var left = 0, top = 0, results; + + if ( this[0] ) { + // Get *real* offsetParent + var offsetParent = this.offsetParent(), + + // Get correct offsets + offset = this.offset(), + parentOffset = /^body|html$/i.test(offsetParent[0].tagName) ? { top: 0, left: 0 } : offsetParent.offset(); + + // Subtract element margins + // note: when an element has margin: auto the offsetLeft and marginLeft + // are the same in Safari causing offset.left to incorrectly be 0 + offset.top -= num( this, 'marginTop' ); + offset.left -= num( this, 'marginLeft' ); + + // Add offsetParent borders + parentOffset.top += num( offsetParent, 'borderTopWidth' ); + parentOffset.left += num( offsetParent, 'borderLeftWidth' ); + + // Subtract the two offsets + results = { + top: offset.top - parentOffset.top, + left: offset.left - parentOffset.left + }; + } + + return results; + }, + + offsetParent: function() { + var offsetParent = this[0].offsetParent || document.body; + while ( offsetParent && (!/^body|html$/i.test(offsetParent.tagName) && jQuery.css(offsetParent, 'position') == 'static') ) + offsetParent = offsetParent.offsetParent; + return jQuery(offsetParent); + } +}); + + +// Create scrollLeft and scrollTop methods +jQuery.each( ['Left', 'Top'], function(i, name) { + var method = 'scroll' + name; + + jQuery.fn[ method ] = function(val) { + if (!this[0]) return null; + + return val !== undefined ? + + // Set the scroll offset + this.each(function() { + this == window || this == document ? + window.scrollTo( + !i ? val : jQuery(window).scrollLeft(), + i ? val : jQuery(window).scrollTop() + ) : + this[ method ] = val; + }) : + + // Return the scroll offset + this[0] == window || this[0] == document ? + self[ i ? 'pageYOffset' : 'pageXOffset' ] || + jQuery.boxModel && document.documentElement[ method ] || + document.body[ method ] : + this[0][ method ]; + }; +}); +// Create innerHeight, innerWidth, outerHeight and outerWidth methods +jQuery.each([ "Height", "Width" ], function(i, name){ + + var tl = i ? "Left" : "Top", // top or left + br = i ? "Right" : "Bottom", // bottom or right + lower = name.toLowerCase(); + + // innerHeight and innerWidth + jQuery.fn["inner" + name] = function(){ + return this[0] ? + jQuery.css( this[0], lower, false, "padding" ) : + null; + }; + + // outerHeight and outerWidth + jQuery.fn["outer" + name] = function(margin) { + return this[0] ? + jQuery.css( this[0], lower, false, margin ? "margin" : "border" ) : + null; + }; + + var type = name.toLowerCase(); + + jQuery.fn[ type ] = function( size ) { + // Get window width or height + return this[0] == window ? + // Everyone else use document.documentElement or document.body depending on Quirks vs Standards mode + document.compatMode == "CSS1Compat" && document.documentElement[ "client" + name ] || + document.body[ "client" + name ] : + + // Get document width or height + this[0] == document ? + // Either scroll[Width/Height] or offset[Width/Height], whichever is greater + Math.max( + document.documentElement["client" + name], + document.body["scroll" + name], document.documentElement["scroll" + name], + document.body["offset" + name], document.documentElement["offset" + name] + ) : + + // Get or set width or height on the element + size === undefined ? + // Get width or height on the element + (this.length ? jQuery.css( this[0], type ) : null) : + + // Set the width or height on the element (default to pixels if value is unitless) + this.css( type, typeof size === "string" ? size : size + "px" ); + }; + +}); +})(); diff --git a/config/snort/javascript/jquery.blockUI.js b/config/snort/javascript/jquery.blockUI.js new file mode 100644 index 00000000..57318334 --- /dev/null +++ b/config/snort/javascript/jquery.blockUI.js @@ -0,0 +1,463 @@ +/*! + * jQuery blockUI plugin + * Version 2.26 (09-SEP-2009) + * @requires jQuery v1.2.3 or later + * + * Examples at: http://malsup.com/jquery/block/ + * Copyright (c) 2007-2008 M. Alsup + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + * Thanks to Amir-Hossein Sobhi for some excellent contributions! + */ + +;(function($) { + +if (/1\.(0|1|2)\.(0|1|2)/.test($.fn.jquery) || /^1.1/.test($.fn.jquery)) { + alert('blockUI requires jQuery v1.2.3 or later! You are using v' + $.fn.jquery); + return; +} + +$.fn._fadeIn = $.fn.fadeIn; + +// this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle +// retarded userAgent strings on Vista) +var mode = document.documentMode || 0; +var setExpr = $.browser.msie && (($.browser.version < 8 && !mode) || mode < 8); +var ie6 = $.browser.msie && /MSIE 6.0/.test(navigator.userAgent) && !mode; + +// global $ methods for blocking/unblocking the entire page +$.blockUI = function(opts) { install(window, opts); }; +$.unblockUI = function(opts) { remove(window, opts); }; + +// convenience method for quick growl-like notifications (http://www.google.com/search?q=growl) +$.growlUI = function(title, message, timeout, onClose) { + var $m = $('<div class="growlUI"></div>'); + if (title) $m.append('<h1>'+title+'</h1>'); + if (message) $m.append('<h2>'+message+'</h2>'); + if (timeout == undefined) timeout = 3000; + $.blockUI({ + message: $m, fadeIn: 700, fadeOut: 1000, centerY: false, + timeout: timeout, showOverlay: false, + onUnblock: onClose, + css: $.blockUI.defaults.growlCSS + }); +}; + +// plugin method for blocking element content +$.fn.block = function(opts) { + return this.unblock({ fadeOut: 0 }).each(function() { + if ($.css(this,'position') == 'static') + this.style.position = 'relative'; + if ($.browser.msie) + this.style.zoom = 1; // force 'hasLayout' + install(this, opts); + }); +}; + +// plugin method for unblocking element content +$.fn.unblock = function(opts) { + return this.each(function() { + remove(this, opts); + }); +}; + +$.blockUI.version = 2.26; // 2nd generation blocking at no extra cost! + +// override these in your code to change the default behavior and style +$.blockUI.defaults = { + // message displayed when blocking (use null for no message) + message: '<h1>Please wait...</h1>', + + title: null, // title string; only used when theme == true + draggable: true, // only used when theme == true (requires jquery-ui.js to be loaded) + + theme: false, // set to true to use with jQuery UI themes + + // styles for the message when blocking; if you wish to disable + // these and use an external stylesheet then do this in your code: + // $.blockUI.defaults.css = {}; + css: { + padding: 0, + margin: 0, + width: '30%', + top: '40%', + left: '35%', + textAlign: 'center', + color: '#000', + border: '3px solid #aaa', + backgroundColor:'#fff', + cursor: 'wait' + }, + + // minimal style set used when themes are used + themedCSS: { + width: '30%', + top: '40%', + left: '35%' + }, + + // styles for the overlay + overlayCSS: { + backgroundColor: '#000', + opacity: 0.6, + cursor: 'wait' + }, + + // styles applied when using $.growlUI + growlCSS: { + width: '350px', + top: '10px', + left: '', + right: '10px', + border: 'none', + padding: '5px', + opacity: 0.6, + cursor: 'default', + color: '#fff', + backgroundColor: '#000', + '-webkit-border-radius': '10px', + '-moz-border-radius': '10px' + }, + + // IE issues: 'about:blank' fails on HTTPS and javascript:false is s-l-o-w + // (hat tip to Jorge H. N. de Vasconcelos) + iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank', + + // force usage of iframe in non-IE browsers (handy for blocking applets) + forceIframe: false, + + // z-index for the blocking overlay + baseZ: 1000, + + // set these to true to have the message automatically centered + centerX: true, // <-- only effects element blocking (page block controlled via css above) + centerY: true, + + // allow body element to be stetched in ie6; this makes blocking look better + // on "short" pages. disable if you wish to prevent changes to the body height + allowBodyStretch: true, + + // enable if you want key and mouse events to be disabled for content that is blocked + bindEvents: true, + + // be default blockUI will supress tab navigation from leaving blocking content + // (if bindEvents is true) + constrainTabKey: true, + + // fadeIn time in millis; set to 0 to disable fadeIn on block + fadeIn: 200, + + // fadeOut time in millis; set to 0 to disable fadeOut on unblock + fadeOut: 400, + + // time in millis to wait before auto-unblocking; set to 0 to disable auto-unblock + timeout: 0, + + // disable if you don't want to show the overlay + showOverlay: true, + + // if true, focus will be placed in the first available input field when + // page blocking + focusInput: true, + + // suppresses the use of overlay styles on FF/Linux (due to performance issues with opacity) + applyPlatformOpacityRules: true, + + // callback method invoked when unblocking has completed; the callback is + // passed the element that has been unblocked (which is the window object for page + // blocks) and the options that were passed to the unblock call: + // onUnblock(element, options) + onUnblock: null, + + // don't ask; if you really must know: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a79a77a78e493 + quirksmodeOffsetHack: 4 +}; + +// private data and functions follow... + +var pageBlock = null; +var pageBlockEls = []; + +function install(el, opts) { + var full = (el == window); + var msg = opts && opts.message !== undefined ? opts.message : undefined; + opts = $.extend({}, $.blockUI.defaults, opts || {}); + opts.overlayCSS = $.extend({}, $.blockUI.defaults.overlayCSS, opts.overlayCSS || {}); + var css = $.extend({}, $.blockUI.defaults.css, opts.css || {}); + var themedCSS = $.extend({}, $.blockUI.defaults.themedCSS, opts.themedCSS || {}); + msg = msg === undefined ? opts.message : msg; + + // remove the current block (if there is one) + if (full && pageBlock) + remove(window, {fadeOut:0}); + + // if an existing element is being used as the blocking content then we capture + // its current place in the DOM (and current display style) so we can restore + // it when we unblock + if (msg && typeof msg != 'string' && (msg.parentNode || msg.jquery)) { + var node = msg.jquery ? msg[0] : msg; + var data = {}; + $(el).data('blockUI.history', data); + data.el = node; + data.parent = node.parentNode; + data.display = node.style.display; + data.position = node.style.position; + if (data.parent) + data.parent.removeChild(node); + } + + var z = opts.baseZ; + + // blockUI uses 3 layers for blocking, for simplicity they are all used on every platform; + // layer1 is the iframe layer which is used to supress bleed through of underlying content + // layer2 is the overlay layer which has opacity and a wait cursor (by default) + // layer3 is the message content that is displayed while blocking + + var lyr1 = ($.browser.msie || opts.forceIframe) + ? $('<iframe class="blockUI" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+opts.iframeSrc+'"></iframe>') + : $('<div class="blockUI" style="display:none"></div>'); + var lyr2 = $('<div class="blockUI blockOverlay" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>'); + + var lyr3; + if (opts.theme && full) { + var s = '<div class="blockUI blockMsg blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+z+';display:none;position:fixed">' + + '<div class="ui-widget-header ui-dialog-titlebar blockTitle">'+(opts.title || ' ')+'</div>' + + '<div class="ui-widget-content ui-dialog-content"></div>' + + '</div>'; + lyr3 = $(s); + } + else { + lyr3 = full ? $('<div class="blockUI blockMsg blockPage" style="z-index:'+z+';display:none;position:fixed"></div>') + : $('<div class="blockUI blockMsg blockElement" style="z-index:'+z+';display:none;position:absolute"></div>'); + } + + // if we have a message, style it + if (msg) { + if (opts.theme) { + lyr3.css(themedCSS); + lyr3.addClass('ui-widget-content'); + } + else + lyr3.css(css); + } + + // style the overlay + if (!opts.applyPlatformOpacityRules || !($.browser.mozilla && /Linux/.test(navigator.platform))) + lyr2.css(opts.overlayCSS); + lyr2.css('position', full ? 'fixed' : 'absolute'); + + // make iframe layer transparent in IE + if ($.browser.msie || opts.forceIframe) + lyr1.css('opacity',0.0); + + $([lyr1[0],lyr2[0],lyr3[0]]).appendTo(full ? 'body' : el); + + if (opts.theme && opts.draggable && $.fn.draggable) { + lyr3.draggable({ + handle: '.ui-dialog-titlebar', + cancel: 'li' + }); + } + + // ie7 must use absolute positioning in quirks mode and to account for activex issues (when scrolling) + var expr = setExpr && (!$.boxModel || $('object,embed', full ? null : el).length > 0); + if (ie6 || expr) { + // give body 100% height + if (full && opts.allowBodyStretch && $.boxModel) + $('html,body').css('height','100%'); + + // fix ie6 issue when blocked element has a border width + if ((ie6 || !$.boxModel) && !full) { + var t = sz(el,'borderTopWidth'), l = sz(el,'borderLeftWidth'); + var fixT = t ? '(0 - '+t+')' : 0; + var fixL = l ? '(0 - '+l+')' : 0; + } + + // simulate fixed position + $.each([lyr1,lyr2,lyr3], function(i,o) { + var s = o[0].style; + s.position = 'absolute'; + if (i < 2) { + full ? s.setExpression('height','Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.boxModel?0:'+opts.quirksmodeOffsetHack+') + "px"') + : s.setExpression('height','this.parentNode.offsetHeight + "px"'); + full ? s.setExpression('width','jQuery.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"') + : s.setExpression('width','this.parentNode.offsetWidth + "px"'); + if (fixL) s.setExpression('left', fixL); + if (fixT) s.setExpression('top', fixT); + } + else if (opts.centerY) { + if (full) s.setExpression('top','(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"'); + s.marginTop = 0; + } + else if (!opts.centerY && full) { + var top = (opts.css && opts.css.top) ? parseInt(opts.css.top) : 0; + var expression = '((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + '+top+') + "px"'; + s.setExpression('top',expression); + } + }); + } + + // show the message + if (msg) { + if (opts.theme) + lyr3.find('.ui-widget-content').append(msg); + else + lyr3.append(msg); + if (msg.jquery || msg.nodeType) + $(msg).show(); + } + + if (($.browser.msie || opts.forceIframe) && opts.showOverlay) + lyr1.show(); // opacity is zero + if (opts.fadeIn) { + if (opts.showOverlay) + lyr2._fadeIn(opts.fadeIn); + if (msg) + lyr3.fadeIn(opts.fadeIn); + } + else { + if (opts.showOverlay) + lyr2.show(); + if (msg) + lyr3.show(); + } + + // bind key and mouse events + bind(1, el, opts); + + if (full) { + pageBlock = lyr3[0]; + pageBlockEls = $(':input:enabled:visible',pageBlock); + if (opts.focusInput) + setTimeout(focus, 20); + } + else + center(lyr3[0], opts.centerX, opts.centerY); + + if (opts.timeout) { + // auto-unblock + var to = setTimeout(function() { + full ? $.unblockUI(opts) : $(el).unblock(opts); + }, opts.timeout); + $(el).data('blockUI.timeout', to); + } +}; + +// remove the block +function remove(el, opts) { + var full = (el == window); + var $el = $(el); + var data = $el.data('blockUI.history'); + var to = $el.data('blockUI.timeout'); + if (to) { + clearTimeout(to); + $el.removeData('blockUI.timeout'); + } + opts = $.extend({}, $.blockUI.defaults, opts || {}); + bind(0, el, opts); // unbind events + + var els; + if (full) // crazy selector to handle odd field errors in ie6/7 + els = $('body').children().filter('.blockUI').add('body > .blockUI'); + else + els = $('.blockUI', el); + + if (full) + pageBlock = pageBlockEls = null; + + if (opts.fadeOut) { + els.fadeOut(opts.fadeOut); + setTimeout(function() { reset(els,data,opts,el); }, opts.fadeOut); + } + else + reset(els, data, opts, el); +}; + +// move blocking element back into the DOM where it started +function reset(els,data,opts,el) { + els.each(function(i,o) { + // remove via DOM calls so we don't lose event handlers + if (this.parentNode) + this.parentNode.removeChild(this); + }); + + if (data && data.el) { + data.el.style.display = data.display; + data.el.style.position = data.position; + if (data.parent) + data.parent.appendChild(data.el); + $(data.el).removeData('blockUI.history'); + } + + if (typeof opts.onUnblock == 'function') + opts.onUnblock(el,opts); +}; + +// bind/unbind the handler +function bind(b, el, opts) { + var full = el == window, $el = $(el); + + // don't bother unbinding if there is nothing to unbind + if (!b && (full && !pageBlock || !full && !$el.data('blockUI.isBlocked'))) + return; + if (!full) + $el.data('blockUI.isBlocked', b); + + // don't bind events when overlay is not in use or if bindEvents is false + if (!opts.bindEvents || (b && !opts.showOverlay)) + return; + + // bind anchors and inputs for mouse and key events + var events = 'mousedown mouseup keydown keypress'; + b ? $(document).bind(events, opts, handler) : $(document).unbind(events, handler); + +// former impl... +// var $e = $('a,:input'); +// b ? $e.bind(events, opts, handler) : $e.unbind(events, handler); +}; + +// event handler to suppress keyboard/mouse events when blocking +function handler(e) { + // allow tab navigation (conditionally) + if (e.keyCode && e.keyCode == 9) { + if (pageBlock && e.data.constrainTabKey) { + var els = pageBlockEls; + var fwd = !e.shiftKey && e.target == els[els.length-1]; + var back = e.shiftKey && e.target == els[0]; + if (fwd || back) { + setTimeout(function(){focus(back)},10); + return false; + } + } + } + // allow events within the message content + if ($(e.target).parents('div.blockMsg').length > 0) + return true; + + // allow events for content that is not being blocked + return $(e.target).parents().children().filter('div.blockUI').length == 0; +}; + +function focus(back) { + if (!pageBlockEls) + return; + var e = pageBlockEls[back===true ? pageBlockEls.length-1 : 0]; + if (e) + e.focus(); +}; + +function center(el, x, y) { + var p = el.parentNode, s = el.style; + var l = ((p.offsetWidth - el.offsetWidth)/2) - sz(p,'borderLeftWidth'); + var t = ((p.offsetHeight - el.offsetHeight)/2) - sz(p,'borderTopWidth'); + if (x) s.left = l > 0 ? (l+'px') : '0'; + if (y) s.top = t > 0 ? (t+'px') : '0'; +}; + +function sz(el, p) { + return parseInt($.css(el,p))||0; +}; + +})(jQuery); diff --git a/config/snort/javascript/mootools.js b/config/snort/javascript/mootools.js new file mode 100644 index 00000000..e058db83 --- /dev/null +++ b/config/snort/javascript/mootools.js @@ -0,0 +1,3 @@ +//MooTools, My Object Oriented Javascript Tools. Copyright (c) 2006 Valerio Proietti, <http://mad4milk.net>, MIT Style License. + +eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o ay={a6:\'1.11\'};m $5B(N){k(N!=9e)};m $G(N){B(!$5B(N))k U;B(N.4t)k\'L\';o G=5X N;B(G==\'2t\'&&N.a8){21(N.7v){Y 1:k\'L\';Y 3:k(/\\S/).2N(N.91)?\'a9\':\'bo\'}}B(G==\'2t\'||G==\'m\'){21(N.7X){Y 2j:k\'1u\';Y 7u:k\'5e\';Y 1f:k\'7F\'}B(5X N.V==\'3P\'){B(N.2U)k\'bw\';B(N.7b)k\'1b\'}}k G};m $1Q(){o 4f={};M(o i=0;i<1b.V;i++){M(o I 1e 1b[i]){o ap=1b[i][I];o 5z=4f[I];B(5z&&$G(ap)==\'2t\'&&$G(5z)==\'2t\')4f[I]=$1Q(5z,ap);19 4f[I]=ap}}k 4f};o $Q=m(){o 1l=1b;B(!1l[1])1l=[c,1l[0]];M(o I 1e 1l[1])1l[0][I]=1l[1][I];k 1l[0]};o $4d=m(){M(o i=0,l=1b.V;i<l;i++){1b[i].Q=m(1N){M(o 1T 1e 1N){B(!c.1x[1T])c.1x[1T]=1N[1T];B(!c[1T])c[1T]=$4d.6c(1T)}}}};$4d.6c=m(1T){k m(17){k c.1x[1T].3t(17,2j.1x.8K.1X(1b,1))}};$4d(7B,2j,6g,9P);m $2w(N){k!!(N||N===0)};m $4F(N,7U){k $5B(N)?N:7U};m $6X(2X,1L){k 1c.8s(1c.6X()*(1L-2X+1)+2X)};m $33(){k O 9z().9Q()};m $6J(2b){b5(2b);b4(2b);k 1k};o 3d=m(N){N=N||{};N.Q=$Q;k N};o b8=O 3d(W);o bm=O 3d(R);R.67=R.2G(\'67\')[0];W.3B=!!(R.54);B(W.9a)W.2s=W[W.66?\'aV\':\'9E\']=1g;19 B(R.8X&&!R.bj&&!ai.a3)W.3L=W[W.3B?\'a7\':\'5T\']=1g;19 B(R.aG!=1k)W.7f=1g;W.ax=W.3L;6Y.Q=$Q;B(5X 5j==\'9e\'){o 5j=m(){};B(W.3L)R.9V("aO");5j.1x=(W.3L)?W["[[aW.1x]]"]:{}}5j.1x.4t=m(){};B(W.9E)49{R.aT("aA",U,1g)}48(e){};o 1f=m(1y){o 4V=m(){k(1b[0]!==1k&&c.1w&&$G(c.1w)==\'m\')?c.1w.3t(c,1b):c};$Q(4V,c);4V.1x=1y;4V.7X=1f;k 4V};1f.1r=m(){};1f.1x={Q:m(1y){o 68=O c(1k);M(o I 1e 1y){o 8c=68[I];68[I]=1f.86(8c,1y[I])}k O 1f(68)},56:m(){M(o i=0,l=1b.V;i<l;i++)$Q(c.1x,1b[i])}};1f.86=m(3y,2a){B(3y&&3y!=2a){o G=$G(2a);B(G!=$G(3y))k 2a;21(G){Y\'m\':o 7q=m(){c.1o=1b.7b.1o;k 2a.3t(c,1b)};7q.1o=3y;k 7q;Y\'2t\':k $1Q(3y,2a)}}k 2a};o 6G=O 1f({af:m(T){c.3Y=c.3Y||[];c.3Y.1i(T);k c},7h:m(){B(c.3Y&&c.3Y.V)c.3Y.8I().2q(10,c)},bn:m(){c.3Y=[]}});o 2A=O 1f({29:m(G,T){B(T!=1f.1r){c.$1a=c.$1a||{};c.$1a[G]=c.$1a[G]||[];c.$1a[G].6q(T)}k c},1v:m(G,1l,2q){B(c.$1a&&c.$1a[G]){c.$1a[G].1z(m(T){T.2L({\'17\':c,\'2q\':2q,\'1b\':1l})()},c)}k c},4m:m(G,T){B(c.$1a&&c.$1a[G])c.$1a[G].2O(T);k c}});o 6a=O 1f({3Z:m(){c.C=$1Q.3t(1k,[c.C].Q(1b));B(c.29){M(o 35 1e c.C){B($G(c.C[35]==\'m\')&&(/^51[A-Z]/).2N(35))c.29(35,c.C[35])}}k c}});2j.Q({61:m(T,17){M(o i=0,j=c.V;i<j;i++)T.1X(17,c[i],i,c)},2R:m(T,17){o 4j=[];M(o i=0,j=c.V;i<j;i++){B(T.1X(17,c[i],i,c))4j.1i(c[i])}k 4j},2y:m(T,17){o 4j=[];M(o i=0,j=c.V;i<j;i++)4j[i]=T.1X(17,c[i],i,c);k 4j},5E:m(T,17){M(o i=0,j=c.V;i<j;i++){B(!T.1X(17,c[i],i,c))k U}k 1g},aL:m(T,17){M(o i=0,j=c.V;i<j;i++){B(T.1X(17,c[i],i,c))k 1g}k U},4n:m(2U,12){o 4v=c.V;M(o i=(12<0)?1c.1L(0,4v+12):12||0;i<4v;i++){B(c[i]===2U)k i}k-1},6Z:m(1q,V){1q=1q||0;B(1q<0)1q=c.V+1q;V=V||(c.V-1q);o 6z=[];M(o i=0;i<V;i++)6z[i]=c[1q++];k 6z},2O:m(2U){o i=0;o 4v=c.V;62(i<4v){B(c[i]===2U){c.5m(i,1);4v--}19{i++}}k c},1j:m(2U,12){k c.4n(2U,12)!=-1},aN:m(1G){o N={},V=1c.2X(c.V,1G.V);M(o i=0;i<V;i++)N[1G[i]]=c[i];k N},Q:m(1u){M(o i=0,j=1u.V;i<j;i++)c.1i(1u[i]);k c},1Q:m(1u){M(o i=0,l=1u.V;i<l;i++)c.6q(1u[i]);k c},6q:m(2U){B(!c.1j(2U))c.1i(2U);k c},b0:m(){k c[$6X(0,c.V-1)]||1k},7p:m(){k c[c.V-1]||1k}});2j.1x.1z=2j.1x.61;2j.1z=2j.61;m $A(1u){k 2j.6Z(1u)};m $1z(3o,T,17){B(3o&&5X 3o.V==\'3P\'&&$G(3o)!=\'2t\'){2j.61(3o,T,17)}19{M(o 1p 1e 3o)T.1X(17||3o,3o[1p],1p)}};2j.1x.2N=2j.1x.1j;6g.Q({2N:m(6e,2z){k(($G(6e)==\'2h\')?O 7u(6e,2z):6e).2N(c)},2P:m(){k 4X(c,10)},9A:m(){k 4T(c)},7I:m(){k c.31(/-\\D/g,m(2M){k 2M.6T(1).7D()})},8U:m(){k c.31(/\\w[A-Z]/g,m(2M){k(2M.6T(0)+\'-\'+2M.6T(1).4S())})},7S:m(){k c.31(/\\b[a-z]/g,m(2M){k 2M.7D()})},6y:m(){k c.31(/^\\s+|\\s+$/g,\'\')},7x:m(){k c.31(/\\s{2,}/g,\' \').6y()},52:m(1u){o 1m=c.2M(/\\d{1,3}/g);k(1m)?1m.52(1u):U},57:m(1u){o 3i=c.2M(/^#?(\\w{1,2})(\\w{1,2})(\\w{1,2})$/);k(3i)?3i.8K(1).57(1u):U},1j:m(2h,s){k(s)?(s+c+s).4n(s+2h+s)>-1:c.4n(2h)>-1},84:m(){k c.31(/([.*+?^${}()|[\\]\\/\\\\])/g,\'\\\\$1\')}});2j.Q({52:m(1u){B(c.V<3)k U;B(c.V==4&&c[3]==0&&!1u)k\'ba\';o 3i=[];M(o i=0;i<3;i++){o 4B=(c[i]-0).3F(16);3i.1i((4B.V==1)?\'0\'+4B:4B)}k 1u?3i:\'#\'+3i.1V(\'\')},57:m(1u){B(c.V!=3)k U;o 1m=[];M(o i=0;i<3;i++){1m.1i(4X((c[i].V==1)?c[i]+c[i]:c[i],16))}k 1u?1m:\'1m(\'+1m.1V(\',\')+\')\'}});7B.Q({2L:m(C){o T=c;C=$1Q({\'17\':T,\'K\':U,\'1b\':1k,\'2q\':U,\'3G\':U,\'6n\':U},C);B($2w(C.1b)&&$G(C.1b)!=\'1u\')C.1b=[C.1b];k m(K){o 1l;B(C.K){K=K||W.K;1l=[(C.K===1g)?K:O C.K(K)];B(C.1b)1l.Q(C.1b)}19 1l=C.1b||1b;o 3j=m(){k T.3t($4F(C.17,T),1l)};B(C.2q)k 9G(3j,C.2q);B(C.3G)k aa(3j,C.3G);B(C.6n)49{k 3j()}48(aF){k U};k 3j()}},aq:m(1l,17){k c.2L({\'1b\':1l,\'17\':17})},6n:m(1l,17){k c.2L({\'1b\':1l,\'17\':17,\'6n\':1g})()},17:m(17,1l){k c.2L({\'17\':17,\'1b\':1l})},ak:m(17,1l){k c.2L({\'17\':17,\'K\':1g,\'1b\':1l})},2q:m(2q,17,1l){k c.2L({\'2q\':2q,\'17\':17,\'1b\':1l})()},3G:m(9M,17,1l){k c.2L({\'3G\':9M,\'17\':17,\'1b\':1l})()}});9P.Q({2P:m(){k 4X(c)},9A:m(){k 4T(c)},1M:m(2X,1L){k 1c.2X(1L,1c.1L(2X,c))},2c:m(5d){5d=1c.36(10,5d||0);k 1c.2c(c*5d)/5d},b7:m(T){M(o i=0;i<c;i++)T(i)}});o P=O 1f({1w:m(F,1N){B($G(F)==\'2h\'){B(W.2s&&1N&&(1N.1p||1N.G)){o 1p=(1N.1p)?\' 1p="\'+1N.1p+\'"\':\'\';o G=(1N.G)?\' G="\'+1N.G+\'"\':\'\';4p 1N.1p;4p 1N.G;F=\'<\'+F+1p+G+\'>\'}F=R.9V(F)}F=$(F);k(!1N||!F)?F:F.26(1N)}});o 1R=O 1f({1w:m(15){k(15)?$Q(15,c):c}});1R.Q=m(1N){M(o 1T 1e 1N){c.1x[1T]=1N[1T];c[1T]=$4d.6c(1T)}};m $(F){B(!F)k 1k;B(F.4t)k 2n.4q(F);B([W,R].1j(F))k F;o G=$G(F);B(G==\'2h\'){F=R.5Q(F);G=(F)?\'L\':U}B(G!=\'L\')k 1k;B(F.4t)k 2n.4q(F);B([\'2t\',\'b3\'].1j(F.5M.4S()))k F;$Q(F,P.1x);F.4t=m(){};k 2n.4q(F)};R.5P=R.2G;m $$(){o 15=[];M(o i=0,j=1b.V;i<j;i++){o 1J=1b[i];21($G(1J)){Y\'L\':15.1i(1J);Y\'b2\':1B;Y U:1B;Y\'2h\':1J=R.5P(1J,1g);5Z:15.Q(1J)}}k $$.4U(15)};$$.4U=m(1u){o 15=[];M(o i=0,l=1u.V;i<l;i++){B(1u[i].$64)5L;o L=$(1u[i]);B(L&&!L.$64){L.$64=1g;15.1i(L)}}M(o n=0,d=15.V;n<d;n++)15[n].$64=1k;k O 1R(15)};1R.5G=m(I){k m(){o 1l=1b;o 1t=[];o 15=1g;M(o i=0,j=c.V,3j;i<j;i++){3j=c[i][I].3t(c[i],1l);B($G(3j)!=\'L\')15=U;1t.1i(3j)};k(15)?$$.4U(1t):1t}};P.Q=m(1y){M(o I 1e 1y){5j.1x[I]=1y[I];P.1x[I]=1y[I];P[I]=$4d.6c(I);o 97=(2j.1x[I])?I+\'1R\':I;1R.1x[97]=1R.5G(I)}};P.Q({26:m(1N){M(o 1T 1e 1N){o 3E=1N[1T];21(1T){Y\'90\':c.7w(3E);1B;Y\'1a\':B(c.65)c.65(3E);1B;Y\'1y\':c.6f(3E);1B;5Z:c.5J(1T,3E)}}k c},34:m(F,8M){F=$(F);21(8M){Y\'9m\':F.2Y.6B(c,F);1B;Y\'9r\':o 4D=F.8Q();B(!4D)F.2Y.7m(c);19 F.2Y.6B(c,4D);1B;Y\'1E\':o 6C=F.6H;B(6C){F.6B(c,6C);1B}5Z:F.7m(c)}k c},bB:m(F){k c.34(F,\'9m\')},92:m(F){k c.34(F,\'9r\')},ae:m(F){k c.34(F,\'4I\')},aj:m(F){k c.34(F,\'1E\')},93:m(){o 15=[];$1z(1b,m(9s){15=15.6F(9s)});$$(15).34(c);k c},2O:m(){k c.2Y.9L(c)},a4:m(9c){o F=$(c.ag(9c!==U));B(!F.$1a)k F;F.$1a={};M(o G 1e c.$1a)F.$1a[G]={\'1G\':$A(c.$1a[G].1G),\'1A\':$A(c.$1a[G].1A)};k F.5v()},az:m(F){F=$(F);c.2Y.am(F,c);k F},80:m(1I){c.7m(R.av(1I));k c},7r:m(1F){k c.1F.1j(1F,\' \')},9f:m(1F){B(!c.7r(1F))c.1F=(c.1F+\' \'+1F).7x();k c},9g:m(1F){c.1F=c.1F.31(O 7u(\'(^|\\\\s)\'+1F+\'(?:\\\\s|$)\'),\'$1\').7x();k c},aD:m(1F){k c.7r(1F)?c.9g(1F):c.9f(1F)},30:m(I,J){21(I){Y\'2p\':k c.9n(4T(J));Y\'aB\':I=(W.2s)?\'ah\':\'ab\'}I=I.7I();21($G(J)){Y\'3P\':B(![\'bi\',\'99\'].1j(I))J+=\'4x\';1B;Y\'1u\':J=\'1m(\'+J.1V(\',\')+\')\'}c.1D[I]=J;k c},7w:m(1O){21($G(1O)){Y\'2t\':P.5n(c,\'30\',1O);1B;Y\'2h\':c.1D.77=1O}k c},9n:m(2p){B(2p==0){B(c.1D.5C!="5r")c.1D.5C="5r"}19{B(c.1D.5C!="9o")c.1D.5C="9o"}B(!c.5V||!c.5V.bf)c.1D.99=1;B(W.2s)c.1D.2R=(2p==1)?\'\':"6l(2p="+2p*3w+")";c.1D.2p=c.$3q.2p=2p;k c},1Z:m(I){I=I.7I();o 1C=c.1D[I];B(!$2w(1C)){B(I==\'2p\')k c.$3q.2p;1C=[];M(o 1D 1e P.3s){B(I==1D){P.3s[1D].1z(m(s){o 1D=c.1Z(s);1C.1i(4X(1D)?1D:\'8d\')},c);B(I==\'3p\'){o 5E=1C.5E(m(4B){k(4B==1C[0])});k(5E)?1C[0]:U}k 1C.1V(\' \')}}B(I.1j(\'3p\')){B(P.3s.3p.1j(I)){k[\'7T\',\'6O\',\'2x\'].2y(m(p){k c.1Z(I+p)},c).1V(\' \')}19 B(P.7N.1j(I)){k[\'8J\',\'8H\',\'8n\',\'8p\'].2y(m(p){k c.1Z(\'3p\'+p+I.31(\'3p\',\'\'))},c).1V(\' \')}}B(R.8S)1C=R.8S.bA(c,1k).bt(I.8U());19 B(c.5V)1C=c.5V[I]}B(W.2s)1C=P.7Y(I,1C,c);B(1C&&I.2N(/2o/i)&&1C.1j(\'1m\')){k 1C.5D(\'1m\').5m(1,4).2y(m(2o){k 2o.52()}).1V(\' \')}k 1C},8Z:m(){k P.7J(c,\'1Z\',1b)},4J:m(5I,1q){5I+=\'b9\';o F=(1q)?c[1q]:c[5I];62(F&&$G(F)!=\'L\')F=F[5I];k $(F)},aS:m(){k c.4J(\'3y\')},8Q:m(){k c.4J(\'4D\')},aU:m(){k c.4J(\'4D\',\'6H\')},7p:m(){k c.4J(\'3y\',\'aK\')},aJ:m(){k $(c.2Y)},aM:m(){k $$(c.8X)},7a:m(F){k!!$A(c.2G(\'*\')).1j(F)},5b:m(I){o 3l=P.5O[I];B(3l)k c[3l];o 6w=P.8r[I]||0;B(!W.2s||6w)k c.b6(I,6w);o 6K=c.aX[I];k(6K)?6K.91:1k},b1:m(I){o 3l=P.5O[I];B(3l)c[3l]=\'\';19 c.aZ(I);k c},aY:m(){k P.7J(c,\'5b\',1b)},5J:m(I,J){o 3l=P.5O[I];B(3l)c[3l]=J;19 c.bz(I,J);k c},6f:m(1O){k P.5n(c,\'5J\',1O)},72:m(){c.7Q=$A(1b).1V(\'\');k c},by:m(1I){o 2T=c.4w();B([\'1D\',\'2f\'].1j(2T)){B(W.2s){B(2T==\'1D\')c.8a.77=1I;19 B(2T==\'2f\')c.5J(\'1I\',1I);k c}19{c.9L(c.6H);k c.80(1I)}}c[$5B(c.73)?\'73\':\'7M\']=1I;k c},a2:m(){o 2T=c.4w();B([\'1D\',\'2f\'].1j(2T)){B(W.2s){B(2T==\'1D\')k c.8a.77;19 B(2T==\'2f\')k c.5b(\'1I\')}19{k c.7Q}}k($4F(c.73,c.7M))},4w:m(){k c.5M.4S()},1r:m(){2n.5u(c.2G(\'*\'));k c.72(\'\')}});P.7Y=m(I,1C,L){B($2w(4X(1C)))k 1C;B([\'3f\',\'2H\'].1j(I)){o 1A=(I==\'2H\')?[\'1H\',\'4H\']:[\'1E\',\'4I\'];o 3S=0;1A.1z(m(J){3S+=L.1Z(\'3p-\'+J+\'-2H\').2P()+L.1Z(\'6Q-\'+J).2P()});k L[\'3n\'+I.7S()]-3S+\'4x\'}19 B(I.2N(/3p(.+)7T|2J|6Q/)){k\'8d\'}k 1C};P.3s={\'3p\':[],\'6Q\':[],\'2J\':[]};[\'8J\',\'8H\',\'8n\',\'8p\'].1z(m(7R){M(o 1D 1e P.3s)P.3s[1D].1i(1D+7R)});P.7N=[\'aP\',\'aQ\',\'aR\'];P.7J=m(F,1P,1G){o 1C={};$1z(1G,m(1n){1C[1n]=F[1P](1n)});k 1C};P.5n=m(F,1P,7E){M(o 1n 1e 7E)F[1P](1n,7E[1n]);k F};P.5O=O 3d({\'7F\':\'1F\',\'M\':\'bu\',\'bs\':\'bp\',\'bq\':\'bv\',\'bx\':\'be\',\'bd\':\'bb\',\'bc\':\'bg\',\'bh\':\'aI\',\'bl\':\'bk\',\'J\':\'J\',\'6U\':\'6U\',\'6P\':\'6P\',\'6W\':\'6W\',\'74\':\'74\'});P.8r={\'7O\':2,\'3W\':2};P.2m={5w:{2S:m(G,T){B(c.7c)c.7c(G,T,U);19 c.a5(\'51\'+G,T);k c},4h:m(G,T){B(c.8u)c.8u(G,T,U);19 c.aH(\'51\'+G,T);k c}}};W.Q(P.2m.5w);R.Q(P.2m.5w);P.Q(P.2m.5w);o 2n={15:[],4q:m(F){B(!F.$3q){2n.15.1i(F);F.$3q={\'2p\':1}}k F},5u:m(15){M(o i=0,j=15.V,F;i<j;i++){B(!(F=15[i])||!F.$3q)5L;B(F.$1a)F.1v(\'5u\').5v();M(o p 1e F.$3q)F.$3q[p]=1k;M(o d 1e P.1x)F[d]=1k;2n.15[2n.15.4n(F)]=1k;F.4t=F.$3q=F=1k}2n.15.2O(1k)},1r:m(){2n.4q(W);2n.4q(R);2n.5u(2n.15)}};W.2S(\'8m\',m(){W.2S(\'7H\',2n.1r);B(W.2s)W.2S(\'7H\',aC)});o 2E=O 1f({1w:m(K){B(K&&K.$8G)k K;c.$8G=1g;K=K||W.K;c.K=K;c.G=K.G;c.3m=K.3m||K.aE;B(c.3m.7v==3)c.3m=c.3m.2Y;c.8I=K.ao;c.an=K.au;c.as=K.at;c.ar=K.aw;B([\'7j\',\'43\'].1j(c.G)){c.a1=(K.87)?K.87/ad:-(K.ac||0)/3}19 B(c.G.1j(\'1n\')){c.5k=K.7V||K.al;M(o 1p 1e 2E.1G){B(2E.1G[1p]==c.5k){c.1n=1p;1B}}B(c.G==\'8o\'){o 5p=c.5k-ca;B(5p>0&&5p<13)c.1n=\'f\'+5p}c.1n=c.1n||6g.dp(c.5k).4S()}19 B(c.G.2N(/(8t|2Z|dq)/)){c.4k={\'x\':K.7n||K.7Z+R.2D.4Y,\'y\':K.7s||K.7P+R.2D.59};c.dr={\'x\':K.7n?K.7n-W.85:K.7Z,\'y\':K.7s?K.7s-W.8b:K.7P};c.dn=(K.7V==3)||(K.dm==2);21(c.G){Y\'7z\':c.28=K.28||K.dj;1B;Y\'7L\':c.28=K.28||K.9w}c.8B()}k c},1S:m(){k c.5y().5t()},5y:m(){B(c.K.5y)c.K.5y();19 c.K.dk=1g;k c},5t:m(){B(c.K.5t)c.K.5t();19 c.K.dl=U;k c}});2E.5s={28:m(){B(c.28&&c.28.7v==3)c.28=c.28.2Y},8z:m(){49{2E.5s.28.1X(c)}48(e){c.28=c.3m}}};2E.1x.8B=(W.7f)?2E.5s.8z:2E.5s.28;2E.1G=O 3d({\'ds\':13,\'dt\':38,\'dz\':40,\'1H\':37,\'4H\':39,\'dA\':27,\'dy\':32,\'dx\':8,\'du\':9,\'4p\':46});P.2m.2A={29:m(G,T){c.$1a=c.$1a||{};c.$1a[G]=c.$1a[G]||{\'1G\':[],\'1A\':[]};B(c.$1a[G].1G.1j(T))k c;c.$1a[G].1G.1i(T);o 5q=G;o 2d=P.2A[G];B(2d){B(2d.6N)2d.6N.1X(c,T);B(2d.2y)T=2d.2y;B(2d.G)5q=2d.G}B(!c.7c)T=T.2L({\'17\':c,\'K\':1g});c.$1a[G].1A.1i(T);k(P.7k.1j(5q))?c.2S(5q,T):c},4m:m(G,T){B(!c.$1a||!c.$1a[G])k c;o 2e=c.$1a[G].1G.4n(T);B(2e==-1)k c;o 1n=c.$1a[G].1G.5m(2e,1)[0];o J=c.$1a[G].1A.5m(2e,1)[0];o 2d=P.2A[G];B(2d){B(2d.2O)2d.2O.1X(c,T);B(2d.G)G=2d.G}k(P.7k.1j(G))?c.4h(G,J):c},65:m(1O){k P.5n(c,\'29\',1O)},5v:m(G){B(!c.$1a)k c;B(!G){M(o 5U 1e c.$1a)c.5v(5U);c.$1a=1k}19 B(c.$1a[G]){c.$1a[G].1G.1z(m(T){c.4m(G,T)},c);c.$1a[G]=1k}k c},1v:m(G,1l,2q){B(c.$1a&&c.$1a[G]){c.$1a[G].1G.1z(m(T){T.2L({\'17\':c,\'2q\':2q,\'1b\':1l})()},c)}k c},8j:m(12,G){B(!12.$1a)k c;B(!G){M(o 5U 1e 12.$1a)c.8j(12,5U)}19 B(12.$1a[G]){12.$1a[G].1G.1z(m(T){c.29(G,T)},c)}k c}};W.Q(P.2m.2A);R.Q(P.2m.2A);P.Q(P.2m.2A);P.2A=O 3d({\'8i\':{G:\'7z\',2y:m(K){K=O 2E(K);B(K.28!=c&&!c.7a(K.28))c.1v(\'8i\',K)}},\'8h\':{G:\'7L\',2y:m(K){K=O 2E(K);B(K.28!=c&&!c.7a(K.28))c.1v(\'8h\',K)}},\'43\':{G:(W.7f)?\'7j\':\'43\'}});P.7k=[\'8t\',\'dv\',\'7l\',\'7e\',\'43\',\'7j\',\'7z\',\'7L\',\'4g\',\'8o\',\'dw\',\'di\',\'3C\',\'7H\',\'8m\',\'dh\',\'d4\',\'d5\',\'d6\',\'9H\',\'d3\',\'d2\',\'3z\',\'8l\',\'79\',\'cZ\',\'45\'];7B.Q({5K:m(17,1l){k c.2L({\'17\':17,\'1b\':1l,\'K\':2E})}});1R.Q({d0:m(2T){k O 1R(c.2R(m(F){k(P.4w(F)==2T)}))},8e:m(1F,2l){o 15=c.2R(m(F){k(F.1F&&F.1F.1j(1F,\' \'))});k(2l)?15:O 1R(15)},8k:m(3D,2l){o 15=c.2R(m(F){k(F.3D==3D)});k(2l)?15:O 1R(15)},89:m(1p,7G,J,2l){o 15=c.2R(m(F){o 2a=P.5b(F,1p);B(!2a)k U;B(!7G)k 1g;21(7G){Y\'=\':k(2a==J);Y\'*=\':k(2a.1j(J));Y\'^=\':k(2a.8C(0,J.V)==J);Y\'$=\':k(2a.8C(2a.V-J.V)==J);Y\'!=\':k(2a!=J);Y\'~=\':k 2a.1j(J,\' \')}k U});k(2l)?15:O 1R(15)}});m $E(1J,2R){k($(2R)||R).8y(1J)};m $d1(1J,2R){k($(2R)||R).5P(1J)};$$.3c={\'5e\':/^(\\w*|\\*)(?:#([\\w-]+)|\\.([\\w-]+))?(?:\\[(\\w+)(?:([!*^$]?=)["\']?([^"\'\\]]*)["\']?)?])?$/,\'3B\':{6t:m(1t,2Q,1d,i){o 2v=[2Q.d7?\'78:\':\'\',1d[1]];B(1d[2])2v.1i(\'[@3D="\',1d[2],\'"]\');B(1d[3])2v.1i(\'[1j(6F(" ", @7F, " "), " \',1d[3],\' ")]\');B(1d[4]){B(1d[5]&&1d[6]){21(1d[5]){Y\'*=\':2v.1i(\'[1j(@\',1d[4],\', "\',1d[6],\'")]\');1B;Y\'^=\':2v.1i(\'[d8-de(@\',1d[4],\', "\',1d[6],\'")]\');1B;Y\'$=\':2v.1i(\'[df(@\',1d[4],\', 2h-V(@\',1d[4],\') - \',1d[6].V,\' + 1) = "\',1d[6],\'"]\');1B;Y\'=\':2v.1i(\'[@\',1d[4],\'="\',1d[6],\'"]\');1B;Y\'!=\':2v.1i(\'[@\',1d[4],\'!="\',1d[6],\'"]\')}}19{2v.1i(\'[@\',1d[4],\']\')}}1t.1i(2v.1V(\'\'));k 1t},6x:m(1t,2Q,2l){o 15=[];o 3B=R.54(\'.//\'+1t.1V(\'//\'),2Q,$$.3c.88,dC.dd,1k);M(o i=0,j=3B.dc;i<j;i++)15.1i(3B.d9(i));k(2l)?15:O 1R(15.2y($))}},\'8g\':{6t:m(1t,2Q,1d,i){B(i==0){B(1d[2]){o F=2Q.5Q(1d[2]);B(!F||((1d[1]!=\'*\')&&(P.4w(F)!=1d[1])))k U;1t=[F]}19{1t=$A(2Q.2G(1d[1]))}}19{1t=$$.3c.2G(1t,1d[1]);B(1d[2])1t=1R.8k(1t,1d[2],1g)}B(1d[3])1t=1R.8e(1t,1d[3],1g);B(1d[4])1t=1R.89(1t,1d[4],1d[5],1d[6],1g);k 1t},6x:m(1t,2Q,2l){k(2l)?1t:$$.4U(1t)}},88:m(7W){k(7W==\'78\')?\'da://9k.db.dB/dK/78\':U},2G:m(2Q,5M){o 6D=[];M(o i=0,j=2Q.V;i<j;i++)6D.Q(2Q[i].2G(5M));k 6D}};$$.3c.1P=(W.3B)?\'3B\':\'8g\';P.2m.76={5S:m(1J,2l){o 1t=[];1J=1J.6y().5D(\' \');M(o i=0,j=1J.V;i<j;i++){o 8q=1J[i];o 1d=8q.2M($$.3c.5e);B(!1d)1B;1d[1]=1d[1]||\'*\';o 2v=$$.3c[$$.3c.1P].6t(1t,c,1d,i);B(!2v)1B;1t=2v}k $$.3c[$$.3c.1P].6x(1t,c,2l)},8y:m(1J){k $(c.5S(1J,1g)[0]||U)},5P:m(1J,2l){o 15=[];1J=1J.5D(\',\');M(o i=0,j=1J.V;i<j;i++)15=15.6F(c.5S(1J[i],1g));k(2l)?15:$$.4U(15)}};P.Q({5Q:m(3D){o F=R.5Q(3D);B(!F)k U;M(o 1o=F.2Y;1o!=c;1o=1o.2Y){B(!1o)k U}k F},dW:m(1F){k c.5S(\'.\'+1F)}});R.Q(P.2m.76);P.Q(P.2m.76);P.Q({3v:m(){21(c.4w()){Y\'3z\':o 1A=[];$1z(c.C,m(35){B(35.74)1A.1i($4F(35.J,35.1I))});k(c.6W)?1A:1A[0];Y\'8D\':B(!(c.6P&&[\'dT\',\'dU\'].1j(c.G))&&![\'5r\',\'1I\',\'e1\'].1j(c.G))1B;Y\'8w\':k c.J}k U},8f:m(){k $$(c.2G(\'8D\'),c.2G(\'3z\'),c.2G(\'8w\'))},5c:m(){o 47=[];c.8f().1z(m(F){o 1p=F.1p;o J=F.3v();B(J===U||!1p||F.6U)k;o 6S=m(3E){47.1i(1p+\'=\'+6m(3E))};B($G(J)==\'1u\')J.1z(6S);19 6S(J)});k 47.1V(\'&\')}});P.Q({3x:m(x,y){c.4Y=x;c.59=y},6L:m(){k{\'45\':{\'x\':c.4Y,\'y\':c.59},\'3S\':{\'x\':c.4L,\'y\':c.4G},\'6M\':{\'x\':c.5A,\'y\':c.5H}}},3Q:m(22){22=22||[];o F=c,1H=0,1E=0;do{1H+=F.e6||0;1E+=F.e7||0;F=F.e2}62(F);22.1z(m(L){1H-=L.4Y||0;1E-=L.59||0});k{\'x\':1H,\'y\':1E}},9i:m(22){k c.3Q(22).y},9h:m(22){k c.3Q(22).x},6j:m(22){o 2i=c.3Q(22);o N={\'2H\':c.4L,\'3f\':c.4G,\'1H\':2i.x,\'1E\':2i.y};N.4H=N.1H+N.2H;N.4I=N.1E+N.3f;k N}});P.2A.6r={6N:m(T){B(W.5R){T.1X(c);k}o 4Z=m(){B(W.5R)k;W.5R=1g;W.2b=$6J(W.2b);c.1v(\'6r\')}.17(c);B(R.4u&&W.3L){W.2b=m(){B([\'5R\',\'6v\'].1j(R.4u))4Z()}.3G(50)}19 B(R.4u&&W.2s){B(!$(\'6s\')){o 3W=(W.dV.dR==\'dH:\')?\'://0\':\'70:dS(0)\';R.dI(\'<2f 3D="6s" dG 3W="\'+3W+\'"><\\/2f>\');$(\'6s\').69=m(){B(c.4u==\'6v\')4Z()}}}19{W.2S("3C",4Z);R.2S("dF",4Z)}}};W.dJ=m(T){k c.29(\'6r\',T)};W.Q({8L:m(){B(c.5T)k c.dP;B(c.82)k R.5F.81;k R.2D.81},9Y:m(){B(c.5T)k c.dQ;B(c.82)k R.5F.83;k R.2D.83},9S:m(){B(c.2s)k 1c.1L(R.2D.4L,R.2D.5A);B(c.3L)k R.5F.5A;k R.2D.5A},9F:m(){B(c.2s)k 1c.1L(R.2D.4G,R.2D.5H);B(c.3L)k R.5F.5H;k R.2D.5H},9D:m(){k c.85||R.2D.4Y},9T:m(){k c.8b||R.2D.59},6L:m(){k{\'3S\':{\'x\':c.8L(),\'y\':c.9Y()},\'6M\':{\'x\':c.9S(),\'y\':c.9F()},\'45\':{\'x\':c.9D(),\'y\':c.9T()}}},3Q:m(){k{\'x\':0,\'y\':0}}});o 1h={};1h.2F=O 1f({C:{4P:1f.1r,25:1f.1r,6I:1f.1r,1W:m(p){k-(1c.9p(1c.7C*p)-1)/2},3r:dN,2k:\'4x\',44:1g,9R:50},1w:m(C){c.L=c.L||1k;c.3Z(C);B(c.C.1w)c.C.1w.1X(c)},9I:m(){o 33=$33();B(33<c.33+c.C.3r){c.3R=c.C.1W((33-c.33)/c.C.3r);c.3N();c.3V()}19{c.1S(1g);c.26(c.14);c.1v(\'25\',c.L,10);c.7h()}},26:m(14){c.18=14;c.3V();k c},3N:m(){c.18=c.3J(c.12,c.14)},3J:m(12,14){k(14-12)*c.3R+12},1q:m(12,14){B(!c.C.44)c.1S();19 B(c.2b)k c;c.12=12;c.14=14;c.9H=c.14-c.12;c.33=$33();c.2b=c.9I.3G(1c.2c(8A/c.C.9R),c);c.1v(\'4P\',c.L);k c},1S:m(5N){B(!c.2b)k c;c.2b=$6J(c.2b);B(!5N)c.1v(\'6I\',c.L);k c},2d:m(12,14){k c.1q(12,14)},dM:m(5N){k c.1S(5N)}});1h.2F.56(O 6G,O 2A,O 6a);1h.2W={3z:m(I,14){B(I.2N(/2o/i))k c.2x;o G=$G(14);B((G==\'1u\')||(G==\'2h\'&&14.1j(\' \')))k c.5G;k c.9K},2B:m(F,I,4l){B(!4l.1i)4l=[4l];o 12=4l[0],14=4l[1];B(!$2w(14)){14=12;12=F.1Z(I)}o 1s=c.3z(I,14);k{\'12\':1s.2B(12),\'14\':1s.2B(14),\'1s\':1s}}};1h.2W.9K={2B:m(J){k 4T(J)},4b:m(12,14,4c){k 4c.3J(12,14)},3v:m(J,2k,I){B(2k==\'4x\'&&I!=\'2p\')J=1c.2c(J);k J+2k}};1h.2W.5G={2B:m(J){k J.1i?J:J.5D(\' \').2y(m(v){k 4T(v)})},4b:m(12,14,4c){o 18=[];M(o i=0;i<12.V;i++)18[i]=4c.3J(12[i],14[i]);k 18},3v:m(J,2k,I){B(2k==\'4x\'&&I!=\'2p\')J=J.2y(1c.2c);k J.1V(2k+\' \')+2k}};1h.2W.2x={2B:m(J){k J.1i?J:J.57(1g)},4b:m(12,14,4c){o 18=[];M(o i=0;i<12.V;i++)18[i]=1c.2c(4c.3J(12[i],14[i]));k 18},3v:m(J){k\'1m(\'+J.1V(\',\')+\')\'}};1h.6O=1h.2F.Q({1w:m(F,I,C){c.L=$(F);c.I=I;c.1o(C)},94:m(){k c.26(0)},3N:m(){c.18=c.1s.4b(c.12,c.14,c)},26:m(14){c.1s=1h.2W.3z(c.I,14);k c.1o(c.1s.2B(14))},1q:m(12,14){B(c.2b&&c.C.44)k c;o 1U=1h.2W.2B(c.L,c.I,[12,14]);c.1s=1U.1s;k c.1o(1U.12,1U.14)},3V:m(){c.L.30(c.I,c.1s.3v(c.18,c.C.2k,c.I))}});P.Q({dO:m(I,C){k O 1h.6O(c,I,C)}});1h.3s=1h.2F.Q({1w:m(F,C){c.L=$(F);c.1o(C)},3N:m(){M(o p 1e c.12)c.18[p]=c.1s[p].4b(c.12[p],c.14[p],c)},26:m(14){o 1U={};c.1s={};M(o p 1e 14){c.1s[p]=1h.2W.3z(p,14[p]);1U[p]=c.1s[p].2B(14[p])}k c.1o(1U)},1q:m(N){B(c.2b&&c.C.44)k c;c.18={};c.1s={};o 12={},14={};M(o p 1e N){o 1U=1h.2W.2B(c.L,p,N[p]);12[p]=1U.12;14[p]=1U.14;c.1s[p]=1U.1s}k c.1o(12,14)},3V:m(){M(o p 1e c.18)c.L.30(p,c.1s[p].3v(c.18[p],c.C.2k,p))}});P.Q({dE:m(C){k O 1h.3s(c,C)}});1h.1R=1h.2F.Q({1w:m(15,C){c.15=$$(15);c.1o(C)},3N:m(){M(o i 1e c.12){o 5f=c.12[i],3u=c.14[i],3e=c.1s[i],5g=c.18[i]={};M(o p 1e 5f)5g[p]=3e[p].4b(5f[p],3u[p],c)}},26:m(14){o 1U={};c.1s={};M(o i 1e 14){o 3u=14[i],3e=c.1s[i]={},9y=1U[i]={};M(o p 1e 3u){3e[p]=1h.2W.3z(p,3u[p]);9y[p]=3e[p].2B(3u[p])}}k c.1o(1U)},1q:m(N){B(c.2b&&c.C.44)k c;c.18={};c.1s={};o 12={},14={};M(o i 1e N){o 6R=N[i],5f=12[i]={},3u=14[i]={},3e=c.1s[i]={};M(o p 1e 6R){o 1U=1h.2W.2B(c.15[i],p,6R[p]);5f[p]=1U.12;3u[p]=1U.14;3e[p]=1U.1s}}k c.1o(12,14)},3V:m(){M(o i 1e c.18){o 5g=c.18[i],3e=c.1s[i];M(o p 1e 5g)c.15[i].30(p,3e[p].3v(5g[p],c.C.2k,p))}}});1h.dD=1h.2F.Q({C:{22:[],3n:{\'x\':0,\'y\':0},9W:1g},1w:m(L,C){c.18=[];c.L=$(L);c.2u={\'1S\':c.1S.17(c,U)};c.1o(C);B(c.C.9W){c.29(\'4P\',m(){R.29(\'43\',c.2u.1S)}.17(c));c.29(\'25\',m(){R.4m(\'43\',c.2u.1S)}.17(c))}},3N:m(){M(o i=0;i<2;i++)c.18[i]=c.3J(c.12[i],c.14[i])},3x:m(x,y){B(c.2b&&c.C.44)k c;o F=c.L.6L();o 1A={\'x\':x,\'y\':y};M(o z 1e F.3S){o 1L=F.6M[z]-F.3S[z];B($2w(1A[z]))1A[z]=($G(1A[z])==\'3P\')?1A[z].1M(0,1L):1L;19 1A[z]=F.45[z];1A[z]+=c.C.3n[z]}k c.1q([F.45.x,F.45.y],[1A.x,1A.y])},e3:m(){k c.3x(U,0)},e5:m(){k c.3x(U,\'9N\')},bC:m(){k c.3x(0,U)},e4:m(){k c.3x(\'9N\',U)},9w:m(F){o 1o=c.L.3Q(c.C.22);o 3m=$(F).3Q(c.C.22);k c.3x(3m.x-1o.x,3m.y-1o.y)},3V:m(){c.L.3x(c.18[0],c.18[1])}});1h.e0=1h.2F.Q({C:{23:\'95\'},1w:m(F,C){c.L=$(F);c.3U=O P(\'dX\',{\'90\':$Q(c.L.8Z(\'2J\'),{\'dZ\':\'5r\'})}).92(c.L).93(c.L);c.L.30(\'2J\',0);c.3Z(C);c.18=[];c.1o(c.C);c.4z=1g;c.29(\'25\',m(){c.4z=(c.18[0]===0)});B(W.5T)c.29(\'25\',m(){B(c.4z)c.L.2O().34(c.3U)})},3N:m(){M(o i=0;i<2;i++)c.18[i]=c.3J(c.12[i],c.14[i])},95:m(){c.2J=\'2J-1E\';c.4E=\'3f\';c.3n=c.L.4G},dY:m(){c.2J=\'2J-1H\';c.4E=\'2H\';c.3n=c.L.4L},8W:m(23){c[23||c.C.23]();k c.1q([c.L.1Z(c.2J).2P(),c.3U.1Z(c.4E).2P()],[0,c.3n])},8P:m(23){c[23||c.C.23]();k c.1q([c.L.1Z(c.2J).2P(),c.3U.1Z(c.4E).2P()],[-c.3n,0])},94:m(23){c[23||c.C.23]();c.4z=U;k c.26([-c.3n,0])},dg:m(23){c[23||c.C.23]();c.4z=1g;k c.26([0,c.3n])},cX:m(23){B(c.3U.4G==0||c.3U.4L==0)k c.8W(23);k c.8P(23)},3V:m(){c.L.30(c.2J,c.18[0]+c.C.2k);c.3U.30(c.4E,c.18[1]+c.C.2k)}});1h.7K=m(1W,2z){2z=2z||[];B($G(2z)!=\'1u\')2z=[2z];k $Q(1W,{c4:m(2e){k 1W(2e,2z)},c5:m(2e){k 1-1W(1-2e,2z)},c6:m(2e){k(2e<=0.5)?1W(2*2e,2z)/2:(2-1W(2*(1-2e),2z))/2}})};1h.2V=O 3d({cY:m(p){k p}});1h.2V.Q=m(6A){M(o 1W 1e 6A){1h.2V[1W]=O 1h.7K(6A[1W]);1h.2V.7g(1W)}};1h.2V.7g=m(1W){[\'c2\',\'bY\',\'bZ\'].1z(m(75){1h.2V[1W.4S()+75]=1h.2V[1W][\'c0\'+75]})};1h.2V.Q({c1:m(p,x){k 1c.36(p,x[0]||6)},c7:m(p){k 1c.36(2,8*(p-1))},c8:m(p){k 1-1c.8T(1c.ce(p))},cf:m(p){k 1-1c.8T((1-p)*1c.7C/2)},cg:m(p,x){x=x[0]||1.cd;k 1c.36(p,2)*((x+1)*p-x)},cc:m(p){o J;M(o a=0,b=1;1;a+=b,b/=2){B(p>=(7-4*a)/11){J=-1c.36((11-6*a-11*p)/4,2)+b*b;1B}}k J},c9:m(p,x){k 1c.36(2,10*--p)*1c.9p(20*p*1c.7C*(x[0]||1)/3)}});[\'cb\',\'bX\',\'bW\',\'bJ\'].1z(m(1W,i){1h.2V[1W]=O 1h.7K(m(p){k 1c.36(p,[i+2])});1h.2V.7g(1W)});o 3X={};3X.2F=O 1f({C:{4M:U,2k:\'4x\',4P:1f.1r,9v:1f.1r,25:1f.1r,9l:1f.1r,9b:1f.1r,1M:U,3A:{x:\'1H\',y:\'1E\'},3T:U,9t:6},1w:m(F,C){c.3Z(C);c.L=$(F);c.4M=$(c.C.4M)||c.L;c.2Z={\'18\':{},\'2e\':{}};c.J={\'1q\':{},\'18\':{}};c.2u={\'1q\':c.1q.5K(c),\'4i\':c.4i.5K(c),\'3H\':c.3H.5K(c),\'1S\':c.1S.17(c)};c.9q();B(c.C.1w)c.C.1w.1X(c)},9q:m(){c.4M.29(\'7e\',c.2u.1q);k c},bK:m(){c.4M.4m(\'7e\',c.2u.1q);k c},1q:m(K){c.1v(\'9v\',c.L);c.2Z.1q=K.4k;o 1M=c.C.1M;c.1M={\'x\':[],\'y\':[]};M(o z 1e c.C.3A){B(!c.C.3A[z])5L;c.J.18[z]=c.L.1Z(c.C.3A[z]).2P();c.2Z.2e[z]=K.4k[z]-c.J.18[z];B(1M&&1M[z]){M(o i=0;i<2;i++){B($2w(1M[z][i]))c.1M[z][i]=($G(1M[z][i])==\'m\')?1M[z][i]():1M[z][i]}}}B($G(c.C.3T)==\'3P\')c.C.3T={\'x\':c.C.3T,\'y\':c.C.3T};R.2S(\'4g\',c.2u.4i);R.2S(\'7l\',c.2u.1S);c.1v(\'4P\',c.L);K.1S()},4i:m(K){o 9u=1c.2c(1c.bL(1c.36(K.4k.x-c.2Z.1q.x,2)+1c.36(K.4k.y-c.2Z.1q.y,2)));B(9u>c.C.9t){R.4h(\'4g\',c.2u.4i);R.2S(\'4g\',c.2u.3H);c.3H(K);c.1v(\'9l\',c.L)}K.1S()},3H:m(K){c.4K=U;c.2Z.18=K.4k;M(o z 1e c.C.3A){B(!c.C.3A[z])5L;c.J.18[z]=c.2Z.18[z]-c.2Z.2e[z];B(c.1M[z]){B($2w(c.1M[z][1])&&(c.J.18[z]>c.1M[z][1])){c.J.18[z]=c.1M[z][1];c.4K=1g}19 B($2w(c.1M[z][0])&&(c.J.18[z]<c.1M[z][0])){c.J.18[z]=c.1M[z][0];c.4K=1g}}B(c.C.3T[z])c.J.18[z]-=(c.J.18[z]%c.C.3T[z]);c.L.30(c.C.3A[z],c.J.18[z]+c.C.2k)}c.1v(\'9b\',c.L);K.1S()},1S:m(){R.4h(\'4g\',c.2u.4i);R.4h(\'4g\',c.2u.3H);R.4h(\'7l\',c.2u.1S);c.1v(\'25\',c.L)}});3X.2F.56(O 2A,O 6a);P.Q({bI:m(C){k O 3X.2F(c,$1Q({3A:{x:\'2H\',y:\'3f\'}},C))}});3X.9j=3X.2F.Q({C:{5o:[],2K:U,22:[]},1w:m(F,C){c.3Z(C);c.L=$(F);c.5o=$$(c.C.5o);c.2K=$(c.C.2K);c.2i={\'L\':c.L.1Z(\'2i\'),\'2K\':U};B(c.2K)c.2i.2K=c.2K.1Z(\'2i\');B(![\'7y\',\'4o\',\'7t\'].1j(c.2i.L))c.2i.L=\'4o\';o 1E=c.L.1Z(\'1E\').2P();o 1H=c.L.1Z(\'1H\').2P();B(c.2i.L==\'4o\'&&![\'7y\',\'4o\',\'7t\'].1j(c.2i.2K)){1E=$2w(1E)?1E:c.L.9i(c.C.22);1H=$2w(1H)?1H:c.L.9h(c.C.22)}19{1E=$2w(1E)?1E:0;1H=$2w(1H)?1H:0}c.L.7w({\'1E\':1E,\'1H\':1H,\'2i\':c.2i.L});c.1o(c.L)},1q:m(K){c.2I=1k;B(c.2K){o 3M=c.2K.6j();o F=c.L.6j();B(c.2i.L==\'4o\'&&![\'7y\',\'4o\',\'7t\'].1j(c.2i.2K)){c.C.1M={\'x\':[3M.1H,3M.4H-F.2H],\'y\':[3M.1E,3M.4I-F.3f]}}19{c.C.1M={\'y\':[0,3M.3f-F.3f],\'x\':[0,3M.2H-F.2H]}}}c.1o(K)},3H:m(K){c.1o(K);o 2I=c.4K?U:c.5o.2R(c.8V,c).7p();B(c.2I!=2I){B(c.2I)c.2I.1v(\'bH\',[c.L,c]);c.2I=2I?2I.1v(\'bD\',[c.L,c]):1k}k c},8V:m(F){F=F.6j(c.C.22);o 18=c.2Z.18;k(18.x>F.1H&&18.x<F.4H&&18.y<F.4I&&18.y>F.1E)},1S:m(){B(c.2I&&!c.4K)c.2I.1v(\'bF\',[c.L,c]);19 c.L.1v(\'bG\',c);c.1o();k c}});P.Q({bM:m(C){k O 3X.9j(c,C)}});o 5W=O 1f({C:{1P:\'42\',9x:1g,8N:1f.1r,4A:1f.1r,6d:1f.1r,9d:1g,4Q:\'bN-8\',98:U,3O:{}},6E:m(){c.2g=(W.66)?O 66():(W.2s?O 9a(\'bT.bU\'):U);k c},1w:m(C){c.6E().3Z(C);c.C.4R=c.C.4R||c.4R;c.3O={};B(c.C.9d&&c.C.1P==\'42\'){o 4Q=(c.C.4Q)?\'; bV=\'+c.C.4Q:\'\';c.4C(\'9X-G\',\'8Y/x-9k-bS-bR\'+4Q)}B(c.C.1w)c.C.1w.1X(c)},8R:m(){B(c.2g.4u!=4||!c.4a)k;c.4a=U;o 41=0;49{41=c.2g.41}48(e){};B(c.C.4R.1X(c,41))c.4A();19 c.6d();c.2g.69=1f.1r},4R:m(41){k((41>=bO)&&(41<bP))},4A:m(){c.3a={\'1I\':c.2g.bQ,\'5i\':c.2g.ch};c.1v(\'4A\',[c.3a.1I,c.3a.5i]);c.7h()},6d:m(){c.1v(\'6d\',c.2g)},4C:m(1p,J){c.3O[1p]=J;k c},5a:m(2r,1K){B(c.C.98)c.8O();19 B(c.4a)k c;c.4a=1g;B(1K&&c.C.1P==\'53\'){2r=2r+(2r.1j(\'?\')?\'&\':\'?\')+1K;1K=1k}c.2g.4z(c.C.1P.7D(),2r,c.C.9x);c.2g.69=c.8R.17(c);B((c.C.1P==\'42\')&&c.2g.ci)c.4C(\'cK\',\'cL\');$Q(c.3O,c.C.3O);M(o G 1e c.3O)49{c.2g.cM(G,c.3O[G])}48(e){};c.1v(\'8N\');c.2g.5a($4F(1K,1k));k c},8O:m(){B(!c.4a)k c;c.4a=U;c.2g.79();c.2g.69=1f.1r;c.6E();c.1v(\'6I\');k c}});5W.56(O 6G,O 2A,O 6a);o 9B=5W.Q({C:{1K:1k,71:1k,25:1f.1r,5Y:U,6V:U},1w:m(2r,C){c.29(\'4A\',c.25);c.3Z(C);c.C.1K=c.C.1K||c.C.cJ;B(![\'42\',\'53\'].1j(c.C.1P)){c.5h=\'5h=\'+c.C.1P;c.C.1P=\'42\'}c.1o();c.4C(\'X-cI-cE\',\'66\');c.4C(\'cF\',\'1I/70, 1I/cG, 8Y/5i, 1I/5i, */*\');c.2r=2r},25:m(){B(c.C.71)$(c.C.71).1r().72(c.3a.1I);B(c.C.5Y||c.C.6V)c.5Y();c.1v(\'25\',[c.3a.1I,c.3a.5i],20)},9J:m(1K){1K=1K||c.C.1K;21($G(1K)){Y\'L\':1K=$(1K).5c();1B;Y\'2t\':1K=6Y.5c(1K)}B(c.5h)1K=(1K)?[c.5h,1K].1V(\'&\'):c.5h;k c.5a(c.2r,1K)},5Y:m(){o 2f,3b;B(c.C.6V||(/(cN|cU)2f/).2N(c.9C(\'9X-G\')))3b=c.3a.1I;19{3b=[];o 5e=/<2f[^>]*>([\\s\\S]*?)<\\/2f>/cW;62((2f=5e.cT(c.3a.1I)))3b.1i(2f[1]);3b=3b.1V(\'\\n\')}B(3b)(W.9U)?W.9U(3b):W.9G(3b,0)},9C:m(1p){49{k c.2g.cS(1p)}48(e){};k 1k}});6Y.5c=m(1O){o 47=[];M(o I 1e 1O)47.1i(6m(I)+\'=\'+6m(1O[I]));k 47.1V(\'&\')};P.Q({5a:m(C){k O 9B(c.5b(\'cQ\'),$1Q({1K:c.5c()},C,{1P:\'42\'})).9J()}});o 3g=O 3d({C:{6k:U,6i:U,3r:U,4y:U},26:m(1n,J,C){C=$1Q(c.C,C);J=6m(J);B(C.6k)J+=\'; 6k=\'+C.6k;B(C.6i)J+=\'; 6i=\'+C.6i;B(C.3r){o 6h=O 9z();6h.cR(6h.9Q()+C.3r*24*60*60*8A);J+=\'; cC=\'+6h.cp()}B(C.4y)J+=\'; 4y\';R.3K=1n+\'=\'+J;k $Q(C,{\'1n\':1n,\'J\':J})},53:m(1n){o J=R.3K.2M(\'(?:^|;)\\\\s*\'+1n.84()+\'=([^;]*)\');k J?cq(J[1]):U},2O:m(3K,C){B($G(3K)==\'2t\')c.26(3K.1n,\'\',$1Q(3K,{3r:-1}));19 c.26(3K,\'\',$1Q(C,{3r:-1}))}});o 3h={3F:m(N){21($G(N)){Y\'2h\':k\'"\'+N.31(/(["\\\\])/g,\'\\\\$1\')+\'"\';Y\'1u\':k\'[\'+N.2y(3h.3F).1V(\',\')+\']\';Y\'2t\':o 2h=[];M(o I 1e N)2h.1i(3h.3F(I)+\':\'+3h.3F(N[I]));k\'{\'+2h.1V(\',\')+\'}\';Y\'3P\':B(cr(N))1B;Y U:k\'1k\'}k 6g(N)},54:m(3I,4y){k(($G(3I)!=\'2h\')||(4y&&!3I.2N(/^("(\\\\.|[^"\\\\\\n\\r])*?"|[,:{}\\[\\]0-9.\\-+co-u \\n\\r\\t])+?$/)))?1k:ck(\'(\'+3I+\')\')}};3h.cl=5W.Q({1w:m(2r,C){c.2r=2r;c.29(\'4A\',c.25);c.1o(C);c.4C(\'X-cs\',\'ct\')},5a:m(N){k c.1o(c.2r,\'cz=\'+3h.3F(N))},25:m(){c.1v(\'25\',[3h.54(c.3a.1I,c.C.4y)])}});o 8v=O 3d({70:m(1O,1y){1y=$1Q({\'58\':1f.1r},1y);o 2f=O P(\'2f\',{\'3W\':1O}).65({\'3C\':1y.58,\'cA\':m(){B(c.4u==\'6v\')c.1v(\'3C\')}});4p 1y.58;k 2f.6f(1y).34(R.67)},1s:m(1O,1y){k O P(\'cB\',$1Q({\'cy\':\'cx\',\'cu\':\'cv\',\'G\':\'1I/1s\',\'7O\':1O},1y)).34(R.67)},4s:m(1O,1y){1y=$1Q({\'58\':1f.1r,\'cw\':1f.1r,\'c3\':1f.1r},1y);o 4s=O cm();4s.3W=1O;o L=O P(\'7d\',{\'3W\':1O});[\'3C\',\'79\',\'8l\'].1z(m(G){o K=1y[\'51\'+G];4p 1y[\'51\'+G];L.29(G,m(){c.4m(G,1b.7b);K.1X(c)})});B(4s.2H&&4s.3f)L.1v(\'3C\',L,1);k L.6f(1y)},6p:m(4r,C){C=$1Q({25:1f.1r,8F:1f.1r},C);B(!4r.1i)4r=[4r];o 6p=[];o 63=0;4r.1z(m(1O){o 7d=O 8v.4s(1O,{\'58\':m(){C.8F.1X(c,63);63++;B(63==4r.V)C.25()}});6p.1i(7d)});k O 1R(6p)}});o 3k=O 1f({V:0,1w:m(2t){c.N=2t||{};c.55()},53:m(1n){k(c.6o(1n))?c.N[1n]:1k},6o:m(1n){k(1n 1e c.N)},26:m(1n,J){B(!c.6o(1n))c.V++;c.N[1n]=J;k c},55:m(){c.V=0;M(o p 1e c.N)c.V++;k c},2O:m(1n){B(c.6o(1n)){4p c.N[1n];c.V--}k c},1z:m(T,17){$1z(c.N,T,17)},Q:m(N){$Q(c.N,N);k c.55()},1Q:m(){c.N=$1Q.3t(1k,[c.N].Q(1b));k c.55()},1r:m(){c.N={};c.V=0;k c},1G:m(){o 1G=[];M(o I 1e c.N)1G.1i(I);k 1G},1A:m(){o 1A=[];M(o I 1e c.N)1A.1i(c.N[I]);k 1A}});m $H(N){k O 3k(N)};3k.3g=3k.Q({1w:m(1p,C){c.1p=1p;c.C=$Q({\'8x\':1g},C||{});c.3C()},8E:m(){B(c.V==0){3g.2O(c.1p,c.C);k 1g}o 3I=3h.3F(c.N);B(3I.V>cj)k U;3g.26(c.1p,3I,c.C);k 1g},3C:m(){c.N=3h.54(3g.53(c.1p),1g)||{};c.55()}});3k.3g.2m={};[\'Q\',\'26\',\'1Q\',\'1r\',\'2O\'].1z(m(1P){3k.3g.2m[1P]=m(){3k.1x[1P].3t(c,1b);B(c.C.8x)c.8E();k c}});3k.3g.56(3k.3g.2m);o 2x=O 1f({1w:m(2o,G){G=G||(2o.1i?\'1m\':\'3i\');o 1m,1Y;21(G){Y\'1m\':1m=2o;1Y=1m.7o();1B;Y\'1Y\':1m=2o.96();1Y=2o;1B;5Z:1m=2o.57(1g);1Y=1m.7o()}1m.1Y=1Y;1m.3i=1m.52();k $Q(1m,2x.1x)},4f:m(){o 4W=$A(1b);o 6l=($G(4W[4W.V-1])==\'3P\')?4W.cn():50;o 1m=c.6Z();4W.1z(m(2o){2o=O 2x(2o);M(o i=0;i<3;i++)1m[i]=1c.2c((1m[i]/ 3w * (3w - 6l)) + (2o[i] /3w*6l))});k O 2x(1m,\'1m\')},cD:m(){k O 2x(c.2y(m(J){k 4e-J}))},cP:m(J){k O 2x([J,c.1Y[1],c.1Y[2]],\'1Y\')},cV:m(6b){k O 2x([c.1Y[0],6b,c.1Y[2]],\'1Y\')},cO:m(6b){k O 2x([c.1Y[0],c.1Y[1],6b],\'1Y\')}});m $cH(r,g,b){k O 2x([r,g,b],\'1m\')};m $bE(h,s,b){k O 2x([h,s,b],\'1Y\')};2j.Q({7o:m(){o 4O=c[0],4N=c[1],5x=c[2];o 2C,5l,6u;o 1L=1c.1L(4O,4N,5x),2X=1c.2X(4O,4N,5x);o 3R=1L-2X;6u=1L/4e;5l=(1L!=0)?3R/1L:0;B(5l==0){2C=0}19{o 7i=(1L-4O)/3R;o 7A=(1L-4N)/3R;o br=(1L-5x)/3R;B(4O==1L)2C=br-7A;19 B(4N==1L)2C=2+7i-br;19 2C=4+7A-7i;2C/=6;B(2C<0)2C++}k[1c.2c(2C*9Z),1c.2c(5l*3w),1c.2c(6u*3w)]},96:m(){o br=1c.2c(c[2]/3w*4e);B(c[1]==0){k[br,br,br]}19{o 2C=c[0]%9Z;o f=2C%60;o p=1c.2c((c[2]*(3w-c[1]))/dL*4e);o q=1c.2c((c[2]*(a0-c[1]*f))/9O*4e);o t=1c.2c((c[2]*(a0-c[1]*(60-f)))/9O*4e);21(1c.8s(2C/60)){Y 0:k[br,t,p];Y 1:k[q,br,p];Y 2:k[p,br,t];Y 3:k[p,q,br];Y 4:k[t,p,br];Y 5:k[br,p,q]}}k U}});',62,876,'||||||||||||this||||||||return||function||var|||||||||||||if|options|||el|type||property|value|event|element|for|obj|new|Element|extend|document||fn|false|length|window||case||||from||to|elements||bind|now|else|events|arguments|Math|param|in|Class|true|Fx|push|contains|null|args|rgb|key|parent|name|start|empty|css|items|array|fireEvent|initialize|prototype|properties|each|values|break|result|style|top|className|keys|left|text|selector|data|max|limit|props|source|method|merge|Elements|stop|prop|parsed|join|transition|call|hsb|getStyle||switch|overflown|mode||onComplete|set||relatedTarget|addEvent|current|timer|round|custom|pos|script|transport|string|position|Array|unit|nocash|Methods|Garbage|color|opacity|delay|url|ie|object|bound|temp|chk|Color|map|params|Events|parse|hue|documentElement|Event|Base|getElementsByTagName|width|overed|margin|container|create|match|test|remove|toInt|context|filter|addListener|tag|item|Transitions|CSS|min|parentNode|mouse|setStyle|replace||time|inject|option|pow||||response|scripts|shared|Abstract|iCss|height|Cookie|Json|hex|returns|Hash|index|target|offset|iterable|border|tmp|duration|Styles|apply|iTo|getValue|100|scrollTo|previous|select|modifiers|xpath|load|id|val|toString|periodical|drag|str|compute|cookie|webkit|cont|setNow|headers|number|getPosition|delta|size|grid|wrapper|increase|src|Drag|chains|setOptions||status|post|mousewheel|wait|scroll||queryString|catch|try|running|getNow|fx|native|255|mix|mousemove|removeListener|check|results|page|fromTo|removeEvent|indexOf|absolute|delete|collect|sources|image|htmlElement|readyState|len|getTag|px|secure|open|onSuccess|bit|setHeader|next|layout|pick|offsetHeight|right|bottom|walk|out|offsetWidth|handle|green|red|onStart|encoding|isSuccess|toLowerCase|parseFloat|unique|klass|colors|parseInt|scrollLeft|domReady||on|rgbToHex|get|evaluate|setLength|implement|hexToRgb|onload|scrollTop|send|getProperty|toQueryString|precision|regexp|iFrom|iNow|_method|xml|HTMLElement|code|saturation|splice|setMany|droppables|fKey|realType|hidden|fix|preventDefault|trash|removeEvents|Listeners|blue|stopPropagation|mp|scrollWidth|defined|visibility|split|every|body|Multi|scrollHeight|brother|setProperty|bindWithEvent|continue|tagName|end|Properties|getElementsBySelector|getElementById|loaded|getElements|webkit419|evType|currentStyle|XHR|typeof|evalScripts|default||forEach|while|counter|included|addEvents|XMLHttpRequest|head|proto|onreadystatechange|Options|percent|generic|onFailure|regex|setProperties|String|date|path|getCoordinates|domain|alpha|encodeURIComponent|attempt|hasKey|images|include|domready|ie_ready|getParam|brightness|complete|flag|getItems|trim|newArray|transitions|insertBefore|first|found|setTransport|concat|Chain|firstChild|onCancel|clear|node|getSize|scrollSize|add|Style|checked|padding|iProps|qs|charAt|disabled|evalResponse|multiple|random|Object|copy|javascript|update|setHTML|innerText|selected|easeType|Dom|cssText|xhtml|abort|hasChild|callee|addEventListener|img|mousedown|gecko|compat|callChain|rr|DOMMouseScroll|NativeEvents|mouseup|appendChild|pageX|rgbToHsb|getLast|merged|hasClass|pageY|fixed|RegExp|nodeType|setStyles|clean|relative|mouseover|gr|Function|PI|toUpperCase|pairs|class|operator|unload|camelCase|getMany|Transition|mouseout|textContent|borderShort|href|clientY|innerHTML|direction|capitalize|Width|picked|which|prefix|constructor|fixStyle|clientX|appendText|clientWidth|opera|clientHeight|escapeRegExp|pageXOffset|Merge|wheelDelta|resolver|filterByAttribute|styleSheet|pageYOffset|pp|0px|filterByClass|getFormElements|normal|mouseleave|mouseenter|cloneEvents|filterById|error|beforeunload|Bottom|keydown|Left|sel|PropertiesIFlag|floor|click|removeEventListener|Asset|textarea|autoSave|getElement|relatedTargetGecko|1000|fixRelatedTarget|substr|input|save|onProgress|extended|Right|shift|Top|slice|getWidth|where|onRequest|cancel|slideOut|getNext|onStateChange|defaultView|sin|hyphenate|checkAgainst|slideIn|childNodes|application|getStyles|styles|nodeValue|injectAfter|adopt|hide|vertical|hsbToRgb|elementsProperty|autoCancel|zoom|ActiveXObject|onDrag|contents|urlEncoded|undefined|addClass|removeClass|getLeft|getTop|Move|www|onSnap|before|setOpacity|visible|cos|attach|after|argument|snap|distance|onBeforeStart|toElement|async|iParsed|Date|toFloat|Ajax|getHeader|getScrollLeft|ie6|getScrollHeight|setTimeout|change|step|request|Single|removeChild|interval|full|600000|Number|getTime|fps|getScrollWidth|getScrollTop|execScript|createElement|wheelStops|Content|getHeight|360|6000|wheel|getText|taintEnabled|clone|attachEvent|version|webkit420|nodeName|textnode|setInterval|cssFloat|detail|120|injectInside|chain|cloneNode|styleFloat|navigator|injectTop|bindAsEventListener|keyCode|replaceChild|control|shiftKey||pass|meta|alt|altKey|ctrlKey|createTextNode|metaKey|khtml|MooTools|replaceWith|BackgroundImageCache|float|CollectGarbage|toggleClass|srcElement|err|getBoxObjectFor|detachEvent|readOnly|getParent|lastChild|some|getChildren|associate|iframe|borderWidth|borderStyle|borderColor|getPrevious|execCommand|getFirst|ie7|DOMElement|attributes|getProperties|removeAttribute|getRandom|removeProperty|boolean|embed|clearInterval|clearTimeout|getAttribute|times|Window|Sibling|transparent|tabIndex|maxlength|tabindex|accessKey|hasLayout|maxLength|readonly|zIndex|all|frameBorder|frameborder|Document|clearChain|whitespace|colSpan|rowspan||colspan|getPropertyValue|htmlFor|rowSpan|collection|accesskey|setText|setAttribute|getComputedStyle|injectBefore|toLeft|over|HSB|drop|emptydrop|leave|makeResizable|Quint|detach|sqrt|makeDraggable|utf|200|300|responseText|urlencoded|form|Microsoft|XMLHTTP|charset|Quart|Cubic|Out|InOut|ease|Pow|In|onerror|easeIn|easeOut|easeInOut|Expo|Circ|Elastic|111|Quad|Bounce|618|acos|Sine|Back|responseXML|overrideMimeType|4096|eval|Remote|Image|pop|Eaeflnr|toGMTString|decodeURIComponent|isFinite|Request|JSON|media|screen|onabort|stylesheet|rel|json|readystatechange|link|expires|invert|With|Accept|html|RGB|Requested|postBody|Connection|close|setRequestHeader|ecma|setBrightness|setHue|action|setTime|getResponseHeader|exec|java|setSaturation|gi|toggle|linear|contextmenu|filterByTag|ES|reset|submit|move|focus|blur|namespaceURI|starts|snapshotItem|http|w3|snapshotLength|UNORDERED_NODE_SNAPSHOT_TYPE|with|substring|show|resize|keyup|fromElement|cancelBubble|returnValue|button|rightClick||fromCharCode|menu|client|enter|up|tab|dblclick|keypress|backspace|space|down|esc|org|XPathResult|Scroll|effects|DOMContentLoaded|defer|https|write|onDomReady|1999|10000|clearTimer|500|effect|innerWidth|innerHeight|protocol|void|checkbox|radio|location|getElementsByClassName|div|horizontal|overflow|Slide|password|offsetParent|toTop|toRight|toBottom|offsetLeft|offsetTop'.split('|'),0,{})) diff --git a/config/snort/javascript/sortableTable.js b/config/snort/javascript/sortableTable.js new file mode 100644 index 00000000..096f8d4c --- /dev/null +++ b/config/snort/javascript/sortableTable.js @@ -0,0 +1,288 @@ + + +/************************************************************** + + Script : Sortable Table + Version : 1.4 + Authors : Samuel Birch + Desc : Sorts and filters table elements + Licence : Open Source MIT Licence + +**************************************************************/ + +var sortableTable = new Class({ + + getOptions: function(){ + return { + overCls: false, + onClick: false, + sortOn: 0, + sortBy: 'ASC', + filterHide: true, + filterHideCls: 'hide', + filterSelectedCls: 'selected' + }; + }, + + initialize: function(table, options){ + this.setOptions(this.getOptions(), options); + this.table = $(table); + this.tHead = this.table.getElement('thead'); + this.tBody = this.table.getElement('tbody'); + this.tFoot = this.table.getElement('tfoot'); + this.elements = this.tBody.getElements('tr'); + this.filtered = false; + + /*for(i=0;i<10;i++){ + this.elements.clone().injectInside(this.tBody); + } + this.elements = this.tBody.getElements('tr');*/ + + this.elements.each(function(el,i){ + if(this.options.overCls){ + el.addEvent('mouseover', function(){ + el.addClass(options.overCls); + }, this); + el.addEvent('mouseout', function(){ + el.removeClass(options.overCls); + }); + } + if(this.options.onClick){ + el.addEvent('click', options.onClick); + } + }, this); + + //setup header + this.tHead.getElements('th').each(function(el,i){ + if(el.axis){ + el.addEvent('click', this.sort.bind(this,i)); + el.addEvent('mouseover', function(){ + el.addClass('tableHeaderOver'); + }); + el.addEvent('mouseout', function(){ + el.removeClass('tableHeaderOver'); + }); + el.getdate = function(str){ + // inner util function to convert 2-digit years to 4 + function fixYear(yr) { + yr = +yr; + if (yr<50) { yr += 2000; } + else if (yr<100) { yr += 1900; } + return yr; + }; + var ret; + // + if (str.length>12){ + strtime = str.substring(str.lastIndexOf(' ')+1); + strtime = strtime.substring(0,2)+strtime.substr(-2) + }else{ + strtime = '0000'; + } + // + // YYYY-MM-DD + if (ret=str.match(/(\d{2,4})-(\d{1,2})-(\d{1,2})/)) { + return (fixYear(ret[1])*10000) + (ret[2]*100) + (+ret[3]) + strtime; + } + // DD/MM/YY[YY] or DD-MM-YY[YY] + if (ret=str.match(/(\d{1,2})[\/-](\d{1,2})[\/-](\d{2,4})/)) { + return (fixYear(ret[3])*10000) + (ret[2]*100) + (+ret[1]) + strtime; + } + return 999999990000; // So non-parsed dates will be last, not first + }; + // + el.findData = function(elem){ + var child = elem.getFirst(); + if(child){ + return el.findData(child); + }else{ + return elem.innerHTML.trim(); + } + }; + // + el.compare = function(a,b){ + var1 = el.findData(a.getChildren()[i]); + var2 = el.findData(b.getChildren()[i]); + //var1 = a.getChildren()[i].firstChild.data; + //var2 = b.getChildren()[i].firstChild.data; + + if(el.axis == 'number'){ + var1 = parseFloat(var1); + var2 = parseFloat(var2); + + if(el.sortBy == 'ASC'){ + return var1-var2; + }else{ + return var2-var1; + } + + }else if(el.axis == 'string'){ + var1 = var1.toUpperCase(); + var2 = var2.toUpperCase(); + + if(var1==var2){return 0}; + if(el.sortBy == 'ASC'){ + if(var1<var2){return -1}; + }else{ + if(var1>var2){return -1}; + } + return 1; + + }else if(el.axis == 'date'){ + var1 = parseFloat(el.getdate(var1)); + var2 = parseFloat(el.getdate(var2)); + + if(el.sortBy == 'ASC'){ + return var1-var2; + }else{ + return var2-var1; + } + + }else if(el.axis == 'currency'){ + var1 = parseFloat(var1.substr(1).replace(',','')); + var2 = parseFloat(var2.substr(1).replace(',','')); + + if(el.sortBy == 'ASC'){ + return var1-var2; + }else{ + return var2-var1; + } + + } + + } + + if(i == this.options.sortOn){ + el.fireEvent('click'); + } + } + }, this); + }, + + sort: function(index){ + if(this.options.onStart){ + this.fireEvent('onStart'); + } + // + this.options.sortOn = index; + var header = this.tHead.getElements('th'); + var el = header[index]; + + header.each(function(e,i){ + if(i != index){ + e.removeClass('sortedASC'); + e.removeClass('sortedDESC'); + } + }); + + if(el.hasClass('sortedASC')){ + el.removeClass('sortedASC'); + el.addClass('sortedDESC'); + el.sortBy = 'DESC'; + }else if(el.hasClass('sortedDESC')){ + el.removeClass('sortedDESC'); + el.addClass('sortedASC'); + el.sortBy = 'ASC'; + }else{ + if(this.options.sortBy == 'ASC'){ + el.addClass('sortedASC'); + el.sortBy = 'ASC'; + }else if(this.options.sortBy == 'DESC'){ + el.addClass('sortedDESC'); + el.sortBy = 'DESC'; + } + } + // + this.elements.sort(el.compare); + this.elements.injectInside(this.tBody); + // + if(this.filtered){ + this.filteredAltRow(); + }else{ + this.altRow(); + } + + // + if(this.options.onComplete){ + this.fireEvent('onComplete'); + } + }, + + altRow: function(){ + this.elements.each(function(el,i){ + if(i % 2){ + el.removeClass('altRow'); + }else{ + el.addClass('altRow'); + } + }); + }, + + filteredAltRow: function(){ + this.table.getElements('.'+this.options.filterSelectedCls).each(function(el,i){ + if(i % 2){ + el.removeClass('altRow'); + }else{ + el.addClass('altRow'); + } + }); + }, + + filter: function(form){ + var form = $(form); + var col = 0; + var key = ''; + + form.getChildren().each(function(el,i){ + if(el.id == 'column'){ + col = Number(el.value); + } + if(el.id == 'keyword'){ + key = el.value.toLowerCase(); + } + if(el.type == 'reset'){ + el.addEvent('click',this.clearFilter.bind(this)); + } + }, this); + + if(key){ + this.elements.each(function(el,i){ + if(this.options.filterHide){ + el.removeClass('altRow'); + } + if(el.getChildren()[col].firstChild.data.toLowerCase().indexOf(key) > -1){ + el.addClass(this.options.filterSelectedCls); + if(this.options.filterHide){ + el.removeClass(this.options.filterHideCls); + } + }else{ + el.removeClass(this.options.filterSelectedCls); + if(this.options.filterHide){ + el.addClass(this.options.filterHideCls); + } + } + }, this); + if(this.options.filterHide){ + this.filteredAltRow(); + this.filtered = true; + } + } + }, + + clearFilter: function(){ + this.elements.each(function(el,i){ + el.removeClass(this.options.filterSelectedCls); + if(this.options.filterHide){ + el.removeClass(this.options.filterHideCls); + } + }, this); + if(this.options.filterHide){ + this.altRow(); + this.filtered = false; + } + } + +}); +sortableTable.implement(new Events); +sortableTable.implement(new Options); + +/*************************************************************/ diff --git a/config/snort/javascript/tabs.js b/config/snort/javascript/tabs.js new file mode 100644 index 00000000..40e54f0e --- /dev/null +++ b/config/snort/javascript/tabs.js @@ -0,0 +1,123 @@ +// CSS helper functions +CSS = { + // Adds a class to an element. + AddClass: function (e, c) { + if (!e.className.match(new RegExp("\\b" + c + "\\b", "i"))) + e.className += (e.className ? " " : "") + c; + }, + + // Removes a class from an element. + RemoveClass: function (e, c) { + e.className = e.className.replace(new RegExp(" \\b" + c + "\\b|\\b" + c + "\\b ?", "gi"), ""); + } +}; + +// Functions for handling tabs. +Tabs = { + // Changes to the tab with the specified ID. + GoTo: function (contentId, skipReplace) { + // This variable will be true if a tab for the specified + // content ID was found. + var foundTab = false; + + // Get the TOC element. + var toc = document.getElementById("toc"); + if (toc) { + var lis = toc.getElementsByTagName("li"); + for (var j = 0; j < lis.length; j++) { + var li = lis[j]; + + // Give the current tab link the class "current" and + // remove the class from any other TOC links. + var anchors = li.getElementsByTagName("a"); + for (var k = 0; k < anchors.length; k++) { + if (anchors[k].hash == "#" + contentId) { + CSS.AddClass(li, "current"); + foundTab = true; + break; + } else { + CSS.RemoveClass(li, "current"); + } + } + } + } + + // Show the content with the specified ID. + var divsToHide = []; + var divs = document.getElementsByTagName("div"); + for (var i = 0; i < divs.length; i++) { + var div = divs[i]; + + if (div.className.match(/\bcontent\b/i)) { + if (div.id == "_" + contentId) + div.style.display = "block"; + else + divsToHide.push(div); + } + } + + // Hide the other content boxes. + for (var i = 0; i < divsToHide.length; i++) + divsToHide[i].style.display = "none"; + + // Change the address bar. + if (!skipReplace) window.location.replace("#" + contentId); + }, + + OnClickHandler: function (e) { + // Stop the event (to stop it from scrolling or + // making an entry in the history). + if (!e) e = window.event; + if (e.preventDefault) e.preventDefault(); else e.returnValue = false; + + // Get the name of the anchor of the link that was clicked. + Tabs.GoTo(this.hash.substring(1)); + }, + + Init: function () { + if (!document.getElementsByTagName) return; + + // Attach an onclick event to all the anchor links on the page. + var anchors = document.getElementsByTagName("a"); + for (var i = 0; i < anchors.length; i++) { + var a = anchors[i]; + if (a.hash) a.onclick = Tabs.OnClickHandler; + } + + var contentId; + if (window.location.hash) contentId = window.location.hash.substring(1); + + var divs = document.getElementsByTagName("div"); + for (var i = 0; i < divs.length; i++) { + var div = divs[i]; + + if (div.className.match(/\bcontent\b/i)) { + if (!contentId) contentId = div.id; + div.id = "_" + div.id; + } + } + + if (contentId) Tabs.GoTo(contentId, true); + } +}; + +// Hook up the OnLoad event to the tab initialization function. +window.onload = Tabs.Init; + +// Hide the content while waiting for the onload event to trigger. +var contentId = window.location.hash || "#Introduction"; + +if (document.createStyleSheet) { + var style = document.createStyleSheet(); + style.addRule("div.content", "display: none;"); + style.addRule("div" + contentId, "display: block;"); +} else { + var head = document.getElementsByTagName("head")[0]; + if (head) { + var style = document.createElement("style"); + style.setAttribute("type", "text/css"); + style.appendChild(document.createTextNode("div.content { display: none; }")); + style.appendChild(document.createTextNode("div" + contentId + " { display: block; }")); + head.appendChild(style); + } +}
\ No newline at end of file diff --git a/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5 index 83d5bdae..0aede4a0 100644 --- a/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5 +++ b/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5 @@ -1 +1 @@ -10002
\ No newline at end of file +102
\ No newline at end of file diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 00a86c35..eef238a0 100755..100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3,6 +3,7 @@ /* snort.inc Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya part of pfSense All rights reserved. @@ -29,215 +30,982 @@ */ require_once("pfsense-utils.inc"); +require_once("config.inc"); +require_once("functions.inc"); -// Needed on 2.0 because of get_vpns_list() -require_once("filter.inc"); +// Needed on 2.0 because of filter_get_vpns_list() +require_once("filter.inc"); + +/* find out if were in 1.2.3-RELEASE */ + +$pfsense_ver_chk = exec('/bin/cat /etc/version'); +if ($pfsense_ver_chk == '1.2.3-RELEASE') +{ + $pfsense_stable = 'yes'; +}else{ + $pfsense_stable = 'no'; +} + +/* checks to see if snort is running yes/no and stop/start */ + function Running_Ck($snort_uuid, $if_real, $id) { + global $config; + + $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); + + if(snort_up_ck == ''){ + $snort_up = 'no'; + return $snort_up; + } + + if(snort_up_ck != ''){ + + //$snort_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + //$snort_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$snort_up_pre} | /usr/bin/awk '{print \$1;}'"); + + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); + $snort_up_prell = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'", $retval); + + if ($snort_up_prell != "") { + $snort_uph = 'yes'; + }else{ + $snort_uph = 'no'; + } + } + + return $snort_uph; + } + +/* checks to see if barnyard2 is running yes/no */ + function Running_Ck_b($snort_uuid, $if_real, $id) { + global $config; + + $snort_up_ck_b = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep barnyard2 | /usr/bin/awk '{print \$2;}' | sed 1q"); + + if($snort_up_ck_b == ''){ + $snort_up_b = 'no'; + return $snort_up_b; + } + + if(snort_up_ck_b != ''){ + + //$snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + //$snort_up_s_b = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + //$snort_up_r_b = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$snort_up_pre_b} | /usr/bin/awk '{print \$1;}'"); + + /* use ob_clean to clear output buffer, this code needs to be watched */ + ob_clean(); + $snort_up_pre_b = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"f snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + + if ($snort_up_pre_b != '') { + $snort_up_b = 'yes'; + }else{ + $snort_up_b = 'no'; + } + } + + return $snort_up_b; + } + + function Running_Stop($snort_uuid, $if_real, $id) { + global $config; + + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + + $start2_upb_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"snort_{$snort_uuid}_{$if_real}.u2\" | awk '{print \$1;}'"); + $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + if ($start_up_s != "") + { + exec("/bin/kill {$start_up_s}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_s != "") + { + exec("/bin/kill {$start2_upb_s}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_r != "") + { + exec("/bin/kill {$start2_upb_r}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); + } + } + + + function Running_Start($snort_uuid, $if_real, $id) { + global $config; + + $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; + if ($snort_info_chk == 'on') { + exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}_{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + } + /* define snortbarnyardlog_chk */ + /* top will have trouble if the uuid is to far back */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; + if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') { + exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"); + } + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule START for {$id}_{$snort_uuid}_{$if_real}...'"); + } + +/* get the real iface name of wan */ +function convert_friendly_interface_to_real_interface_name2($interface) +{ + global $config; + + $lc_interface = strtolower($interface); + if($lc_interface == "lan") return $config['interfaces']['lan']['if']; + if($lc_interface == "wan") return $config['interfaces']['wan']['if']; + $ifdescrs = array(); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) + $ifdescrs['opt' . $j] = "opt" . $j; + foreach ($ifdescrs as $ifdescr => $ifname) + { + if(strtolower($ifname) == $lc_interface) + return $config['interfaces'][$ifname]['if']; + if(strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface) + return $config['interfaces'][$ifname]['if']; + } + + return $interface; +} + +$if_real_wan = convert_friendly_interface_to_real_interface_name2($interface_fake); /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '9999'); ini_set('max_input_time', '9999'); /* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; +if($config['installedpackages']['snortglobal']) + $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; + +function snort_postinstall() +{ + global $config; + conf_mount_rw(); + + if(!file_exists("/var/log/snort/")) { + mwexec("mkdir -p /var/log/snort/"); + mwexec("mkdir -p /var/log/snort/barnyard2"); + } + + if(!file_exists("/var/log/snort/alert")) + touch("/var/log/snort/alert"); + + /* snort -> advanced features */ + $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; + $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; + $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; + + + /* create a few directories and ensure the sample files are in place */ + exec("/bin/mkdir -p /usr/local/etc/snort"); + exec("/bin/mkdir -p /var/log/snort"); + exec("/bin/mkdir -p /usr/local/etc/snort/rules"); + if(file_exists("/usr/local/etc/snort/snort.conf-sample")) + { + exec("/bin/rm /usr/local/etc/snort/snort.conf-sample"); + exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample"); + exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample"); + exec("/bin/rm /usr/local/etc/snort/unicode.map-sample"); + exec("/bin/rm /usr/local/etc/snort/classification.config-sample"); + exec("/bin/rm /usr/local/etc/snort/generators-sample"); + exec("/bin/rm /usr/local/etc/snort/reference.config-sample"); + exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample"); + exec("/bin/rm /usr/local/etc/snort/sid"); + exec("/bin/rm /usr/local/etc/rc.d/snort"); + exec("/bin/rm /usr/local/etc/rc.d/bardyard2"); + } + + if(!file_exists("/usr/local/etc/snort/custom_rules")) + { + exec("/bin/mkdir -p /usr/local/etc/snort/custom_rules/"); + } + + exec("/usr/sbin/pw groupadd snort"); + exec('/usr/sbin/pw useradd snort -c "SNORT USER" -d /nonexistent -g snort -s /sbin/nologin'); + exec("/usr/sbin/chown -R snort:snort /var/log/snort"); + exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); + exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); + exec("/bin/chmod -R 755 /var/log/snort"); + exec("/bin/chmod -R 755 /usr/local/etc/snort"); + exec("/bin/chmod -R 755 /usr/local/lib/snort"); + + + /* remove example files */ + if(file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0")) + { + exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); + } + + if(file_exists("/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so")) + { + exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); + } + + /* find out if were in 1.2.3-RELEASE */ + $pfsense_ver_chk = exec('/bin/cat /etc/version'); + if ($pfsense_ver_chk == '1.2.3-RELEASE') + { + $pfsense_stable = 'yes'; + }else{ + $pfsense_stable = 'no'; + } + + /* move files around, make it look clean */ + exec('/bin/mkdir -p /usr/local/www/snort/css'); + exec('/bin/mkdir -p /usr/local/www/snort/images'); + exec('/bin/mkdir -p /usr/local/www/snort/javascript'); + + chdir ("/usr/local/www/snort/css/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/css/style2.css'); + chdir ("/usr/local/www/snort/images/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/alert.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/down2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-asc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon-table-sort-desc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/up2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/logo.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/footer2.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/images/icon_excli.png'); + chdir ("/usr/local/www/snort/javascript/"); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/jquery.blockUI.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/jquery-1.3.2.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/mootools.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/sortableTable.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/tabs.js'); + + /* install barnyard2 for 2.0 and 1.2.3 */ + chdir ("/usr/local/bin/"); + if ($pfsense_stable == 'yes') { + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/7.2.x86/barnyard2'); + }else{ + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.0.x86/barnyard2'); + } + exec('/bin/chmod 077 /usr/local/bin/barnyard2'); + + /* back to default */ + chdir ("/root/"); + + conf_mount_ro(); + +} + function sync_package_snort_reinstall() { global $config; - if(!$config['installedpackages']['snort']) + conf_mount_rw(); + + if(!$config['installedpackages']['snortglobal']) return; /* create snort configuration file */ create_snort_conf(); /* start snort service */ - start_service("snort"); + // start_service("snort"); // do not start, may be needed latter. + + conf_mount_ro(); } -function sync_package_snort() + +/* func for updating cron */ +function snort_rm_blocked_install_cron($should_install) +{ + global $config, $g; + + if ($g['booting']==true) + return; + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) + { + if (strstr($item['command'], "snort2c")) + { + $is_installed = true; + break; + } + $x++; + } + + $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + if ($snort_rm_blocked_info_ck == "1h_b") + { + $snort_rm_blocked_min = "*/5"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "3600"; + } + if ($snort_rm_blocked_info_ck == "3h_b") + { + $snort_rm_blocked_min = "*/15"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "10800"; + } + if ($snort_rm_blocked_info_ck == "6h_b") + { + $snort_rm_blocked_min = "*/30"; + $snort_rm_blocked_hr = "*"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "21600"; + } + if ($snort_rm_blocked_info_ck == "12h_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/1"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "43200"; + } + if ($snort_rm_blocked_info_ck == "1d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/2"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "86400"; + } + if ($snort_rm_blocked_info_ck == "4d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/8"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "345600"; + } + if ($snort_rm_blocked_info_ck == "7d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "*/14"; + $snort_rm_blocked_mday = "*"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "604800"; + } + if ($snort_rm_blocked_info_ck == "28d_b") + { + $snort_rm_blocked_min = "2"; + $snort_rm_blocked_hr = "0"; + $snort_rm_blocked_mday = "*/2"; + $snort_rm_blocked_month = "*"; + $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "2419200"; + } + switch($should_install) + { + case true: + if(!$is_installed) + { + $cron_item = array(); + $cron_item['minute'] = "$snort_rm_blocked_min"; + $cron_item['hour'] = "$snort_rm_blocked_hr"; + $cron_item['mday'] = "$snort_rm_blocked_mday"; + $cron_item['month'] = "$snort_rm_blocked_month"; + $cron_item['wday'] = "$snort_rm_blocked_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + $config['cron']['item'][] = $cron_item; + write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules"); + configure_cron(); + } + break; + case false: + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + } + break; + } +} + +/* func to install snort update */ +function snort_rules_up_install_cron($should_install) { + global $config, $g; + + if ($g['booting']==true) + return; + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; + } + $x++; + } + $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; + if ($snort_rules_up_info_ck == "6h_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "*/6"; + $snort_rules_up_mday = "*"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "12h_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "*/12"; + $snort_rules_up_mday = "*"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "1d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/1"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "4d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/4"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "7d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/7"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + if ($snort_rules_up_info_ck == "28d_up") { + $snort_rules_up_min = "3"; + $snort_rules_up_hr = "0"; + $snort_rules_up_mday = "*/28"; + $snort_rules_up_month = "*"; + $snort_rules_up_wday = "*"; + } + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "$snort_rules_up_min"; + $cron_item['hour'] = "$snort_rules_up_hr"; + $cron_item['mday'] = "$snort_rules_up_mday"; + $cron_item['month'] = "$snort_rules_up_month"; + $cron_item['wday'] = "$snort_rules_up_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /usr/local/etc/snort/snort_update.log"; + $config['cron']['item'][] = $cron_item; + write_config("Installed 15 minute filter reload for Time Based Rules"); + configure_cron(); + } + break; + case false: + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + } + break; + } +} + +function sync_snort_package_remove_old() +{ + + global $config, $g; + +$snort_dir_scan = '/usr/local/etc/snort'; + +// scan dirm might have to make this into a funtion +$dh_scan = opendir($snort_dir_scan); +while (false !== ($dir_filename = readdir($dh_scan))) { + $list_dir_files[] = $dir_filename; +} + +// find patern in a array, very cool code +class array_ereg { + function array_ereg($pattern) { $this->pattern = $pattern; } + function ereg($string) { + return ereg($this->pattern, $string); + } +} + + $rule_array2 = $config['installedpackages']['snortglobal']['rule']; + $id2 = -1; + foreach ($rule_array2 as $value) + { + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + + $snort_rules_list[] = "snort_$id$if_real"; + + } + + +$snort_dir_filter = array_filter($list_dir_files, array(new array_ereg("snort_"), 'ereg')); +$snort_dir_filter_search_result = array_diff($snort_dir_filter, $snort_rules_list); + + foreach ($snort_dir_filter_search_result as $value) + { + exec("rm -r /usr/local/etc/snort/$value"); + } + +} + +/* make sure this func on writes to files and does not start snort */ +function sync_snort_package() { global $config, $g; conf_mount_rw(); - mwexec("mkdir -p /var/log/snort/"); + /* all new files are for the user snort nologin */ + if(!file_exists("/var/log/snort")) + { + exec("/bin/mkdir -p /var/log/snort"); + } + + exec("/usr/sbin/chown -R snort:snort /var/log/snort"); + exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); + exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); + exec("/bin/chmod -R 755 /var/log/snort"); + exec("/bin/chmod -R 755 /usr/local/etc/snort"); + exec("/bin/chmod -R 755 /usr/local/lib/snort"); - if(!file_exists("/var/log/snort/alert")) - touch("/var/log/snort/alert"); - /* snort -> advanced features */ - $bpfbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfbufsize']; - $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize']; - $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns']; + conf_mount_ro(); +} - /* set the snort performance model */ - if($config['installedpackages']['snort']['config'][0]['performance']) - $snort_performance = $config['installedpackages']['snort']['config'][0]['performance']; - else - $snort_performance = "ac-bnfa"; +/* make sure this func on writes to files and does not start snort */ +function sync_snort_package_all($id, $if_real, $snort_uuid) +{ + //global $config, $g, $id, $if_real, $snort_uuid, $interface_fake; + global $config, $g; - /* create a few directories and ensure the sample files are in place */ - exec("/bin/mkdir -p /usr/local/etc/snort"); - exec("/bin/mkdir -p /var/log/snort"); - exec("/bin/mkdir -p /usr/local/etc/snort/rules"); - exec("/bin/rm /usr/local/etc/snort/snort.conf-sample"); - exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample"); - exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample"); - exec("/bin/rm /usr/local/etc/snort/unicode.map-sample"); - exec("/bin/rm /usr/local/etc/snort/classification.config-sample"); - exec("/bin/rm /usr/local/etc/snort/generators-sample"); - exec("/bin/rm /usr/local/etc/snort/reference.config-sample"); - exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample"); - exec("/bin/rm /usr/local/etc/snort/sid"); - exec("/bin/rm -f /usr/local/etc/rc.d/snort"); - - $first = 0; - $snortInterfaces = array(); /* -gtm */ - - $if_list = $config['installedpackages']['snort']['config'][0]['iface_array']; - $if_array = split(',', $if_list); - //print_r($if_array); - if($if_array) { - foreach($if_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - - if($config['interfaces'][$iface]['ipaddr'] == "pppoe") { - $if = "ng0"; - } - - /* build a list of user specified interfaces -gtm */ - if($if){ - array_push($snortInterfaces, $if); - $first = 1; +/* RedDevil suggested code */ +/* TODO: more testing needs to be done */ +exec("/sbin/sysctl net.bpf.bufsize=8388608"); +exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); +exec("/sbin/sysctl net.bpf.maxinsns=512"); +exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); + +# Error checking +if ($id != '' && $if_real != '') //new +{ + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + + conf_mount_rw(); + + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + + /* create snort bootup file snort.sh only create once */ + create_snort_sh(); + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') + create_barnyard2_conf($id, $if_real, $snort_uuid); + + sync_snort_package(); + + conf_mount_ro(); + } + } +} + +/* only be run on new iface create, bootup and ip refresh */ +function sync_snort_package_empty() +{ + global $config, $g; + conf_mount_rw(); + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + if ($id == "") + { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + if ($id == '') { + $id = 0; + } + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + if ($if_real != '' && $snort_uuid != '') { + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + + /* create barnyard2 configuration file */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + if ($snortbarnyardlog_info_chk == 'on') + create_barnyard2_conf($id, $if_real, $snort_uuid); + } } - } - - if (count($snortInterfaces) < 1) { - log_error("Snort will not start. You must select an interface for it to listen on."); - return; + + /* create snort bootup file snort.sh only create once */ + create_snort_sh(); + + sync_snort_package(); + } } - //print_r($snortInterfaces); - - /* create log directory */ - $start = "/bin/mkdir -p /var/log/snort\n"; - - /* snort advanced features - bpf tuning */ - if($bpfbufsize) - $start .= "sysctl net.bpf.bufsize={$bpfbufsize}\n"; - if($bpfmaxbufsize) - $start .= "sysctl net.bpf.maxbufsize={$bpfmaxbufsize}\n"; - if($bpfmaxinsns) - $start .= "sysctl net.bpf.maxinsns={$bpfmaxinsns}\n"; - - /* go ahead and issue bpf changes */ - if($bpfbufsize) - mwexec_bg("sysctl net.bpf.bufsize={$bpfbufsize}"); - if($bpfmaxbufsize) - mwexec_bg("sysctl net.bpf.maxbufsize={$bpfmaxbufsize}"); - if($bpfmaxinsns) - mwexec_bg("sysctl net.bpf.maxinsns={$bpfmaxinsns}"); - - /* always stop barnyard2 before starting snort -gtm */ - $start .= "/usr/bin/killall barnyard2\n"; - - /* start a snort process for each interface -gtm */ - /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */ - /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */ - /* TODO; get snort to start under nologin shell */ - foreach($snortInterfaces as $snortIf) +} + +/* Start of main config files */ +/* Start of main config files */ + + +/* open snort.sh for writing" */ +function create_snort_sh() +{ + # Don not add $id or this will break + + global $config, $g; + conf_mount_rw(); + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) { - $start .= "sleep 4\n"; - $start .= "/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -q\n"; - /* define snortbarnyardlog_chk */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; - if ($snortbarnyardlog_info_chk == on) - $start .= "\nsleep 4;/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n"; - } - $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php\n\texit 1\n\tfi\n\n"; - $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n"; - $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n"; - $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n"; - $del_old_pids = "\nrm -f /var/run/snort_*\n"; - $sample_before = "BEFORE_MEM=`top | grep Wired | awk '{print \$12}'`\n"; - $sample_after = "\n\tAFTER_MEM=`top | grep Wired | awk '{print \$12}'`\n"; - if ($snort_performance == "ac-bnfa") - $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=60\n"; - else - $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=300\n"; - $sleep_before_final .= "while [ \"\$MYSNORTLOG\" = \"\" -a \$WAITSECURE -gt 0 ] ; do\n\tsleep 2\n\tMYSNORTLOG=`/usr/sbin/clog /var/log/system.log | grep snort | tail | grep 'Snort initialization completed successfully'`\n\tWAITSECURE=`expr \$WAITSECURE - 1`\ndone\n"; - $total_used_after = "TOTAL_USAGE=`top | grep snort | grep -v grep | awk '{ print \$6 }'`\n"; - $echo_usage .= $sample_after . "\t" . $total_used_after . "\techo \"Ram free BEFORE starting Snort: \$BEFORE_MEM -- Ram free AFTER starting Snort: \$AFTER_MEM -- Mode " . $snort_performance . " -- Snort memory usage: \$TOTAL_USAGE\" | logger -p daemon.info -i -t SnortStartup\n\n"; + if ($id == "") + { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + $id += 1; + + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + + /* define snortbarnyardlog_chk */ + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; + + if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') { + $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"; + } + +/* Get all interface startup commands ready */ + +$snort_sh_text2[] = <<<EOD +###### For Each Iface + + # If Snort proc is NOT running + if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then + + /bin/echo "snort.sh run" > /tmp/snort.sh.pid - /* write out rc.d start/stop file */ - write_rcfile(array( - "file" => "snort.sh", - "start" => "{$check_if_snort_runs}{$if_snort_pid}{$echo_snort_sh_pid}{$echo_snort_sh_startup_log}{$del_old_pids}{$sample_before}{$start}{$sleep_before_final}{$echo_usage}", - "stop" => "/usr/bin/killall snort; killall barnyard2" - ) - ); + # Start snort and barnyard2 + /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid + /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck - /* create snort configuration file */ - create_snort_conf(); + /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}_{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + $start_barnyard2 -/* create barnyard2 configuration file */ -$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; -if ($snortbarnyardlog_info_chk == on) - create_barnyard2_conf(); + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..." - /* snort will not start on install untill setting are set */ -if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "") { - /* start snort service */ - conf_mount_ro(); - start_service("snort"); + fi +EOD; + +$snort_sh_text3[] = <<<EOE + +###### For Each Iface + + #### Fake start only used on bootup and Pfsense IP changes + #### Only try to restart if snort is running on Iface + if [ "`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" != "" ]; then + + snort_pid="`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print $2;}'`" + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort already running, soft restart" + + #### Restart Iface + /bin/kill -HUP \${snort_pid} + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..." + + fi + +EOE; + +$snort_sh_text4[] = <<<EOF + + pid_s=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "R {$snort_uuid}_{$if_real}" | /usr/bin/awk '{print \$2;}'` + sleep 3 + pid_b=`/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep "snort_{$snort_uuid}_{$if_real}.u2" | /usr/bin/awk '{print \$2;}'` + + if [ \${pid_s} ] ; then + + /bin/echo "snort.sh run" > /tmp/snort.sh.pid + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..." + + /bin/kill \${pid_s} + sleep 3 + /bin/kill \${pid_b} + + /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck + /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid + + fi + +EOF; + + } + } } + + +$start_snort_iface_start = implode("\n\n", $snort_sh_text2); + +$start_snort_iface_restart = implode("\n\n", $snort_sh_text3); + +$start_snort_iface_stop = implode("\n\n", $snort_sh_text4); + +/* open snort.sh for writing" */ +conf_mount_rw(); + +$snort_sh_text = <<<EOD +#!/bin/sh +######## +# This file was automatically generated +# by the pfSense service handler. +# Code added to protect from double starts on pfSense bootup +######## Begining of Main snort.sh + +rc_start() { + + #### Check for double starts, Pfsense has problems with that + if /bin/ls /tmp/snort.sh.pid > /dev/null ; then + + /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" + exit 0 + + fi + + /bin/echo "snort.sh run" > /tmp/snort.sh.pid + + #### Remake the configs on boot Important! + /usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Startup files Sync..." + +$start_snort_iface_restart + + /bin/rm /tmp/snort.sh.pid + + #### If on Fake start snort is NOT running DO a real start. + if [ "`/bin/ps -auwx | grep -v grep | grep "R {$snort_uuid}_{$if_real}" | awk '{print $2;}'`" = "" ]; then + + rc_start_real + + fi +} + +rc_start_real() { + + #### Check for double starts, Pfsense has problems with that + if /bin/ls /tmp/snort.sh.pid > /dev/null ; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" + exit 0 + fi + +$start_snort_iface_start + + /bin/rm /tmp/snort.sh.pid + +} + +rc_stop() { + + #### Check for double starts, Pfsense has problems with that + if /bin/ls /tmp/snort.sh.pid > /dev/null ; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" + exit 0 + fi + +$start_snort_iface_stop + + /bin/rm /tmp/snort.sh.pid + /bin/rm /var/run/snort* + +} + +case $1 in + start) + rc_start + ;; + start_real) + rc_start_real + ;; + stop) + rc_stop + ;; + restart) + rc_stop + rc_start_real + ;; +esac + +EOD; + + /* write out snort.sh */ + $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); + if(!$bconf) { + log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); + exit; + } + /* write snort.sh */ + fwrite($bconf, $snort_sh_text); + fclose($bconf); + +} + + +///////////////////////// >>>>>>>>>>>> + +/* if rules exist copy to new interfaces */ +function create_rules_iface($id, $if_real, $snort_uuid) +{ + + global $config, $g; + conf_mount_rw(); + + $if_rule_dir = "/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"; + $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full'; + + if ($folder_chk == "empty") + { + exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + if (file_exists("/usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules")) + { + exec("/bin/cp /usr/local/etc/snort/custom_rules/local_{$snort_uuid}_{$if_real}.rules /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules/local_{$snort_uuid}_{$if_real}.rules"); + } + } + } /* open barnyard2.conf for writing */ -function create_barnyard2_conf() { - global $bconfig, $bg; +function create_barnyard2_conf($id, $if_real, $snort_uuid) { + global $bconfig, $g; /* write out barnyard2_conf */ - conf_mount_rw(); - $barnyard2_conf_text = generate_barnyard2_conf(); - $bconf = fopen("/usr/local/etc/barnyard2.conf", "w"); + + if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf")) + { + exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + } + + $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); + $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); if(!$bconf) { - log_error("Could not open /usr/local/etc/barnyard2.conf for writing."); + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf for writing."); exit; } fwrite($bconf, $barnyard2_conf_text); fclose($bconf); - conf_mount_ro(); } + /* open barnyard2.conf for writing" */ -function generate_barnyard2_conf() { +function generate_barnyard2_conf($id, $if_real, $snort_uuid) { global $config, $g; conf_mount_rw(); /* define snortbarnyardlog */ -/* TODO add support for the other 5 output plugins */ +/* TODO: add support for the other 5 output plugins */ -$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database']; -$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname']; -$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface']; +$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; +$snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); $barnyard2_conf_text = <<<EOD # barnyard2.conf # barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php - +# # Copyright (C) 2006 Robert Zelaya # part of pfSense # All rights reserved. - -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: - +# # 1. Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. - +# # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. - +# # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -248,93 +1016,125 @@ $barnyard2_conf_text = <<<EOD # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. +# # set the appropriate paths to the file(s) your Snort process is using -config reference-map: /usr/local/etc/snort/reference.config -config class-map: /usr/local/etc/snort/classification.config -config gen-msg-map: /usr/local/etc/snort/gen-msg.map -config sid-msg-map: /usr/local/etc/snort/sid-msg.map + +config reference_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config +config classification_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config +config gen_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map +config sid_file: /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map config hostname: $snortbarnyardlog_hostname_info_chk -config interface: $snortbarnyardlog_interface_info_chk +config interface: {$snort_uuid}_{$if_real} # Step 2: setup the input plugins input unified2 +config logdir: /var/log/snort + # database: log to a variety of databases # output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx $snortbarnyardlog_database_info_chk EOD; - conf_mount_rw(); + return $barnyard2_conf_text; } -function create_snort_conf() { +function create_snort_conf($id, $if_real, $snort_uuid) +{ global $config, $g; /* write out snort.conf */ - $snort_conf_text = generate_snort_conf(); + + if ($if_real != '' && $snort_uuid != '') { + + $snort_conf_text = generate_snort_conf($id, $if_real, $snort_uuid); conf_mount_rw(); - $conf = fopen("/usr/local/etc/snort/snort.conf", "w"); + $conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w"); if(!$conf) { - log_error("Could not open /usr/local/etc/snort/snort.conf for writing."); + log_error("Could not open /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf for writing."); exit; } fwrite($conf, $snort_conf_text); fclose($conf); conf_mount_ro(); + } } -function snort_deinstall() { +function snort_deinstall() +{ - global $config, $g; + global $config, $g, $id, $if_real; + conf_mount_rw(); /* remove custom sysctl */ remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480"); /* decrease bpf buffers back to 4096, from 20480 */ exec("/sbin/sysctl net.bpf.bufsize=4096"); - exec("/usr/bin/killall snort"); - sleep(5); - exec("/usr/bin/killall -9 snort"); - exec("rm -f /usr/local/etc/rc.d/snort*"); + exec("/usr/usr/bin/killall snort"); + sleep(2); + exec("/usr/usr/bin/killall -9 snort"); + sleep(2); + exec("/usr/usr/bin/killall barnyard2"); + sleep(2); + exec("/usr/usr/bin/killall -9 barnyard2"); + sleep(2); + exec("/usr/sbin/pw userdel snort"); + exec("/usr/sbin/pw groupdel snort"); exec("rm -rf /usr/local/etc/snort*"); + //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`"); exec("cd /var/db/pkg && pkg_delete `ls | grep snort`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep libdnet`"); - exec("/usr/bin/killall -9 snort"); - exec("/usr/bin/killall snort"); + exec("cd /var/db/pkg && pkg_delete `ls | grep mysql`"); + exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); + exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); /* Remove snort cron entries Ugly code needs smoothness*/ - - function snort_rm_blocked_deinstall_cron($should_install) { + +function snort_rm_blocked_deinstall_cron($should_install) +{ global $config, $g; + conf_mount_rw(); $is_installed = false; if(!$config['cron']['item']) - return; + return; $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } - $x++; - } - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } + foreach($config['cron']['item'] as $item) + { + if (strstr($item['command'], "snort2c")) + { + $is_installed = true; + break; + } + + $x++; + } - - function snort_rules_up_deinstall_cron($should_install) { + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + + configure_cron(); + + } + conf_mount_ro(); + +} + + function snort_rules_up_deinstall_cron($should_install) +{ global $config, $g; + conf_mount_rw(); $is_installed = false; @@ -353,10 +1153,11 @@ function snort_deinstall() { if($x > 0) { unset($config['cron']['item'][$x]); write_config(); + conf_mount_rw(); } configure_cron(); } - } +} snort_rm_blocked_deinstall_cron(""); snort_rules_up_deinstall_cron(""); @@ -364,177 +1165,200 @@ snort_rules_up_deinstall_cron(""); /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ /* Keep this as a last step */ - unset($config['installedpackages']['snort']['config'][0]['autorulesupdate7']); - unset($config['installedpackages']['snort']['config'][0]['rm_blocked']); + unset($config['installedpackages']['snortglobal']); write_config(); + conf_mount_rw(); + + exec("rm -r /usr/local/www/snort"); + exec("rm -r /usr/local/pkg/snort"); + exec("rm -r /usr/local/lib/snort/"); + exec("rm -r /var/log/snort/"); + conf_mount_ro(); + } -function generate_snort_conf() { +function generate_snort_conf($id, $if_real, $snort_uuid) +{ global $config, $g; + conf_mount_rw(); + /* obtain external interface */ /* XXX: make multi wan friendly */ - $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0]; + $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $snort_config_pass_thru = $config['installedpackages']['snortadvanced']['config'][0]['configpassthru']; + /* create basic files */ + if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}")) + { + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/"); + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); + + if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map")) + { + exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config"); + exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map"); + exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config"); + exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map"); + exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map"); + exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf"); + exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf"); + exec("/bin/cp/usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"); + } + } /* define snortalertlogtype */ -$snortalertlogtype = $config['installedpackages']['snortadvanced']['config'][0]['snortalertlogtype']; +$snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype']; if ($snortalertlogtype == fast) $snortalertlogtype_type = "output alert_fast: alert"; else $snortalertlogtype_type = "output alert_full: alert"; /* define alertsystemlog */ -$alertsystemlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['alertsystemlog']; +$alertsystemlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['alertsystemlog']; if ($alertsystemlog_info_chk == on) $alertsystemlog_type = "output alert_syslog: log_alert"; /* define tcpdumplog */ -$tcpdumplog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['tcpdumplog']; +$tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog']; if ($tcpdumplog_info_chk == on) $tcpdumplog_type = "output log_tcpdump: snorttcpd.log"; -/* define snortbarnyardlog_chk */ -$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; -if ($snortbarnyardlog_info_chk == on) - $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D"; - /* define snortunifiedlog */ -$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog']; +$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog']; if ($snortunifiedlog_info_chk == on) - $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128"; + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; -/* define spoink */ -$spoink_info_chk = $config['installedpackages']['snort']['config'][0]['blockoffenders7']; +/* define spoink (DISABLED)*/ +$spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7']; if ($spoink_info_chk == on) $spoink_type = "output alert_pf: /var/db/whitelist,snort2c"; /* define servers and ports snortdefservers */ /* def DNS_SERVSERS */ -$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers']; +$def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers']; if ($def_dns_servers_info_chk == "") $def_dns_servers_type = "\$HOME_NET"; else $def_dns_servers_type = "$def_dns_servers_info_chk"; /* def DNS_PORTS */ -$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports']; +$def_dns_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_ports']; if ($def_dns_ports_info_chk == "") $def_dns_ports_type = "53"; else $def_dns_ports_type = "$def_dns_ports_info_chk"; /* def SMTP_SERVSERS */ -$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers']; +$def_smtp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_servers']; if ($def_smtp_servers_info_chk == "") $def_smtp_servers_type = "\$HOME_NET"; else $def_smtp_servers_type = "$def_smtp_servers_info_chk"; /* def SMTP_PORTS */ -$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports']; +$def_smtp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_smtp_ports']; if ($def_smtp_ports_info_chk == "") $def_smtp_ports_type = "25"; else $def_smtp_ports_type = "$def_smtp_ports_info_chk"; /* def MAIL_PORTS */ -$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports']; +$def_mail_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mail_ports']; if ($def_mail_ports_info_chk == "") $def_mail_ports_type = "25,143,465,691"; else $def_mail_ports_type = "$def_mail_ports_info_chk"; /* def HTTP_SERVSERS */ -$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers']; +$def_http_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_servers']; if ($def_http_servers_info_chk == "") $def_http_servers_type = "\$HOME_NET"; else $def_http_servers_type = "$def_http_servers_info_chk"; /* def WWW_SERVSERS */ -$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers']; +$def_www_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_www_servers']; if ($def_www_servers_info_chk == "") $def_www_servers_type = "\$HOME_NET"; else $def_www_servers_type = "$def_www_servers_info_chk"; /* def HTTP_PORTS */ -$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports']; +$def_http_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_http_ports']; if ($def_http_ports_info_chk == "") $def_http_ports_type = "80"; else $def_http_ports_type = "$def_http_ports_info_chk"; /* def SQL_SERVSERS */ -$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers']; +$def_sql_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sql_servers']; if ($def_sql_servers_info_chk == "") $def_sql_servers_type = "\$HOME_NET"; else $def_sql_servers_type = "$def_sql_servers_info_chk"; /* def ORACLE_PORTS */ -$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports']; +$def_oracle_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_oracle_ports']; if ($def_oracle_ports_info_chk == "") $def_oracle_ports_type = "1521"; else $def_oracle_ports_type = "$def_oracle_ports_info_chk"; /* def MSSQL_PORTS */ -$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports']; +$def_mssql_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_mssql_ports']; if ($def_mssql_ports_info_chk == "") $def_mssql_ports_type = "1433"; else $def_mssql_ports_type = "$def_mssql_ports_info_chk"; /* def TELNET_SERVSERS */ -$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers']; +$def_telnet_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_servers']; if ($def_telnet_servers_info_chk == "") $def_telnet_servers_type = "\$HOME_NET"; else $def_telnet_servers_type = "$def_telnet_servers_info_chk"; /* def TELNET_PORTS */ -$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports']; +$def_telnet_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_telnet_ports']; if ($def_telnet_ports_info_chk == "") $def_telnet_ports_type = "23"; else $def_telnet_ports_type = "$def_telnet_ports_info_chk"; /* def SNMP_SERVSERS */ -$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers']; +$def_snmp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_servers']; if ($def_snmp_servers_info_chk == "") $def_snmp_servers_type = "\$HOME_NET"; else $def_snmp_servers_type = "$def_snmp_servers_info_chk"; /* def SNMP_PORTS */ -$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports']; +$def_snmp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_snmp_ports']; if ($def_snmp_ports_info_chk == "") $def_snmp_ports_type = "161"; else $def_snmp_ports_type = "$def_snmp_ports_info_chk"; /* def FTP_SERVSERS */ -$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers']; +$def_ftp_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_servers']; if ($def_ftp_servers_info_chk == "") $def_ftp_servers_type = "\$HOME_NET"; else $def_ftp_servers_type = "$def_ftp_servers_info_chk"; /* def FTP_PORTS */ -$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports']; +$def_ftp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ftp_ports']; if ($def_ftp_ports_info_chk == "") $def_ftp_ports_type = "21"; else $def_ftp_ports_type = "$def_ftp_ports_info_chk"; /* def SSH_SERVSERS */ -$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers']; +$def_ssh_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_servers']; if ($def_ssh_servers_info_chk == "") $def_ssh_servers_type = "\$HOME_NET"; else @@ -547,360 +1371,124 @@ else $ssh_port = "22"; /* def SSH_PORTS */ -$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports']; +$def_ssh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssh_ports']; if ($def_ssh_ports_info_chk == "") $def_ssh_ports_type = "{$ssh_port}"; else $def_ssh_ports_type = "$def_ssh_ports_info_chk"; /* def POP_SERVSERS */ -$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers']; +$def_pop_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop_servers']; if ($def_pop_servers_info_chk == "") $def_pop_servers_type = "\$HOME_NET"; else $def_pop_servers_type = "$def_pop_servers_info_chk"; /* def POP2_PORTS */ -$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports']; +$def_pop2_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop2_ports']; if ($def_pop2_ports_info_chk == "") $def_pop2_ports_type = "109"; else $def_pop2_ports_type = "$def_pop2_ports_info_chk"; /* def POP3_PORTS */ -$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports']; +$def_pop3_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_pop3_ports']; if ($def_pop3_ports_info_chk == "") $def_pop3_ports_type = "110"; else $def_pop3_ports_type = "$def_pop3_ports_info_chk"; /* def IMAP_SERVSERS */ -$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers']; +$def_imap_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_servers']; if ($def_imap_servers_info_chk == "") $def_imap_servers_type = "\$HOME_NET"; else $def_imap_servers_type = "$def_imap_servers_info_chk"; /* def IMAP_PORTS */ -$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports']; +$def_imap_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_imap_ports']; if ($def_imap_ports_info_chk == "") $def_imap_ports_type = "143"; else $def_imap_ports_type = "$def_imap_ports_info_chk"; /* def SIP_PROXY_IP */ -$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip']; +$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ip']; if ($def_sip_proxy_ip_info_chk == "") $def_sip_proxy_ip_type = "\$HOME_NET"; else $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk"; /* def SIP_PROXY_PORTS */ -$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports']; +$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_sip_proxy_ports']; if ($def_sip_proxy_ports_info_chk == "") $def_sip_proxy_ports_type = "5060:5090,16384:32768"; else $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; /* def AUTH_PORTS */ -$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports']; +$def_auth_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_auth_ports']; if ($def_auth_ports_info_chk == "") $def_auth_ports_type = "113"; else $def_auth_ports_type = "$def_auth_ports_info_chk"; /* def FINGER_PORTS */ -$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports']; +$def_finger_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_finger_ports']; if ($def_finger_ports_info_chk == "") $def_finger_ports_type = "79"; else $def_finger_ports_type = "$def_finger_ports_info_chk"; /* def IRC_PORTS */ -$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports']; +$def_irc_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_irc_ports']; if ($def_irc_ports_info_chk == "") $def_irc_ports_type = "6665,6666,6667,6668,6669,7000"; else $def_irc_ports_type = "$def_irc_ports_info_chk"; /* def NNTP_PORTS */ -$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports']; +$def_nntp_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_nntp_ports']; if ($def_nntp_ports_info_chk == "") $def_nntp_ports_type = "119"; else $def_nntp_ports_type = "$def_nntp_ports_info_chk"; /* def RLOGIN_PORTS */ -$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports']; +$def_rlogin_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rlogin_ports']; if ($def_rlogin_ports_info_chk == "") $def_rlogin_ports_type = "513"; else $def_rlogin_ports_type = "$def_rlogin_ports_info_chk"; /* def RSH_PORTS */ -$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports']; +$def_rsh_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_rsh_ports']; if ($def_rsh_ports_info_chk == "") $def_rsh_ports_type = "514"; else $def_rsh_ports_type = "$def_rsh_ports_info_chk"; /* def SSL_PORTS */ -$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports']; +$def_ssl_ports_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports']; if ($def_ssl_ports_info_chk == "") - $def_ssl_ports_type = "25,443,465,636,993,995"; + $def_ssl_ports_type = "443,465,563,636,989,990,992,993,994,995"; else $def_ssl_ports_type = "$def_ssl_ports_info_chk"; - /* add auto update scripts to /etc/crontab */ -// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php"; -// $filenamea = "/etc/crontab"; -// remove_text_from_file($filenamea, $text_ww); -// add_text_to_file($filenamea, $text_ww); -// exec("killall -HUP cron"); */ - /* should we install a automatic update crontab entry? */ - $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate']; + $automaticrulesupdate = $config['installedpackages']['snortglobal']['automaticrulesupdate7']; /* if user is on pppoe, we really want to use ng0 interface */ if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe") $snort_ext_int = "ng0"; /* set the snort performance model */ - if($config['installedpackages']['snort']['config'][0]['performance']) - $snort_performance = $config['installedpackages']['snort']['config'][0]['performance']; + if($config['installedpackages']['snortglobal']['rule'][$id]['performance']) + $snort_performance = $config['installedpackages']['snortglobal']['rule'][$id]['performance']; else $snort_performance = "ac-bnfa"; - /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */ - $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; - if ($snort_rm_blocked_info_ck == "never_b") - $snort_rm_blocked_false = ""; - else - $snort_rm_blocked_false = "true"; - -if ($snort_rm_blocked_info_ck != "") { -function snort_rm_blocked_install_cron($should_install) { - global $config, $g; - conf_mount_rw(); - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort2c")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; - if ($snort_rm_blocked_info_ck == "1h_b") { - $snort_rm_blocked_min = "*/5"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "3600"; - } - if ($snort_rm_blocked_info_ck == "3h_b") { - $snort_rm_blocked_min = "*/15"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "10800"; - } - if ($snort_rm_blocked_info_ck == "6h_b") { - $snort_rm_blocked_min = "*/30"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "21600"; - } - if ($snort_rm_blocked_info_ck == "12h_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/1"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "43200"; - } - if ($snort_rm_blocked_info_ck == "1d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/2"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "86400"; - } - if ($snort_rm_blocked_info_ck == "4d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/8"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "345600"; - } - if ($snort_rm_blocked_info_ck == "7d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "*/14"; - $snort_rm_blocked_mday = "*"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "604800"; - } - if ($snort_rm_blocked_info_ck == "28d_b") { - $snort_rm_blocked_min = "2"; - $snort_rm_blocked_hr = "0"; - $snort_rm_blocked_mday = "*/2"; - $snort_rm_blocked_month = "*"; - $snort_rm_blocked_wday = "*"; - $snort_rm_blocked_expire = "2419200"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - conf_mount_rw(); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - break; - } - } - snort_rm_blocked_install_cron(""); - snort_rm_blocked_install_cron($snort_rm_blocked_false); -} - - /* set the snort rules update time */ - $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7']; - if ($snort_rules_up_info_ck == "never_up") - $snort_rules_up_false = ""; - else - $snort_rules_up_false = "true"; - -if ($snort_rules_up_info_ck != "") { -function snort_rules_up_install_cron($should_install) { - global $config, $g; - conf_mount_rw(); - if ($g['booting']==true) - return; - - $is_installed = false; - - if(!$config['cron']['item']) - return; - - $x=0; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "snort_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } - $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7']; - if ($snort_rules_up_info_ck == "6h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/6"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "12h_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "*/12"; - $snort_rules_up_mday = "*"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "1d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/1"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "4d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/4"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "7d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/7"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - if ($snort_rules_up_info_ck == "28d_up") { - $snort_rules_up_min = "3"; - $snort_rules_up_hr = "0"; - $snort_rules_up_mday = "*/28"; - $snort_rules_up_month = "*"; - $snort_rules_up_wday = "*"; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - conf_mount_rw(); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - conf_mount_rw(); - } - configure_cron(); - } - break; - } - } - snort_rules_up_install_cron(""); - snort_rules_up_install_cron($snort_rules_up_false); -} - /* Be sure we're really rw before writing */ - conf_mount_rw(); - /* open snort2c's whitelist for writing */ + /* open snort's whitelist for writing */ $whitelist = fopen("/var/db/whitelist", "w"); if(!$whitelist) { log_error("Could not open /var/db/whitelist for writing."); @@ -940,7 +1528,7 @@ function snort_rules_up_install_cron($should_install) { $home_net .= "{$ip} "; /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name("WAN"); + $int = convert_friendly_interface_to_real_interface_name2("WAN"); $gw = get_interface_gateway($int); if($gw) $home_net .= "{$gw} "; @@ -956,13 +1544,14 @@ function snort_rules_up_install_cron($should_install) { $home_net .= "127.0.0.1 "; /* iterate all vips and add to whitelist */ + if($config['virtualip']) foreach($config['virtualip']['vip'] as $vip) if($vip['subnet']) $home_net .= $vip['subnet'] . " "; - if($config['installedpackages']['snortwhitelist']) - foreach($config['installedpackages']['snortwhitelist']['config'] as $snort) + if($config['installedpackages']['snortglobal']['config']) + foreach($config['installedpackages']['snortglobal']['config'] as $snort) if($snort['ip']) $home_net .= $snort['ip'] . " "; @@ -982,11 +1571,19 @@ function snort_rules_up_install_cron($should_install) { fwrite($whitelist, trim($wl) . "\n"); /* should we whitelist vpns? */ - $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns']; + $whitelistvpns = $config['installedpackages']['snortglobal']['whitelistvpns']; /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ if($whitelistvpns) { - $vpns_list = get_vpns_list(); + if ($pfsense_stable == 'yes') // chk what pfsense version were on + { + $vpns_list = get_vpns_list(); + } + if ($pfsense_stable == 'no') // chk what pfsense version were on + { + $vpns_list = filter_get_vpns_list(); + } + $whitelist_vpns = split(" ", $vpns_list); foreach($whitelist_vpns as $wl) if(trim($wl)) @@ -995,34 +1592,9 @@ function snort_rules_up_install_cron($should_install) { /* close file */ fclose($whitelist); - - /* Be sure we're really rw before writing */ - conf_mount_rw(); - /* open snort's threshold.conf for writing */ - $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w"); - if(!$threshlist) { - log_error("Could not open /usr/local/etc/snort/threshold.conf for writing."); - return; - } - - /* list all entries to new lines */ - if($config['installedpackages']['snortthreshold']) - foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist) - if($snortthreshlist['threshrule']) - $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n"; - - - /* foreach through threshlist, writing out to file */ - $threshlist_split = split("\n", $snortthreshlist_r); - foreach($threshlist_split as $wl) - if(trim($wl)) - fwrite($threshlist, trim($wl) . "\n"); - - /* close snort's threshold.conf file */ - fclose($threshlist); - + /* generate rule sections to load */ - $enabled_rulesets = $config['installedpackages']['snort']['rulesets']; + $enabled_rulesets = $config['installedpackages']['snortglobal']['rule'][$id]['rulesets']; if($enabled_rulesets) { $selected_rules_sections = ""; $enabled_rulesets_array = split("\|\|", $enabled_rulesets); @@ -1032,6 +1604,256 @@ function snort_rules_up_install_cron($should_install) { conf_mount_ro(); +///////////////////////////// + +/* preprocessor code */ + +/* def perform_stat */ +$snort_perform_stat = <<<EOD +########################## + # +# NEW # +# Performance Statistics # + # +########################## + +preprocessor perfmonitor: time 300 file /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats pktcnt 10000 + +EOD; + +$def_perform_stat_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['perform_stat']; +if ($def_perform_stat_info_chk == "on") + $def_perform_stat_type = "$snort_perform_stat"; +else + $def_perform_stat_type = ""; + +$def_flow_depth_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; +if ($def_flow_depth_info_chk == '') + $def_flow_depth_type = '0'; +else + $def_flow_depth_type = $config['installedpackages']['snortglobal']['rule'][$id]['flow_depth']; + +/* def http_inspect */ +$snort_http_inspect = <<<EOD +################# + # +# HTTP Inspect # + # +################# + +preprocessor http_inspect: global iis_unicode_map unicode.map 1252 + +preprocessor http_inspect_server: server default \ + ports { 80 8080 } \ + non_strict \ + non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ + flow_depth {$def_flow_depth_type} \ + apache_whitespace no \ + directory no \ + iis_backslash no \ + u_encode yes \ + ascii no \ + chunk_length 500000 \ + bare_byte yes \ + double_decode yes \ + iis_unicode no \ + iis_delimiter no \ + multi_slash no + +EOD; + +$def_http_inspect_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['http_inspect']; +if ($def_http_inspect_info_chk == "on") + $def_http_inspect_type = "$snort_http_inspect"; +else + $def_http_inspect_type = ""; + +/* def other_preprocs */ +$snort_other_preprocs = <<<EOD +################## + # +# Other preprocs # + # +################## + +preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 +preprocessor bo + +EOD; + +$def_other_preprocs_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['other_preprocs']; +if ($def_other_preprocs_info_chk == "on") + $def_other_preprocs_type = "$snort_other_preprocs"; +else + $def_other_preprocs_type = ""; + +/* def ftp_preprocessor */ +$snort_ftp_preprocessor = <<<EOD +##################### + # +# ftp preprocessor # + # +##################### + +preprocessor ftp_telnet: global \ +inspection_type stateless + +preprocessor ftp_telnet_protocol: telnet \ + normalize \ + ayt_attack_thresh 200 + +preprocessor ftp_telnet_protocol: \ + ftp server default \ + def_max_param_len 100 \ + ports { 21 } \ + ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ + ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ + ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ + ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ + ftp_cmds { FEAT CEL CMD MACB } \ + ftp_cmds { MDTM REST SIZE MLST MLSD } \ + ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ + alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ + alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ + alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ + alt_max_param_len 256 { RNTO CWD } \ + alt_max_param_len 400 { PORT } \ + alt_max_param_len 512 { SIZE } \ + chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ + chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ + chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ + chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ + chk_str_fmt { FEAT CEL CMD } \ + chk_str_fmt { MDTM REST SIZE MLST MLSD } \ + chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ + cmd_validity MODE < char ASBCZ > \ + cmd_validity STRU < char FRP > \ + cmd_validity ALLO < int [ char R int ] > \ + cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ + cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ + cmd_validity PORT < host_port > + +preprocessor ftp_telnet_protocol: ftp client default \ + max_resp_len 256 \ + bounce yes \ + telnet_cmds yes + +EOD; + +$def_ftp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['ftp_preprocessor']; +if ($def_ftp_preprocessor_info_chk == "on") + $def_ftp_preprocessor_type = "$snort_ftp_preprocessor"; +else + $def_ftp_preprocessor_type = ""; + +/* def smtp_preprocessor */ +$snort_smtp_preprocessor = <<<EOD +##################### + # +# SMTP preprocessor # + # +##################### + +preprocessor SMTP: \ + ports { 25 465 691 } \ + inspection_type stateful \ + normalize cmds \ + valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \ +CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \ +PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + max_header_line_len 1000 \ + max_response_line_len 512 \ + alt_max_command_line_len 260 { MAIL } \ + alt_max_command_line_len 300 { RCPT } \ + alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ + alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ + alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ + alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ + alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + xlink2state { enable } + +EOD; + +$def_smtp_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['smtp_preprocessor']; +if ($def_smtp_preprocessor_info_chk == "on") + $def_smtp_preprocessor_type = "$snort_smtp_preprocessor"; +else + $def_smtp_preprocessor_type = ""; + +/* def sf_portscan */ +$snort_sf_portscan = <<<EOD +################ + # +# sf Portscan # + # +################ + +preprocessor sfportscan: scan_type { all } \ + proto { all } \ + memcap { 10000000 } \ + sense_level { medium } \ + ignore_scanners { \$HOME_NET } + +EOD; + +$def_sf_portscan_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['sf_portscan']; +if ($def_sf_portscan_info_chk == "on") + $def_sf_portscan_type = "$snort_sf_portscan"; +else + $def_sf_portscan_type = ""; + +/* def dce_rpc_2 */ +$snort_dce_rpc_2 = <<<EOD +############### + # +# NEW # +# DCE/RPC 2 # + # +############### + +preprocessor dcerpc2: memcap 102400, events [smb, co, cl] +preprocessor dcerpc2_server: default, policy WinXP, \ + detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ + autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ + smb_max_chain 3 + +EOD; + +$def_dce_rpc_2_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dce_rpc_2']; +if ($def_dce_rpc_2_info_chk == "on") + $def_dce_rpc_2_type = "$snort_dce_rpc_2"; +else + $def_dce_rpc_2_type = ""; + +/* def dns_preprocessor */ +$snort_dns_preprocessor = <<<EOD +#################### + # +# DNS preprocessor # + # +#################### + +preprocessor dns: \ + ports { 53 } \ + enable_rdata_overflow + +EOD; + +$def_dns_preprocessor_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['dns_preprocessor']; +if ($def_dns_preprocessor_info_chk == "on") + $def_dns_preprocessor_type = "$snort_dns_preprocessor"; +else + $def_dns_preprocessor_type = ""; + +/* def SSL_PORTS IGNORE */ +$def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_ssl_ports_ignore']; +if ($def_ssl_ports_ignore_info_chk == "") + $def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995"; +else + $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; + +////////////////////////////////////////////////////////////////// /* build snort configuration file */ /* TODO; feed back from pfsense users to reduce false positives */ $snort_conf_text = <<<EOD @@ -1043,21 +1865,21 @@ function snort_rules_up_install_cron($should_install) { # for more information # snort.conf # Snort can be found at http://www.snort.org/ - -# Copyright (C) 2006 Robert Zelaya +# +# Copyright (C) 2009 Robert Zelaya # part of pfSense # All rights reserved. - +# # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: - +# # 1. Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. - +# # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. - +# # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -1146,7 +1968,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504] # ##################### -var RULE_PATH /usr/local/etc/snort/rules +var RULE_PATH /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules # var PREPROC_RULE_PATH ./preproc_rules ################################ @@ -1171,8 +1993,7 @@ config disable_decode_drops # ################################### -config detection: search-method {$snort_performance} -config detection: max_queue_events 5 +config detection: search-method {$snort_performance} max_queue_events 5 config event_queue: max_queue 8 log 3 order_events content_length #Configure dynamic loaded libraries @@ -1187,150 +2008,25 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/ ################### preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy windows -preprocessor frag3_engine: policy linux -preprocessor frag3_engine: policy first preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ track_udp yes, track_icmp yes -preprocessor stream5_tcp: bind_to any, policy windows -preprocessor stream5_tcp: bind_to any, policy linux -preprocessor stream5_tcp: bind_to any, policy vista -preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes -preprocessor stream5_udp -preprocessor stream5_icmp - -########################## - # -# NEW # -# Performance Statistics # - # -########################## - -preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 - -################# - # -# HTTP Inspect # - # -################# +preprocessor stream5_udp: +preprocessor stream5_icmp: -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 +{$def_perform_stat_type} -preprocessor http_inspect_server: server default \ - ports { 80 8080 } \ - no_alerts \ - non_strict \ - non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ - flow_depth 0 \ - apache_whitespace yes \ - directory no \ - iis_backslash no \ - u_encode yes \ - ascii yes \ - chunk_length 500000 \ - bare_byte yes \ - double_decode yes \ - iis_unicode yes \ - iis_delimiter yes \ - multi_slash no +{$def_http_inspect_type} -################## - # -# Other preprocs # - # -################## - -preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 -preprocessor bo - -##################### - # -# ftp preprocessor # - # -##################### +{$def_other_preprocs_type} -preprocessor ftp_telnet: global \ -inspection_type stateless +{$def_ftp_preprocessor_type} -preprocessor ftp_telnet_protocol: telnet \ - normalize \ - ayt_attack_thresh 200 +{$def_smtp_preprocessor_type} -preprocessor ftp_telnet_protocol: \ - ftp server default \ - def_max_param_len 100 \ - ports { 21 } \ - ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \ - ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \ - ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ - ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ - ftp_cmds { FEAT CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD } \ - ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ - alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ - alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { SIZE } \ - chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ - chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \ - chk_str_fmt { LIST NLST SITE SYST STAT HELP } \ - chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \ - chk_str_fmt { FEAT CEL CMD } \ - chk_str_fmt { MDTM REST SIZE MLST MLSD } \ - chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity STRU < char FRP > \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity PORT < host_port > - -preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 256 \ - bounce yes \ - telnet_cmds yes - -##################### - # -# SMTP preprocessor # - # -##################### - -preprocessor SMTP: \ - ports { 25 465 691 } \ - inspection_type stateful \ - normalize cmds \ - valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \ -CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \ -PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ - alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ - alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - xlink2state { enable } - -################ - # -# sf Portscan # - # -################ - -preprocessor sfportscan: scan_type { all } \ - proto { all } \ - memcap { 10000000 } \ - sense_level { medium } \ - ignore_scanners { \$HOME_NET } +{$def_sf_portscan_type} ############################ # @@ -1342,28 +2038,9 @@ preprocessor sfportscan: scan_type { all } \ # ############################ -############### - # -# NEW # -# DCE/RPC 2 # - # -############### - -preprocessor dcerpc2: memcap 102400, events [smb, co, cl] -preprocessor dcerpc2_server: default, policy WinXP, \ - detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ - autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ - smb_max_chain 3 - -#################### - # -# DNS preprocessor # - # -#################### +{$def_dce_rpc_2_type} -preprocessor dns: \ - ports { 53 } \ - enable_rdata_overflow +{$def_dns_preprocessor_type} ############################## # @@ -1372,7 +2049,7 @@ preprocessor dns: \ # ############################## -preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted +preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted ##################### # @@ -1393,9 +2070,9 @@ $spoink_type # ################# -include /usr/local/etc/snort/reference.config -include /usr/local/etc/snort/classification.config -include /usr/local/etc/snort/threshold.conf +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config +include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf # Snort user pass through configuration {$snort_config_pass_thru} @@ -1409,17 +2086,19 @@ include /usr/local/etc/snort/threshold.conf {$selected_rules_sections} EOD; - conf_mount_ro(); + return $snort_conf_text; } /* check downloaded text from snort.org to make sure that an error did not occur * for example, if you are not a premium subscriber you can only download rules - * so often, etc. + * so often, etc. TO BE: Removed unneeded. */ + function check_for_common_errors($filename) { global $snort_filename, $snort_filename_md5, $console_mode; - ob_flush(); + +// ob_flush(); $contents = file_get_contents($filename); if(stristr($contents, "You don't have permission")) { if(!$console_mode) { @@ -1427,7 +2106,6 @@ function check_for_common_errors($filename) { hide_progress_bar_status(); } else { log_error("An error occured. Scroll down to inspect it's contents."); - echo "An error occured. Scroll down to inspect it's contents."; } if(!$console_mode) { update_output_window(strip_tags("$contents")); @@ -1470,14 +2148,12 @@ function verify_downloaded_file($filename) { } exit; } - update_all_status("Verifyied {$filename}."); + update_all_status("Verified {$filename}."); } /* extract rules */ function extract_snort_rules_md5($tmpfname) { global $snort_filename, $snort_filename_md5, $console_mode; - ini_set("memory_limit","64M"); - conf_mount_rw(); ob_flush(); if(!$console_mode) { $static_output = gettext("Extracting snort rules..."); @@ -1500,7 +2176,6 @@ function extract_snort_rules_md5($tmpfname) { log_error("Snort rules extracted."); echo "Snort rules extracted."; } - conf_mount_ro(); } /* verify MD5 against downloaded item */ @@ -1513,7 +2188,7 @@ function verify_snort_rules_md5($tmpfname) { } $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); - $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; + $md5 = `echo "{$md555}" | /usr/bin/awk '{ print $4 }'`; $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; if($md5 == $file_md5_ondisk) { if(!$console_mode) { @@ -1569,7 +2244,7 @@ function get_snort_alert($ip) { if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) $alert_title = $matches[2]; if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) - $alert_ip = $matches[0]; + $alert_ip = $matches[$id]; if($alert_ip == $ip) { if(!$snort_config[$ip]) $snort_config[$ip] = $alert_title; @@ -1582,7 +2257,7 @@ function get_snort_alert($ip) { function make_clickable($buffer) { global $config, $g; /* if clickable urls is disabled, simply return buffer back to caller */ - $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; + $clickablalerteurls = $config['installedpackages']['snort']['config'][$id]['oinkmastercode']; if(!$clickablalerteurls) return $buffer; $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); diff --git a/config/snort/snort.sh b/config/snort/snort.sh new file mode 100644 index 00000000..5b725cfe --- /dev/null +++ b/config/snort/snort.sh @@ -0,0 +1,99 @@ +#!/bin/sh +# $FreeBSD: ports/security/snort/files/snort.sh.in,v 1.4 2009/10/29 01:27:53 clsung Exp $ + +# PROVIDE: snort +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr +. /var/etc/rc.snort + +name="snort" +rcvar=`set_rcvar` +start_cmd="snort_start" +stop_cmd="snort_stop" + +snort_bin="/usr/local/bin/snort" +barnyard_bin="/usr/local/bin/barnyard2" + +[ -z "$snort_enable" ] && snort_enable="YES" +[ -z "$snort_flags" ] && snort_flags="-u snort -g snort -D -q -l /var/log/snort" +[ -z "$barnyard_flags" ] && barnyard_flags="-u snort -g snort -d /var/log/snort" + +snort_start() +{ + echo -n 'Starting snort:' + for _s in ${snort_list} + do + echo -n " ${_s}" + + eval _conf=\"\$snort_${_s}_conf\" + eval _name=\"\$snort_${_s}_name\" + eval _id=\"\$snort_${_s}_id\" + eval _iface=\"\$snort_${_s}_interface\" + eval _enable=\"\$snort_${_s}_enable\" + eval _barnyard=\"\$snort_${_s}_barnyard\" + _confdir=${_conf%/*} + + _enable="${_enable:-YES}" + if ! checkyesno _enable; then + continue; + fi + + if [ -f /var/run/snort_${_iface}${_name}.pid ]; then + if pgrep -F /var/run/snort_${_iface}${_name}.pid snort; then + echo -n " [snort ${_s} already running]" + continue; + fi + fi + ${snort_bin} ${snort_flags} -G ${_id} -R ${_name} -c ${_conf} -i ${_iface} + + _barnyard="${_barnyard:-NO}" + if checkyesno _barnyard; then + ${barnyard_bin} ${snort_flags} -R ${_name} -c ${_confdir}/barnyard2.conf \ + -f snort.u2_${_name} -w ${_confdir}/barnyard2.waldo + fi + done + echo +} + +snort_stop() +{ + echo -n 'Stopping snort:' + _pidlist='' + for _s in ${snort_list} + do + echo -n " ${_s}" + + eval _conf=\"\$snort_${_s}_conf\" + eval _name=\"\$snort_${_s}_name\" + eval _iface=\"\$snort_${_s}_interface\" + + if [ -f /var/run/snort_${_iface}${_name}.pid ]; then + _pid=$(pgrep -F /var/run/snort_${_iface}${_name}.pid snort) + if [ -n "${_pid}" ]; then + kill ${_pid} + _pidlist="${_pidlist} ${_pid}" + fi + fi + if [ -f /var/run/barnyard_${_iface}${_name}.pid ]; then + _pid=$(pgrep -F /var/run/barnyard_${_iface}${_name}.pid barnyard2) + if [ -n "${_pid}" ]; then + kill ${_pid} + _pidlist="${_pidlist} ${_pid}" + fi + fi + done + echo + wait_for_pids ${_pidlist} +} + +cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +if [ -n "$*" ]; then + snort_list="$*" +fi +run_rc_command "${cmd}" diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 763f65eb..502438c2 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,73 +46,32 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.8.4.1_5</version> - <title>Services: Snort 2.8.4.1_5 pkg v. 1.6</title> - <include_file>/usr/local/pkg/snort.inc</include_file> + <version>2.8.5.3</version> + <title>Services: Snort 2.8.5.2 pkg v. 1.19</title> + <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> <tooltiptext>Setup snort specific settings</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> + <url>/snort/snort_interfaces.php</url> </menu> <service> <name>snort</name> - <rcfile>snort.sh</rcfile> + <rcfile></rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide..</description> + <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> </service> <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> </tabs> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/bin/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/barnyard2</item> + <item>http://www.pfsense.com/packages/config/snort/snort_fbegin.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/bin/</prefix> @@ -123,256 +82,118 @@ <prefix>/usr/local/bin/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> + </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> + <prefix>/usr/local/bin/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> + <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item> + <item>http://www.pfsense.com/packages/config/snort/snort_gui.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> + <prefix>/usr/local/pkg/pf/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item> + <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> + <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item> + <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> + <item>http://www.pfsense.com/packages/config/snort/snort_help_info.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> + <item>http://www.pfsense.com/packages/config/snort/help_and_info.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_advanced.xml</item> + <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.xml</item> + <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_threshold.xml</item> + <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/pfsense_rules/local.rules</item> + <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/etc/rc.d/</prefix> + <chmod>755</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort.sh</item> </additional_files_needed> <fields> - <field> - <fielddescr>Interface</fielddescr> - <fieldname>iface_array</fieldname> - <description>Select the interface(s) Snort will listen on.</description> - <type>interfaces_selection</type> - <size>3</size> - <value>lan</value> - <multiple>true</multiple> - </field> - <field> - <fielddescr>Memory Performance</fielddescr> - <fieldname>performance</fieldname> - <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</description> - <type>select</type> - <options> - <option> - <name>ac-bnfa</name> - <value>ac-bnfa</value> - </option> - <option> - <name>lowmem</name> - <value>lowmem</value> - </option> - <option> - <name>ac-std</name> - <value>ac-std</value> - </option> - <option> - <name>ac</name> - <value>ac</value> - </option> - <option> - <name>ac-banded</name> - <value>ac-banded</value> - </option> - <option> - <name>ac-sparsebands</name> - <value>ac-sparsebands</value> - </option> - <option> - <name>acs</name> - <value>acs</value> - </option> - </options> - </field> - <field> - <fielddescr>Oinkmaster code</fielddescr> - <fieldname>oinkmastercode</fieldname> - <description>Obtain a snort.org Oinkmaster code and paste here.</description> - <type>input</type> - <size>60</size> - <value></value> - </field> - <field> - <fielddescr>Snort.org subscriber</fielddescr> - <fieldname>subscriber</fieldname> - <description>Check this box if you are a Snort.org subscriber (premium rules).</description> - <type>checkbox</type> - <size>60</size> - </field> - <field> - <fielddescr>Block offenders</fielddescr> - <fieldname>blockoffenders7</fieldname> - <description>Checking this option will automatically block hosts that generate a snort alert.</description> - <type>checkbox</type> - <size>60</size> - </field> - <field> - <fielddescr>Remove blocked hosts every</fielddescr> - <fieldname>rm_blocked</fieldname> - <description>Please select the amount of time hosts are blocked</description> - <type>select</type> - <options> - <option> - <name>never</name> - <value>never_b</value> - </option> - <option> - <name>1 hour</name> - <value>1h_b</value> - </option> - <option> - <name>3 hours</name> - <value>3h_b</value> - </option> - <option> - <name>6 hours</name> - <value>6h_b</value> - </option> - <option> - <name>12 hours</name> - <value>12h_b</value> - </option> - <option> - <name>1 day</name> - <value>1d_b</value> - </option> - <option> - <name>4 days</name> - <value>4d_b</value> - </option> - <option> - <name>7 days</name> - <value>7d_b</value> - </option> - <option> - <name>28 days</name> - <value>28d_b</value> - </option> - </options> - </field> - <field> - </field> - <field> - <fielddescr>Update rules automatically</fielddescr> - <fieldname>autorulesupdate7</fieldname> - <description>Please select the update times for rules.</description> - <type>select</type> - <options> - <option> - <name>never</name> - <value>never_up</value> - </option> - <option> - <name>6 hours</name> - <value>6h_up</value> - </option> - <option> - <name>12 hours</name> - <value>12h_up</value> - </option> - <option> - <name>1 day</name> - <value>1d_up</value> - </option> - <option> - <name>4 days</name> - <value>4d_up</value> - </option> - <option> - <name>7 days</name> - <value>7d_up</value> - </option> - <option> - <name>28 days</name> - <value>28d_up</value> - </option> - </options> - </field> - <field> - <fielddescr>Whitelist VPNs automatically</fielddescr> - <fieldname>whitelistvpns</fieldname> - <description>Checking this option will install whitelists for all VPNs.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Convert Snort alerts urls to clickable links</fielddescr> - <fieldname>clickablalerteurls</fieldname> - <description>Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Associate events on Blocked tab</fielddescr> - <fieldname>associatealertip</fieldname> - <description>Checking this option will automatically associate the blocked reason from the snort alerts file.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Install emergingthreats rules.</fielddescr> - <fieldname>emergingthreats</fieldname> - <description>Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_resync_config_command> - sync_package_snort(); - </custom_php_resync_config_command> + </fields> <custom_add_php_command> </custom_add_php_command> - <custom_php_install_command> - sync_package_snort_reinstall(); - </custom_php_install_command> + <custom_php_resync_config_command> + sync_snort_package(); + </custom_php_resync_config_command> + <custom_php_install_command> + snort_postinstall(); + </custom_php_install_command> <custom_php_deinstall_command> snort_deinstall(); </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/snort/snort_advanced.xml b/config/snort/snort_advanced.xml deleted file mode 100644 index 1fdddda2..00000000 --- a/config/snort/snort_advanced.xml +++ /dev/null @@ -1,196 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>SnortAdvanced</name> - <version>none</version> - <title>Services: Snort Advanced</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - <active/> - </tab> - </tabs> - <fields> - <field> - <fielddescr>BPF Buffer size</fielddescr> - <fieldname>bpfbufsize</fieldname> - <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does. Default is 1024.</description> - <type>input</type> - </field> - <field> - <fielddescr>Maximum BPF buffer size</fielddescr> - <fieldname>bpfmaxbufsize</fieldname> - <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does. Default is 524288. This value should never be set above hardware cache size. The best (optimal size) is 50% - 80% of the hardware cache size.</description> - <type>input</type> - </field> - <field> - <fielddescr>Maximum BPF inserts</fielddescr> - <fieldname>bpfmaxinsns</fieldname> - <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does. Default is 512.</description> - <type>input</type> - </field> - <field> - <fielddescr>Advanced configuration pass through</fielddescr> - <fieldname>configpassthru</fieldname> - <description>Add items to here will be automatically inserted into the running snort configuration</description> - <type>textarea</type> - <cols>40</cols> - <rows>5</rows> - </field> - <field> - <fielddescr>Snort signature info files.</fielddescr> - <fieldname>signatureinfo</fieldname> - <description>Snort signature info files will be installed during updates. At leats 500 mb of memory is needed.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Alerts Tab logging type.</fielddescr> - <fieldname>snortalertlogtype</fieldname> - <description>Please choose the type of Alert logging you will like see in the Alerts Tab. The options are Full descriptions or Fast short descriptions</description> - <type>select</type> - <options> - <option> - <name>fast</name> - <value>fast</value> - </option> - <option> - <name>full</name> - <value>full</value> - </option> - </options> - </field> - <field> - <fielddescr>Send alerts to main System logs.</fielddescr> - <fieldname>alertsystemlog</fieldname> - <description>Snort will send Alerts to the Pfsense system logs.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Log to a Tcpdump file.</fielddescr> - <fieldname>tcpdumplog</fieldname> - <description>Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable Barnyard2.</fielddescr> - <fieldname>snortbarnyardlog</fieldname> - <description>This will enable barnyard2 in the snort package. You will also have to set the database credentials.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Barnyard2 Log Mysql Database.</fielddescr> - <fieldname>snortbarnyardlog_database</fieldname> - <description>Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Barnyard2 Configure Hostname ID.</fielddescr> - <fieldname>snortbarnyardlog_hostname</fieldname> - <description>Example: pfsense.local</description> - <type>input</type> - <size>25</size> - <value></value> - </field> - <field> - <fielddescr>Barnyard2 Configure Interface ID</fielddescr> - <fieldname>snortbarnyardlog_interface</fieldname> - <description>Example: vr0</description> - <type>input</type> - <size>25</size> - <value></value> - </field> - <field> - <fielddescr>Log Alerts to a snort unified2 file.</fielddescr> - <fieldname>snortunifiedlog</fieldname> - <description>Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_deinstall_command> - snort_advanced(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index e67b9b5f..4f0ddb03 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -6,7 +6,11 @@ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2006 Scott Ullrich All rights reserved. + + Modified for the Pfsense snort package v. 1.8+ + Copyright (C) 2009 Robert Zelaya Sr. Developer Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -30,95 +34,597 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("globals.inc"); -require("guiconfig.inc"); -require("/usr/local/pkg/snort.inc"); +require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); -$snort_logfile = "{$g['varlog_path']}/snort/alert"; +$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; +$snort_logfile = '/var/log/snort/alert'; -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; +$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; +$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; + +if ($pconfig['alertnumber'] == '' || $pconfig['alertnumber'] == '0') +{ + $anentries = '250'; +}else{ + $anentries = $pconfig['alertnumber']; +} + +if ($_POST['save']) +{ + + //unset($input_errors); + //$pconfig = $_POST; + + /* input validation */ + if ($_POST['save']) + { + + // if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { + // $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; + // } + + } + + /* no errors */ + if (!$input_errors) + { + + $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? on : off; + $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; + + conf_mount_rw(); + write_config(); + //conf_mount_ro(); + sleep(2); + + header("Location: /snort/snort_alerts.php"); + + } + +} + + +if ($_POST['delete']) +{ -if ($_POST['clear']) { exec("killall syslogd"); conf_mount_rw(); - exec("rm {$snort_logfile}; touch {$snort_logfile}"); + if(file_exists("/var/log/snort/alert")) + { + exec('/bin/rm /var/log/snort/*'); + exec('/usr/bin/touch /var/log/snort/alert'); + } conf_mount_ro(); system_syslogd_start(); - exec("/usr/bin/killall -HUP snort"); - exec("/usr/bin/killall snort2c"); - if ($config['installedpackages']['snort']['config'][0]['blockoffenders'] == 'on') - exec("/usr/local/bin/snort2c -w /var/db/whitelist -a /var/log/snort/alert"); + //exec("/usr/bin/killall -HUP snort"); + +} + +if ($_POST['download']) +{ + + ob_start(); //importanr or other post will fail + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "snort_logs_{$save_date}.tar.gz"; + exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort"); + + if(file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) + { + $file = "/tmp/snort_logs_{$save_date}.tar.gz"; + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); + header("Pragma: private"); // needed for IE + header("Cache-Control: private, must-revalidate"); // needed for IE + header('Content-type: application/force-download'); + header('Content-Transfer-Encoding: Binary'); + header("Content-length: ".filesize($file)); + header("Content-disposition: attachment; filename = {$file_name}"); + readfile("$file"); + exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz"); + od_end_clean(); //importanr or other post will fail + }else{ + echo 'Error no saved file.'; + } + +} + + +/* WARNING: took me forever to figure reg expression, dont lose */ +// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50'; + +function get_snort_alert_date($fileline) +{ + /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ + if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) + { + $alert_date = "$matches1[0]"; + } + +return $alert_date; + +} + +function get_snort_alert_disc($fileline) +{ + /* disc */ + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + { + $alert_disc = "$matches[2]"; + } + +return $alert_disc; + +} + +function get_snort_alert_class($fileline) +{ + /* class */ + if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) + { + $alert_class = "$matches2[0]"; + } + +return $alert_class; + +} + +function get_snort_alert_priority($fileline) +{ + /* Priority */ + if (preg_match('/Priority:\s\d/', $fileline, $matches3)) + { + $alert_priority = "$matches3[0]"; + } + +return $alert_priority; + +} + +function get_snort_alert_proto($fileline) +{ + /* Priority */ + if (preg_match('/\{.+\}/', $fileline, $matches3)) + { + $alert_proto = "$matches3[0]"; + } + +return $alert_proto; + +} + +function get_snort_alert_proto_full($fileline) +{ + /* Protocal full */ + if (preg_match('/.+\sTTL/', $fileline, $matches2)) + { + $alert_proto_full = "$matches2[0]"; + } + +return $alert_proto_full; + +} + +function get_snort_alert_ip_src($fileline) +{ + /* SRC IP */ + $re1='.*?'; # Non-greedy match on filler + $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) + { + $alert_ip_src = $matches4[1][0]; + } + +return $alert_ip_src; + +} + +function get_snort_alert_src_p($fileline) +{ + /* source port */ + if (preg_match('/:\d+\s-/', $fileline, $matches5)) + { + $alert_src_p = "$matches5[0]"; + } + +return $alert_src_p; + +} + +function get_snort_alert_flow($fileline) +{ + /* source port */ + if (preg_match('/(->|<-)/', $fileline, $matches5)) + { + $alert_flow = "$matches5[0]"; + } + +return $alert_flow; + +} + +function get_snort_alert_ip_dst($fileline) +{ + /* DST IP */ + $re1dp='.*?'; # Non-greedy match on filler + $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress + $re3dp='.*?'; # Non-greedy match on filler + $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) + { + $alert_ip_dst = $matches6[1][0]; + } + +return $alert_ip_dst; + } + +function get_snort_alert_dst_p($fileline) +{ + /* dst port */ + if (preg_match('/:\d+$/', $fileline, $matches7)) + { + $alert_dst_p = "$matches7[0]"; + } + +return $alert_dst_p; + +} + +function get_snort_alert_dst_p_full($fileline) +{ + /* dst port full */ + if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) + { + $alert_dst_p = "$matches7[0]"; + } + +return $alert_dst_p; + +} + +function get_snort_alert_sid($fileline) +{ + /* SID */ + if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) + { + $alert_sid = "$matches8[0]"; + } + +return $alert_sid; + +} + +// $pgtitle = "Services: Snort: Snort Alerts"; include("head.inc"); ?> +<link rel="stylesheet" href="/snort/css/style.css" type="text/css" media="all"> +<script type="text/javascript" src="/snort/javascript/mootools.js"></script> +<script type="text/javascript" src="/snort/javascript/sortableTable.js"></script> + <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; +<?php + +include("./snort_fbegin.inc"); + +echo "<p class=\"pgtitle\">"; +if($pfsense_stable == 'yes'){echo $pgtitle;} +echo "</p>\n"; + +/* refresh every 60 secs */ +if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') +{ + echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n"; +} ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), true, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", true, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> - </td></tr> - <tr> - <td> +</td> +</tr> + <tr> + <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <table class="tabcont" width="100%" border="1" cellspacing="0" cellpadding="0"> <tr> - <td colspan="2" class="listtopic"> - Last <?=$nentries;?> Snort Alert entries</td> + <td width="22%" colspan="0" class="listtopic"> + Last <?=$anentries;?> Alert Entries. + </td> + <td width="78%" class="listtopic"> + Latest Alert Entries Are Listed First. + </td> </tr> - <?php dump_log_file($snort_logfile, $nentries); ?> - <tr><td><br><form action="snort_alerts.php" method="post"> - <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr> + <tr> + <td width="22%" class="vncell">Save or Remove Logs</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_alerts.php" method="post"> + <input name="download" type="submit" class="formbtn" value="Download"> + All log files will be saved. + <input name="delete" type="submit" class="formbtn" value="Clear"> + <span class="red"><strong>Warning:</strong></span> all log files will be deleted. + </form> + </td> + </tr> + <tr> + <td width="22%" class="vncell">Auto Refresh and Log View</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_alerts.php" method="post"> + <input name="save" type="submit" class="formbtn" value="Save"> + Refresh + <input name="arefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>> + <strong>Default</strong> is <strong>ON</strong>. + <input name="alertnumber" type="text" class="formfld" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"> + Enter the number of log entries to view. <strong>Default</strong> is <strong>250</strong>. + </form> + </td> + </tr> </table> </div> - </form> </td> </tr> </table> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <td width="100%"> + <br> + <div class="tableFilter"> + <form id="tableFilter" onsubmit="myTable.filter(this.id); return false;">Filter: + <select id="column"> + <option value="1">PRIORITY</option> + <option value="2">PROTO</option> + <option value="3">DESCRIPTION</option> + <option value="4">CLASS</option> + <option value="5">SRC</option> + <option value="6">SRC PORT</option> + <option value="7">FLOW</option> + <option value="8">DST</option> + <option value="9">DST PORT</option> + <option value="10">SID</option> + <option value="11">Date</option> + </select> + <input type="text" id="keyword" /> + <input type="submit" value="Submit" /> + <input type="reset" value="Clear" /> + </form> + </div> +<table class="allRow" id="myTable" width="100%" border="2" cellpadding="1" cellspacing="1"> + <thead> + <th axis="number">#</th> + <th axis="string">PRI</th> + <th axis="string">PROTO</th> + <th axis="string">DESCRIPTION</th> + <th axis="string">CLASS</th> + <th axis="string">SRC</th> + <th axis="string">SPORT</th> + <th axis="string">FLOW</th> + <th axis="string">DST</th> + <th axis="string">DPORT</th> + <th axis="string">SID</th> + <th axis="date">Date</th> + </thead> + <tbody> +<?php + + /* make sure alert file exists */ + if(!file_exists('/var/log/snort/alert')) + { + conf_mount_rw(); + exec('/usr/bin/touch /var/log/snort/alert'); + conf_mount_ro(); + } + + $logent = $anentries; + + /* detect the alert file type */ + if ($snortalertlogt == 'full') + { + $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); + }else{ + $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert')))); + } + + + +if (is_array($alerts_array)) +{ + + $counter = 0; + foreach($alerts_array as $fileline) + { + + if($logent <= $counter) + continue; + + $counter++; + + /* Date */ + $alert_date_str = get_snort_alert_date($fileline); + + if($alert_date_str != '') + { + $alert_date = $alert_date_str; + }else{ + $alert_date = 'empty'; + } + + /* Discription */ + $alert_disc_str = get_snort_alert_disc($fileline); + + if($alert_disc_str != '') + { + $alert_disc = $alert_disc_str; + }else{ + $alert_disc = 'empty'; + } + + /* Classification */ + $alert_class_str = get_snort_alert_class($fileline); + + if($alert_class_str != '') + { + + $alert_class_match = array('[Classification:',']'); + $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); + }else{ + $alert_class = 'Prep'; + } + + /* Priority */ + $alert_priority_str = get_snort_alert_priority($fileline); + + if($alert_priority_str != '') + { + $alert_priority_match = array('Priority: ',']'); + $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); + }else{ + $alert_priority = 'empty'; + } + + /* Protocol */ + /* Detect alert file type */ + if ($snortalertlogt == 'full') + { + $alert_proto_str = get_snort_alert_proto_full($fileline); + }else{ + $alert_proto_str = get_snort_alert_proto($fileline); + } + + if($alert_proto_str != '') + { + $alert_proto_match = array(" TTL",'{','}'); + $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); + }else{ + $alert_proto = 'empty'; + } + + /* IP SRC */ + $alert_ip_src_str = get_snort_alert_ip_src($fileline); + + if($alert_ip_src_str != '') + { + $alert_ip_src = $alert_ip_src_str; + }else{ + $alert_ip_src = 'empty'; + } + + /* IP SRC Port */ + $alert_src_p_str = get_snort_alert_src_p($fileline); + + if($alert_src_p_str != '') + { + $alert_src_p_match = array(' -',':'); + $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); + }else{ + $alert_src_p = 'empty'; + } + + /* Flow */ + $alert_flow_str = get_snort_alert_flow($fileline); + + if($alert_flow_str != '') + { + $alert_flow = $alert_flow_str; + }else{ + $alert_flow = 'empty'; + } + + /* IP Destination */ + $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); + + if($alert_ip_dst_str != '') + { + $alert_ip_dst = $alert_ip_dst_str; + }else{ + $alert_ip_dst = 'empty'; + } + + /* IP DST Port */ + if ($snortalertlogt == 'full') + { + $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); + }else{ + $alert_dst_p_str = get_snort_alert_dst_p($fileline); + } + + if($alert_dst_p_str != '') + { + $alert_dst_p_match = array(':',"\n"," TTL"); + $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); + $alert_dst_p_match2 = array('/[A-Z]/'); + $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); + }else{ + $alert_dst_p = 'empty'; + } + + /* SID */ + $alert_sid_str = get_snort_alert_sid($fileline); + + if($alert_sid_str != '') + { + $alert_sid_match = array('[',']'); + $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); + }else{ + $alert_sid_str = 'empty'; + } + + /* NOTE: using one echo improves performance by 2x */ + if ($alert_disc != 'empty') + { + echo "<tr id=\"{$counter}\"> + <td class=\"centerAlign\">{$counter}</td> + <td class=\"centerAlign\">{$alert_priority}</td> + <td class=\"centerAlign\">{$alert_proto}</td> + <td>{$alert_disc}</td> + <td class=\"centerAlign\">{$alert_class}</td> + <td>{$alert_ip_src}</td> + <td class=\"centerAlign\">{$alert_src_p}</td> + <td class=\"centerAlign\">{$alert_flow}</td> + <td>{$alert_ip_dst}</td> + <td class=\"centerAlign\">{$alert_dst_p}</td> + <td class=\"centerAlign\">{$alert_sid}</td> + <td>{$alert_date}</td> + </tr>\n"; + } + +// <script type="text/javascript"> +// var myTable = {}; +// window.addEvent('domready', function(){ +// myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}}); +// }); +// </script> + + } +} + +?> + </tbody> + </table> + </td> +</table> + <?php include("fend.inc"); ?> -<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>"> -</body> -</html> -<!-- <?php echo $snort_logfile; ?> --> -<?php + <script type="text/javascript"> + var myTable = {}; + window.addEvent('domready', function(){ + myTable = new sortableTable('myTable', {overCls: 'over'}); + }); + </script> -function dump_log_file($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert = "") { - global $g, $config; - $logarr = ""; - exec("cat {$logfile} | /usr/bin/tail -n {$tail}", $logarr); - foreach ($logarr as $logent) { - if(!logent) - continue; - $ww_logent = $logent; - $ww_logent = str_replace("[", " [ ", $ww_logent); - $ww_logent = str_replace("]", " ] ", $ww_logent); - echo "<tr valign=\"top\">\n"; - echo "<td colspan=\"2\" class=\"listr\">" . make_clickable($ww_logent) . " </td>\n"; - echo "</tr>\n"; - } -} - -?>
\ No newline at end of file +</body> +</html> diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php new file mode 100644 index 00000000..7a587330 --- /dev/null +++ b/config/snort/snort_barnyard.php @@ -0,0 +1,441 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +if (isset($id) && $a_nat[$id]) { + + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['uuid'] = $a_nat[$id]['uuid']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; +} else { + $pconfig['interface'] = "wan"; +} + +if (isset($_GET['dup'])) + unset($id); + +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); +$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + + if ($_POST["Submit"]) { + + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + } + +/* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + /* post new options */ + $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; + $natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql']; + if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; } + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + /* after click go to this page */ + touch($d_snortconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: snort_barnyard.php?id=$id"); + exit; + } +} + +$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("./snort_fbegin.inc"); +?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<script language="JavaScript"> +<!-- + +function enable_change(enable_change) { + endis = !(document.iform.barnyard_enable.checked || enable_change); + // make shure a default answer is called if this is envoked. + endis2 = (document.iform.barnyard_enable); + +<?php +/* make shure all the settings exist or function hide will not work */ +/* if $id is emty allow if and discr to be open */ +if($id != "") +{ +echo " + document.iform.interface.disabled = endis2;\n"; +} +?> + document.iform.barnyard_mysql.disabled = endis; +} +//--> +</script> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if($id != "") +{ + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", true, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + +} +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " + <style type=\"text/css\"> + .noid { + position:absolute; + top:10px; + left:0px; + width:94%; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; + } + </style> + <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; + + } + ?> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['barnyard_enable'] == "on") + $checked = checked; + if($id != "") + { + $onclick_enable = "onClick=\"enable_change(false)\">"; + } + echo " + <input name=\"barnyard_enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable + <strong>Enable Barnyard2 on this Interface</strong><br> + This will enable barnyard2 for this interface. You will also have to set the database credentials.</td>\n\n"; + ?> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log to a Mysql Database</td> + <td width="78%" class="vtable"> + <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="40" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> + <br> <span class="vexpl">Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"><input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings befor you click start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index ff158853..293679d9 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -5,6 +5,9 @@ Copyright (C) 2006 Scott Ullrich All rights reserved. + Modified for the Pfsense snort package v. 1.8+ + Copyright (C) 2009 Robert Zelaya Sr. Developer + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -27,8 +30,19 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("guiconfig.inc"); -require("/usr/local/pkg/snort.inc"); +require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +$pconfig['brefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']; +$pconfig['blertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber']; + +if ($pconfig['blertnumber'] == '' || $pconfig['blertnumber'] == '0') +{ + $bnentries = '500'; +}else{ + $bnentries = $pconfig['blertnumber']; +} if($_POST['todelete'] or $_GET['todelete']) { if($_POST['todelete']) @@ -38,100 +52,147 @@ if($_POST['todelete'] or $_GET['todelete']) { exec("/sbin/pfctl -t snort2c -T delete {$ip}"); } -$pgtitle = "Snort: Snort Blocked"; -include("head.inc"); +if ($_POST['remove']) { -?> +exec("/sbin/pfctl -t snort2c -T flush"); +sleep(1); +header("Location: /snort/snort_blocked.php"); -<body link="#000000" vlink="#000000" alink="#000000"> -<?php include("fbegin.inc"); ?> +} -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> +/* TODO: build a file with block ip and disc */ +if ($_POST['download']) +{ -<form action="snort_rulesets.php" method="post" name="iform" id="iform"> -<script src="/row_toggle.js" type="text/javascript"></script> -<script src="/javascript/sorttable.js" type="text/javascript"></script> -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="5%" class="listhdrr">Remove</td> - <td class="listhdrr">IP</td> - <td class="listhdrr">Alert Description</td> - </tr> -<?php + ob_start(); //important or other posts will fail + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "snort_blocked_{$save_date}.tar.gz"; + exec('/bin/mkdir /tmp/snort_blocked'); + exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); + + $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); + + if ($blocked_ips_array_save[0] != '') + { - $associatealertip = $config['installedpackages']['snort']['config'][0]['associatealertip']; - $ips = `/sbin/pfctl -t snort2c -T show`; - $ips_array = split("\n", $ips); - $counter = 0; - foreach($ips_array as $ip) { - if(!$ip) - continue; - $ww_ip = str_replace(" ", "", $ip); - $counter++; - if($associatealertip) - $alert_description = get_snort_alert($ww_ip); - else - $alert_description = ""; - echo "\n<tr>"; - echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>"; - echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>"; - echo "\n<td> {$ww_ip}</td>"; - echo "\n<td> {$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>"; - echo "\n</tr>"; + /* build the list */ + $counter = 0; + foreach($blocked_ips_array_save as $fileline3) + { + + $counter++; + + exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); + + } } - echo "\n<tr><td colspan='3'> </td></tr>"; - if($counter < 1) - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>"; - else - echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>"; -?> + exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> -</table> + if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) + { + $file = "/tmp/snort_blocked_{$save_date}.tar.gz"; + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); + header("Pragma: private"); // needed for IE + header("Cache-Control: private, must-revalidate"); // needed for IE + header('Content-type: application/force-download'); + header('Content-Transfer-Encoding: Binary'); + header("Content-length: ".filesize($file)); + header("Content-disposition: attachment; filename = {$file_name}"); + readfile("$file"); + exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz"); + exec("/bin/rm /tmp/snort_block.pf"); + exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); + od_end_clean(); //importanr or other post will fail + }else{ + echo 'Error no saved file.'; + } -</form> +} -<p> +if ($_POST['save']) +{ -<?php + /* input validation */ + if ($_POST['save']) + { + + + } + + /* no errors */ + if (!$input_errors) + { + + $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off; + $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; + + conf_mount_rw(); + write_config(); + //conf_mount_ro(); + sleep(2); + + header("Location: /snort/snort_blocked.php"); + + } + +} + +/* build filter funcs */ +function get_snort_alert_ip_src($fileline) +{ + /* SRC IP */ + $re1='.*?'; # Non-greedy match on filler + $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) + { + $alert_ip_src = $matches4[1][0]; + } + +return $alert_ip_src; + +} -$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked']; +function get_snort_alert_disc($fileline) +{ + /* disc */ + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + { + $alert_disc = "$matches[2]"; + } + +return $alert_disc; + +} + +/* build sec filters */ +function get_snort_block_ip($fileline) +{ + /* ip */ + if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) + { + $alert_block_ip = "$matches[0]"; + } + +return $alert_block_ip; + +} + +function get_snort_block_disc($fileline) +{ + /* disc */ + if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) + { + $alert_block_disc = "$matches[0]"; + } + +return $alert_block_disc; + +} + +/* tell the user what settings they have */ +$blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; if ($blockedtab_msg_chk == "1h_b") { $blocked_msg = "hour"; } @@ -157,18 +218,228 @@ $blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blo $blocked_msg = "28 days"; } -echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg."; +if ($blockedtab_msg_chk != "never_b") +{ +$blocked_msg_txt = "Hosts are removed every <strong>$blocked_msg</strong>."; +}else{ +$blocked_msg_txt = "Settings are set to never <strong>remove</strong> hosts."; +} + +$pgtitle = "Services: Snort Blocked Hosts"; +include("head.inc"); ?> -<?php include("fend.inc"); ?> +<body link="#000000" vlink="#000000" alink="#000000"> +<?php -</body> -</html> +include("./snort_fbegin.inc"); + +echo "<p class=\"pgtitle\">"; +if($pfsense_stable == 'yes'){echo $pgtitle;} +echo "</p>\n"; + +/* refresh every 60 secs */ +if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '') +{ + echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n"; +} +?> + +<script src="/row_toggle.js" type="text/javascript"></script> +<script src="/javascript/sorttable.js" type="text/javascript"></script> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", true, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="22%" colspan="0" class="listtopic"> + Last <?=$bnentries;?> Blocked. + </td> + <td width="78%" class="listtopic"> + This page lists hosts that have been blocked by Snort. <?=$blocked_msg_txt;?> + </td> + </tr> + <tr> + <td width="22%" class="vncell">Save or Remove Hosts</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_blocked.php" method="post"> + <input name="download" type="submit" class="formbtn" value="Download"> + All blocked hosts will be saved. + <input name="remove" type="submit" class="formbtn" value="Clear"> + <span class="red"><strong>Warning:</strong></span> all hosts will be removed. + </form> + </td> + </tr> + <tr> + <td width="22%" class="vncell">Auto Refresh and Log View</td> + <td width="78%" class="vtable"> + <form action="/snort/snort_blocked.php" method="post"> + <input name="save" type="submit" class="formbtn" value="Save"> + Refresh + <input name="brefresh" type="checkbox" value="on" <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>> + <strong>Default</strong> is <strong>ON</strong>. + <input name="blertnumber" type="text" class="formfld" id="blertnumber" size="5" value="<?=htmlspecialchars($bnentries);?>"> + Enter the number of blocked entries to view. <strong>Default</strong> is <strong>500</strong>. + </form> + </td> + </tr> + </table> + + </div> + </td> + </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="listhdrr">Remove</td> + <td class="listhdrr">#</td> + <td class="listhdrr">IP</td> + <td class="listhdrr">Alert Description</td> + </tr> <?php -/* write out snort cache */ -write_snort_config_cache($snort_config); +/* set the arrays */ +exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); +$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); +$blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); + +$logent = $bnentries; + +if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') +{ + + /* build the list and compare blocks to alerts */ + $counter = 0; + foreach($alerts_array as $fileline) + { + + $counter++; -?>
\ No newline at end of file + $alert_ip_src = get_snort_alert_ip_src($fileline); + $alert_ip_disc = get_snort_alert_disc($fileline); + $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); + + if (in_array("$alert_ip_src", $blocked_ips_array)) + { + $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; + } + } + + foreach($blocked_ips_array as $alert_block_ip) + { + + if (!in_array($alert_block_ip, $alert_ip_src_array)) + { + $input[] = "[$alert_block_ip] " . "[N\A]\n"; + } + } + + /* reduce double occurrences */ + $result = array_unique($input); + + /* buil final list, preg_match, buld html */ + $counter2 = 0; + + foreach($result as $fileline2) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_ip_str = get_snort_block_ip($fileline2); + + if($alert_block_ip_str != '') + { + $alert_block_ip_match = array('[',']'); + $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); + }else{ + $alert_block_ip = 'empty'; + } + + $alert_block_disc_str = get_snort_block_disc($fileline2); + + if($alert_block_disc_str != '') + { + $alert_block_disc_match = array('] [',']'); + $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); + }else{ + $alert_block_disc = 'empty'; + } + + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> + <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td> {$counter2}</td> + <td> {$alert_block_ip}</td> + <td> {$alert_block_disc}</td> + </tr>\n"; + + } + +}else{ + + /* if alerts file is empty and blocked table is not empty */ + $counter2 = 0; + + foreach($blocked_ips_array as $alert_block_ip) + { + if($logent <= $counter2) + continue; + + $counter2++; + + $alert_block_disc = 'N/A'; + + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'> + <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td> + <td> {$counter2}</td> + <td> {$alert_block_ip}</td> + <td> {$alert_block_disc}</td> + </tr>\n"; + } +} + +if ($blocked_ips_array[0] == '') +{ + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>"; +}else{ + echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>"; +} + +?> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 8d308245..6f95b101 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -3,6 +3,7 @@ /* snort_rulesets.php Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,8 +29,8 @@ */ /* Setup enviroment */ -$tmpfname = "/root/snort_rules_up"; -$snortdir = "/usr/local/etc/snort_bkup"; +$tmpfname = "/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; $snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; $snort_filename = "snortrules-snapshot-2.8.tar.gz"; @@ -38,53 +39,71 @@ $emergingthreats_filename = "emerging.rules.tar.gz"; $pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; $pfsense_rules_filename = "pfsense_rules.tar.gz"; -require("/usr/local/pkg/snort.inc"); -require_once("config.inc"); +require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); -?> +/* define checks */ +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; +if ($oinkid == "" && $snortdownload != "off") +{ + echo "You must obtain an oinkid from snort.org and set its value in the Snort settings tab.\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'You must obtain an oinkid from snort.org and set its value in the Snort settings tab.'"); + exit; +} -<?php +if ($snortdownload != "on" && $emergingthreats != "on") +{ + echo 'Snort Global Settings: download snort.org rules = off and download emergingthreat rules = off.\n'; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'No rules have been selected to download.'"); + exit; +} + +conf_mount_rw(); + +/* Time stamps define */ +$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; +$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; $up_date_time = date('l jS \of F Y h:i:s A'); -echo ""; -echo "#########################"; -echo "$up_date_time"; -echo "#########################"; -echo ""; +echo "\n"; +echo "#########################\n"; +echo "$up_date_time\n"; +echo "#########################\n"; +echo "\n\n"; + +exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Checking for needed updates...'"); /* Begin main code */ /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); ini_set("memory_limit","125M"); +/* mark the time update started */ +$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); + /* send current buffer */ ob_flush(); - -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -/* if missing oinkid exit */ -if(!$oinkid) { - echo "Please add you oink code\n"; - exit; -} +conf_mount_rw(); /* premium_subscriber check */ //unset($config['installedpackages']['snort']['config'][0]['subscriber']); //write_config(); // Will cause switch back to read-only on nanobsd //conf_mount_rw(); // Uncomment this if the previous line is uncommented -$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_subscriber_chk === on) { +$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; + +if ($premium_subscriber_chk == "premium") { $premium_subscriber = "_s"; }else{ $premium_subscriber = ""; } -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk === on) { +$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload']; +if ($premium_url_chk == "premium") { $premium_url = "sub-rules"; }else{ $premium_url = "reg-rules"; @@ -92,16 +111,23 @@ if ($premium_url_chk === on) { /* send current buffer */ ob_flush(); - conf_mount_rw(); + /* remove old $tmpfname files */ if (file_exists("{$tmpfname}")) { + echo "Removing old tmp files...\n"; exec("/bin/rm -r {$tmpfname}"); apc_clear_cache(); } +/* Make shure snortdir exits */ +exec("/bin/mkdir -p {$snortdir}"); +exec("/bin/mkdir -p {$snortdir}/rules"); +exec("/bin/mkdir -p {$snortdir}/signatures"); + /* send current buffer */ ob_flush(); +conf_mount_rw(); /* If tmp dir does not exist create it */ if (file_exists($tmpfname)) { @@ -125,7 +151,7 @@ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { } /* download md5 sig from emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; +$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats']; if ($emergingthreats_url_chk == on) { echo "Downloading md5 file...\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); @@ -151,14 +177,11 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { echo "Done. downloading md5\n"; } -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snort']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snort']['last_rules_install']; - /* If md5 file is empty wait 15min exit */ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ echo "Please wait... You may only check for New Rules every 15 minutes...\n"; echo "Rules are released every month from snort.org. You may download the Rules at any time.\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Rules every 15 minutes...'"); exit(0); } @@ -168,6 +191,7 @@ if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n"; echo "Rules are released to support Pfsense packages.\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Please wait... You may only check for New Pfsense Rules every 15 minutes...'"); exit(0); } @@ -178,18 +202,18 @@ $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; /* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); write_config(); // Will cause switch back to read-only on nanobsd conf_mount_rw(); if ($md5_check_new == $md5_check_old) { echo "Your rules are up to date...\n"; echo "You may start Snort now, check update.\n"; $snort_md5_check_ok = on; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your snort rules are up to date...'"); } } /* Check if were up to date emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; +$emergingthreats_url_chk = $config['installedpackages']['snortglobal']['emergingthreats']; if ($emergingthreats_url_chk == on) { if (file_exists("{$snortdir}/version.txt")){ $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); @@ -197,13 +221,13 @@ $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; /* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); write_config(); // Will cause switch back to read-only on nanobsd conf_mount_rw(); if ($emerg_md5_check_new == $emerg_md5_check_old) { echo "Your emergingthreats rules are up to date...\n"; echo "You may start Snort now, check update.\n"; $emerg_md5_check_chk_ok = on; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'"); } } } @@ -216,39 +240,65 @@ $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_m $pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; if ($pfsense_md5_check_new == $pfsense_md5_check_old) { $pfsense_md5_check_ok = on; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'"); } } /* Make Clean Snort Directory emergingthreats not checked */ if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) { - echo "Cleaning the snort Directory...\n"; - echo "removing...\n"; - exec("/bin/rm {$snortdir}/rules/emerging*\n"); + update_status(gettext("Cleaning the snort Directory...")); + update_output_window(gettext("removing...")); + exec("/bin/rm {$snortdir}/rules/emerging*"); exec("/bin/rm {$snortdir}/version.txt"); + exec("/bin/rm {$snortdir_wan}/rules/emerging*"); + exec("/bin/rm {$snortdir_wan}/version.txt"); echo "Done making cleaning emrg direcory.\n"; } /* Check if were up to date exits */ if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now...\n"; + echo "Your emergingthreats rules are up to date...\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your emergingthreats rules are up to date...'"); exit(0); } if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) { - echo "Your rules are up to date...\n"; - echo "You may start Snort now...\n"; + echo "Your pfsense rules are up to date...\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Your pfsense rules are up to date...'"); exit(0); } /* You are Not Up to date, always stop snort when updating rules for low end machines */; echo "You are NOT up to date...\n"; -echo "Stopping Snort service...\n"; +echo "Stopping All Snort Package services...\n"; +exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULES ARE OUT OF DATE, UPDATING...'"); +exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Stopping All Snort Package Services...'"); $chk_if_snort_up = exec("pgrep -x snort"); if ($chk_if_snort_up != "") { - exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - stop_service("snort"); - sleep(2); + + + exec("/usr/bin/touch /tmp/snort_download_halt.pid"); + + /* dont flood the syslog code */ + exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); + sleep(3); + + exec("/usr/bin/killall snort"); + exec("/bin/rm /var/run/snort*"); + sleep(2); + exec("/usr/bin/killall barnyard2"); + exec("/bin/rm /var/run/barnyard2*"); + + /* stop syslog flood code */ + exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_rules_update.log"); + exec("/usr/bin/killall syslogd"); + exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); + sleep(2); + exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); + $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after snort STOP {$after_mem}'"); + } /* download snortrules file */ @@ -256,7 +306,6 @@ if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { echo "Snortrule tar file exists...\n"; } else { - echo "There is a new set of Snort rules posted. Downloading...\n"; echo "May take 4 to 10 min...\n"; ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); @@ -311,28 +360,56 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { } } +/* Compair md5 sig to file sig */ + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk == on) { +//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md5 == $file_md5_ondisk) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); +// update_output_window(gettext("Error md5 Mismatch...")); +// exit(0); +// } +//} + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk != on) { +//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; +//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md55 == $file_md5_ondisk2) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...Not P")); +// update_output_window(gettext("Error md5 Mismatch...")); +// exit(0); +// } +//} + /* Untar snort rules file individually to help people with low system specs */ if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { echo "Extracting rules...\n"; echo "May take a while...\n"; - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/" . + " etc/" . + " so_rules/precompiled/FreeBSD-7.0/i386/2.8.4" . + " so_rules/bad-traffic.rules/" . + " so_rules/chat.rules/" . + " so_rules/dos.rules/" . + " so_rules/exploit.rules/" . + " so_rules/imap.rules/" . + " so_rules/misc.rules/" . + " so_rules/multimedia.rules/" . + " so_rules/netbios.rules/" . + " so_rules/nntp.rules/" . + " so_rules/p2p.rules/" . + " so_rules/smtp.rules/" . + " so_rules/sql.rules/" . + " so_rules/web-client.rules/" . + " so_rules/web-misc.rules/"); echo "Done extracting Rules.\n"; } else { echo "The Download rules file missing...\n"; @@ -364,7 +441,7 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { /* Untar snort signatures */ if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo']; +$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == on) { echo "Extracting Signatures...\n"; echo "May take a while...\n"; @@ -377,8 +454,8 @@ if ($premium_url_chk == on) { /* Make Clean Snort Directory */ //if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { //if (file_exists("{$snortdir}/rules")) { -// echo "Cleaning the snort Directory...\n"; -// echo "removing...\n"; +// update_status(gettext("Cleaning the snort Directory...")); +// update_output_window(gettext("removing...")); // exec("/bin/mkdir -p {$snortdir}"); // exec("/bin/mkdir -p {$snortdir}/rules"); // exec("/bin/mkdir -p {$snortdir}/signatures"); @@ -386,96 +463,49 @@ if ($premium_url_chk == on) { // exec("/bin/rm {$snortdir}/rules/*"); // exec("/bin/rm {$snortdir_wan}/*"); // exec("/bin/rm {$snortdir_wan}/rules/*"); + // exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); //} else { -// echo "Making Snort Directory...\n"; -// echo "should be fast...\n"; -// exec("/bin/mkdir {$snortdir}"); -// exec("/bin/mkdir {$snortdir}/rules"); -// exec("/bin/rm {$snortdir_wan}/\*"); +// update_status(gettext("Making Snort Directory...")); +// update_output_window(gettext("should be fast...")); +// exec("/bin/mkdir -p {$snortdir}"); +// exec("/bin/mkdir -p {$snortdir}/rules"); +// exec("/bin/rm {$snortdir_wan}/*"); // exec("/bin/rm {$snortdir_wan}/rules/*"); // exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*"); -// echo "Done making snort direcory.\n"; +// update_status(gettext("Done making snort direcory.")); // } //} -/* Copy so_rules dir to snort lib dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { - echo "Copying so_rules...\n"; - echo "May take a while...\n"; - sleep(2); - exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); - exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - echo "Done copying so_rules.\n"; -} else { - echo "Directory so_rules does not exist...\n"; - echo "Error copping so_rules...\n"; - exit(0); - } -} - -/* enable disable setting will carry over with updates */ -/* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { - -if (!empty($config['installedpackages']['snort']['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on']; -$enabled_sid_on_array = split('\|\|', $enabled_sid_on); -foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "$enabled_item_on\n"; - } - -if (!empty($config['installedpackages']['snort']['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off']; -$enabled_sid_off_array = split('\|\|', $enabled_sid_off); -foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "$enabled_item_off\n"; - } - -$snort_sid_text = <<<EOD - -########################################### -# # -# this is auto generated on snort updates # -# # -########################################### - -path = /bin:/usr/bin:/usr/local/bin - -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - -url = dir:///usr/local/etc/snort_bkup/rules - -$selected_sid_on_sections - -$selected_sid_off_sections - -EOD; - - /* open snort's threshold.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w"); - - fwrite($oinkmasterlist, "$snort_sid_text"); - - /* close snort's threshold.conf file */ - fclose($oinkmasterlist); - -} +/* Copy so_rules dir to snort lib dir */ +/* Disabled untill I figure out why there is a segment falut core dump on 2.8.5.3 */ +//if ($snort_md5_check_ok != on) { +//if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { +// echo "Copying so_rules...\n"; +// echo "May take a while...\n"; +// exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); +// exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); +// exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules"); +// exec("/bin/rm -r {$snortdir}/so_rules"); +// echo "Done copying so_rules.\n"; +//} else { +// echo "Directory so_rules does not exist...\n"; +// echo "Error copying so_rules...\n"; +// exit(0); +// } +//} /* Copy configs to snort dir */ if ($snort_md5_check_ok != on) { @@ -483,9 +513,10 @@ if (file_exists("{$snortdir}/etc/Makefile.am")) { echo "Copying configs to snort directory...\n"; exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); exec("/bin/rm -r {$snortdir}/etc"); + } else { - echo "The snort configs does not exist...\n"; - echo "Error copping config...\n"; + echo "The snort config does not exist...\n"; + echo "Error copying config...\n"; exit(0); } } @@ -497,7 +528,7 @@ if (file_exists("{$tmpfname}/$snort_filename_md5")) { exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); } else { echo "The md5 file does not exist...\n"; - echo "Error copping config...\n"; + echo "Error copying config...\n"; exit(0); } } @@ -510,7 +541,7 @@ if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); } else { echo "The emergingthreats md5 file does not exist...\n"; - echo "Error copping config...\n"; + echo "Error copying config...\n"; exit(0); } } @@ -523,14 +554,14 @@ if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); } else { echo "The Pfsense md5 file does not exist...\n"; - echo "Error copping config...\n"; + echo "Error copying config...\n"; exit(0); } } - + /* Copy signatures dir to snort dir */ if ($snort_md5_check_ok != on) { -$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo']; +$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == on) { if (file_exists("{$snortdir}/doc/signatures")) { echo "Copying signatures...\n"; @@ -540,22 +571,22 @@ if (file_exists("{$snortdir}/doc/signatures")) { echo "Done copying signatures.\n"; } else { echo "Directory signatures exist...\n"; - echo "Error copping signature...\n"; + echo "Error copying signature...\n"; exit(0); } } } -/* double make shure clean up emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) { +/* double make shure cleanup emerg rules that dont belong */ +if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { apc_clear_cache(); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); } if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { @@ -563,72 +594,176 @@ if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); } +/* make shure default rules are in the right format */ +exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); + +/* create a msg-map for snort */ echo "Updating Alert Messages...\n"; echo "Please Wait...\n"; -sleep(2); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map"); +exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); + + +////////////////// + +/* Start the proccess for every interface rule */ +/* TODO: try to make the code smother */ + +if (!empty($config['installedpackages']['snortglobal']['rule'])) { + +$rule_array = $config['installedpackages']['snortglobal']['rule']; +$id = -1; +foreach ($rule_array as $value) { + +$id += 1; + +$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; +$if_real = convert_friendly_interface_to_real_interface_name($result_lan); + + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf(); + + /* run oinkmaster for each interface rule */ + oinkmaster_run(); + + } +} + +/* open oinkmaster_conf for writing" function */ +function oinkmaster_conf() { + + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok; + +/* enable disable setting will carry over with updates */ +/* TODO carry signature changes with the updates */ +if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { + +if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { +$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; +$enabled_sid_on_array = split('\|\|', $enabled_sid_on); +foreach($enabled_sid_on_array as $enabled_item_on) +$selected_sid_on_sections .= "$enabled_item_on\n"; + } + +if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { +$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; +$enabled_sid_off_array = split('\|\|', $enabled_sid_off); +foreach($enabled_sid_off_array as $enabled_item_off) +$selected_sid_off_sections .= "$enabled_item_off\n"; + } + +$snort_sid_text = <<<EOD + +########################################### +# # +# this is auto generated on snort updates # +# # +########################################### + +path = /bin:/usr/bin:/usr/local/bin + +update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ + +url = dir:///usr/local/etc/snort/rules + +$selected_sid_on_sections + +$selected_sid_off_sections + +EOD; + + /* open snort's oinkmaster.conf for writing */ + $oinkmasterlist = fopen("/usr/local/etc/snort/oinkmaster_$if_real.conf", "w"); + + fwrite($oinkmasterlist, "$snort_sid_text"); + + /* close snort's oinkmaster.conf file */ + fclose($oinkmasterlist); + + } +} /* Run oinkmaster to snort_wan and cp configs */ /* If oinkmaster is not needed cp rules normally */ /* TODO add per interface settings here */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { +function oinkmaster_run() { - if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { -echo "Your first set of rules are being copied...\n"; -echo "May take a while...\n"; + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_chk_ok, $pfsense_md5_check_ok; - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); +if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { + + if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) || empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { + echo "Your first set of rules are being copied...\n"; + echo "May take a while...\n"; + exec("/bin/echo \"test {$snortdir} {$snortdir_wan} $id$if_real\" >> /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); } else { echo "Your enable and disable changes are being applied to your fresh set of rules...\n"; echo "May take a while...\n"; - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); + exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} $id$if_real\" > /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_$id$if_real/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_$id$if_real"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_$id$if_real"); /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log"); - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/oinkmaster_$id$if_real.conf -o /usr/local/etc/snort/snort_$id$if_real/rules > /usr/local/etc/snort/oinkmaster_$id$if_real.log"); + + } } } +////////////// + +/* mark the time update finnished */ +$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); + /* remove old $tmpfname files */ if (file_exists("{$tmpfname}")) { echo "Cleaning up...\n"; - exec("/bin/rm -r /root/snort_rules_up"); + exec("/bin/rm -r /tmp/snort_rules_up"); +// apc_clear_cache(); } /* php code to flush out cache some people are reportting missing files this might help */ -sleep(5); +sleep(2); apc_clear_cache(); exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); + /* make snort the owner */ + exec("/usr/sbin/chown -R snort:snort /var/log/snort"); + exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); + exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); + exec("/bin/chmod -R 755 /var/log/snort"); + exec("/bin/chmod -R 755 /usr/local/etc/snort"); + exec("/bin/chmod -R 755 /usr/local/lib/snort"); + /* if snort is running hardrestart, if snort is not running do nothing */ if (file_exists("/tmp/snort_download_halt.pid")) { - start_service("snort"); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); echo "The Rules update finished...\n"; echo "Snort has restarted with your new set of rules...\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'"); exec("/bin/rm /tmp/snort_download_halt.pid"); } else { echo "The Rules update finished...\n"; - echo "You may start snort now...\n"; + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'SNORT RULE UPDATE FINNISHED...'"); } + conf_mount_ro(); ?> diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php new file mode 100644 index 00000000..04984300 --- /dev/null +++ b/config/snort/snort_define_servers.php @@ -0,0 +1,582 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + + +if (isset($id) && $a_nat[$id]) { + + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['uuid'] = $a_nat[$id]['uuid']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + +if (isset($_GET['dup'])) + unset($id); +} + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); + + + if ($_POST["Submit"]) { + + /* check for overlaps */ + +/* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + + /* post new options */ + if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } + if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } + if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } + if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } + if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } + if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } + if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } + if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } + if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } + if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } + if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } + if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } + if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } + if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } + if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } + if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } + if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } + if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } + if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } + if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } + if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } + if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } + if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } + if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } + if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } + if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } + if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } + if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } + if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } + if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } + if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } + if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } + + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + /* after click go to this page */ + + touch($d_snortconfdirty_path); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + + header("Location: snort_define_servers.php?id=$id"); + + exit; + } +} + +$snort_uuid = $pconfig['uuid']; + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid }_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + +$pgtitle = "Snort: Interface $id$if_real Define Servers"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("./snort_fbegin.inc"); +?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<form action="snort_define_servers.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if($id != "") +{ + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", true, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + +} +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " + <style type=\"text/css\"> + .noid { + position:absolute; + top:10px; + left:0px; + width:94%; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; + } + </style> + <div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; + + } + ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br> + Please save your settings before you click start.<br> + Please make sure there are <strong>no spaces</strong> in your definitions. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define DNS_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_dns_servers" type="text" class="formfld" id="def_dns_servers" size="40" value="<?=htmlspecialchars($pconfig['def_dns_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define DNS_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_dns_ports" type="text" class="formfld" id="def_dns_ports" size="40" value="<?=htmlspecialchars($pconfig['def_dns_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SMTP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_smtp_servers" type="text" class="formfld" id="def_smtp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SMTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_smtp_ports" type="text" class="formfld" id="def_smtp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_smtp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define Mail_Ports</td> + <td width="78%" class="vtable"> + <input name="def_mail_ports" type="text" class="formfld" id="def_mail_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mail_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define HTTP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_http_servers" type="text" class="formfld" id="def_http_servers" size="40" value="<?=htmlspecialchars($pconfig['def_http_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define WWW_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_www_servers" type="text" class="formfld" id="def_www_servers" size="40" value="<?=htmlspecialchars($pconfig['def_www_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define HTTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_http_ports" type="text" class="formfld" id="def_http_ports" size="40" value="<?=htmlspecialchars($pconfig['def_http_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SQL_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_sql_servers" type="text" class="formfld" id="def_sql_servers" size="40" value="<?=htmlspecialchars($pconfig['def_sql_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define ORACLE_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_oracle_ports" type="text" class="formfld" id="def_oracle_ports" size="40" value="<?=htmlspecialchars($pconfig['def_oracle_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define MSSQL_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_mssql_ports" type="text" class="formfld" id="def_mssql_ports" size="40" value="<?=htmlspecialchars($pconfig['def_mssql_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define TELNET_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_telnet_servers" type="text" class="formfld" id="def_telnet_servers" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define TELNET_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_telnet_ports" type="text" class="formfld" id="def_telnet_ports" size="40" value="<?=htmlspecialchars($pconfig['def_telnet_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SNMP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_snmp_servers" type="text" class="formfld" id="def_snmp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SNMP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_snmp_ports" type="text" class="formfld" id="def_snmp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_snmp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define FTP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_ftp_servers" type="text" class="formfld" id="def_ftp_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define FTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_ftp_ports" type="text" class="formfld" id="def_ftp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ftp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSH_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_ssh_servers" type="text" class="formfld" id="def_ssh_servers" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSH_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_ssh_ports" type="text" class="formfld" id="def_ssh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssh_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define POP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_pop_servers" type="text" class="formfld" id="def_pop_servers" size="40" value="<?=htmlspecialchars($pconfig['def_pop_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define POP2_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_pop2_ports" type="text" class="formfld" id="def_pop2_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop2_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define POP3_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_pop3_ports" type="text" class="formfld" id="def_pop3_ports" size="40" value="<?=htmlspecialchars($pconfig['def_pop3_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define IMAP_SERVERS</td> + <td width="78%" class="vtable"> + <input name="def_imap_servers" type="text" class="formfld" id="def_imap_servers" size="40" value="<?=htmlspecialchars($pconfig['def_imap_servers']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define IMAP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_imap_ports" type="text" class="formfld" id="def_imap_ports" size="40" value="<?=htmlspecialchars($pconfig['def_imap_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SIP_PROXY_IP</td> + <td width="78%" class="vtable"> + <input name="def_sip_proxy_ip" type="text" class="formfld" id="def_sip_proxy_ip" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ip']);?>"> + <br> <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SIP_PROXY_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_sip_proxy_ports" type="text" class="formfld" id="def_sip_proxy_ports" size="40" value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define AUTH_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" value="<?=htmlspecialchars($pconfig['def_auth_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define FINGER_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_finger_ports" type="text" class="formfld" id="def_finger_ports" size="40" value="<?=htmlspecialchars($pconfig['def_finger_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define IRC_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_irc_ports" type="text" class="formfld" id="def_irc_ports" size="40" value="<?=htmlspecialchars($pconfig['def_irc_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define NNTP_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_nntp_ports" type="text" class="formfld" id="def_nntp_ports" size="40" value="<?=htmlspecialchars($pconfig['def_nntp_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define RLOGIN_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_rlogin_ports" type="text" class="formfld" id="def_rlogin_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rlogin_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define RSH_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_rsh_ports" type="text" class="formfld" id="def_rsh_ports" size="40" value="<?=htmlspecialchars($pconfig['def_rsh_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSL_PORTS</td> + <td width="78%" class="vtable"> + <input name="def_ssl_ports" type="text" class="formfld" id="def_ssl_ports" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports']);?>"> + <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_define_servers.xml b/config/snort/snort_define_servers.xml deleted file mode 100644 index 7df880d0..00000000 --- a/config/snort/snort_define_servers.xml +++ /dev/null @@ -1,364 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>SnortDefServers</name> - <version>none</version> - <title>Services: Snort Define Servers</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Define DNS_SERVERS</fielddescr> - <fieldname>def_dns_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define DNS_PORTS</fielddescr> - <fieldname>def_dns_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SMTP_SERVERS</fielddescr> - <fieldname>def_smtp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SMTP_PORTS</fielddescr> - <fieldname>def_smtp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define Mail_Ports</fielddescr> - <fieldname>def_mail_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define HTTP_SERVERS</fielddescr> - <fieldname>def_http_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define WWW_SERVERS</fielddescr> - <fieldname>def_www_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define HTTP_PORTS</fielddescr> - <fieldname>def_http_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SQL_SERVERS</fielddescr> - <fieldname>def_sql_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define ORACLE_PORTS</fielddescr> - <fieldname>def_oracle_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define MSSQL_PORTS</fielddescr> - <fieldname>def_mssql_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define TELNET_SERVERS</fielddescr> - <fieldname>def_telnet_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define TELNET_PORTS</fielddescr> - <fieldname>def_telnet_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SNMP_SERVERS</fielddescr> - <fieldname>def_snmp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SNMP_PORTS</fielddescr> - <fieldname>def_snmp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define FTP_SERVERS</fielddescr> - <fieldname>def_ftp_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define FTP_PORTS</fielddescr> - <fieldname>def_ftp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SSH_SERVERS</fielddescr> - <fieldname>def_ssh_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SSH_PORTS</fielddescr> - <fieldname>def_ssh_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define POP_SERVERS</fielddescr> - <fieldname>def_pop_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define POP2_PORTS</fielddescr> - <fieldname>def_pop2_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define POP3_PORTS</fielddescr> - <fieldname>def_pop3_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define IMAP_SERVERS</fielddescr> - <fieldname>def_imap_servers</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define IMAP_PORTS</fielddescr> - <fieldname>def_imap_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SIP_PROXY_IP</fielddescr> - <fieldname>def_sip_proxy_ip</fieldname> - <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description> - <type>input</type> - <size>101</size> - <value></value> - </field> - <field> - <fielddescr>Define SIP_PROXY_PORTS</fielddescr> - <fieldname>def_sip_proxy_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define AUTH_PORTS</fielddescr> - <fieldname>def_auth_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define FINGER_PORTS</fielddescr> - <fieldname>def_finger_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define IRC_PORTS</fielddescr> - <fieldname>def_irc_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define NNTP_PORTS</fielddescr> - <fieldname>def_nntp_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define RLOGIN_PORTS</fielddescr> - <fieldname>def_rlogin_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define RSH_PORTS</fielddescr> - <fieldname>def_rsh_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - <field> - <fielddescr>Define SSL_PORTS</fielddescr> - <fieldname>def_ssl_ports</fieldname> - <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</description> - <type>input</type> - <size>43</size> - <value></value> - </field> - </fields> - <custom_php_deinstall_command> - snort_define_servers(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 9826ba2a..b2bcb748 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -2,7 +2,8 @@ /* $Id$ */ /* snort_rulesets.php - Copyright (C) 2006 Scott Ullrich and Robert Zelaya + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,8 +29,15 @@ */ /* Setup enviroment */ -$tmpfname = "/root/snort_rules_up"; -$snortdir = "/usr/local/etc/snort_bkup"; + +/* TODO: review if include files are needed */ +require_once("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +$tmpfname = "/tmp/snort_rules_up"; +$snortdir = "/usr/local/etc/snort"; $snortdir_wan = "/usr/local/etc/snort"; $snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5"; $snort_filename = "snortrules-snapshot-2.8.tar.gz"; @@ -38,27 +46,213 @@ $emergingthreats_filename = "emerging.rules.tar.gz"; $pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; $pfsense_rules_filename = "pfsense_rules.tar.gz"; -require_once("guiconfig.inc"); -require_once("functions.inc"); -require_once("service-utils.inc"); -require("/usr/local/pkg/snort.inc"); +$id_d = $_GET['id_d']; +if (isset($_POST['id_d'])) + $id_d = $_POST['id_d']; + +/* Time stamps define */ +$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download']; +$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install']; + +/* define checks */ +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; + + + if ($snortdownload == "off" && $emergingthreats != "on") + { + $snort_emrging_info = "stop"; + } + + if ($oinkid == "" && $snortdownload != "off") + { + $snort_oinkid_info = "stop"; + } + + + /* check if main rule directory is empty */ + $if_mrule_dir = "/usr/local/etc/snort/rules"; + $mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; + + +if (file_exists('/var/run/snort.conf.dirty')) { + $snort_dirty_d = 'stop'; +} + + + +/* If no id show the user a button */ +if ($id_d == "" || $snort_emrging_info == "stop" || $snort_oinkid_info == "stop" || $snort_dirty_d == 'stop') { + +$pgtitle = "Services: Snort: Rule Updates"; + +include("head.inc"); +include("./snort_fbegin.inc"); +echo "<p class=\"pgtitle\">"; +if($pfsense_stable == 'yes'){echo $pgtitle;} +echo "</p>\n"; + + echo "<table height=\"32\" width=\"100%\">\n"; + echo " <tr>\n"; + echo " <td>\n"; + echo " <div style='background-color:#E0E0E0' id='redbox'>\n"; + echo " <table width='100%'><tr><td width='8%'>\n"; + echo " <img style='vertical-align:middle' src=\"/snort/images/icon_excli.png\" width=\"40\" height=\"32\">\n"; + echo " </td>\n"; + echo " <td width='70%'><font color='#FF850A'><b>NOTE:</b></font><font color='#000000'> Snort.org and Emergingthreats.net will go down from time to time. Please be patient.</font>\n"; + echo " </td>"; + echo " </tr></table>\n"; + echo " </div>\n"; + echo " </td>\n"; + echo "</table>\n"; + echo "<script type=\"text/javascript\">\n"; + echo "NiftyCheck();\n"; + echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#E0E0E0\",\"smooth\");\n"; + echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; + echo "</script>\n"; + echo "\n<br>\n"; + +/* make sure user has javascript on */ +echo "<style type=\"text/css\"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class=\"alert\" ALIGN=CENTER><img src=\"/themes/nervecenter/images/icons/icon_alert.gif\"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>\n"; +echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">\n"; + +echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n +<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n +<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); + +if ($snort_emrging_info == "stop" && $snort_oinkid_info == "stop") { +$disable_enable_button = 'onclick="this.disabled=true"'; +}else{ +$disable_enable_button = "onClick=\"parent.location='/snort/snort_download_rules.php?id_d=up'\""; +} +echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n +<input name=\"Submit\" type=\"submit\" class=\"formbtn\" $disable_enable_button value=\"Update Rules\" $disable_button> <br><br> \n"; + +if ($mfolder_chk == "empty") +{ +echo "<span class=\"red\"><strong>WARNING:</strong></span> The main rules <strong>directory</strong> is <strong>empty</strong>. /usr/local/etc/snort/rules <br><br>\n"; +} + +if ($snort_emrging_info == "stop") { +echo "<span class=\"red\"><strong>WARNING:</strong></span> Click on the <strong>\"Global Settings\"</strong> tab and select ether snort.org or enmergingthreats.net rules to download. <br><br> \n"; +} + +if ($snort_oinkid_info == "stop") { +echo "<span class=\"red\"><strong>WARNING:</strong></span> Click on the <strong>\"Global Settings\"</strong> tab and enter a <strong>oinkmaster</strong> code. <br><br> \n"; +} + +if ($snort_dirty_d == "stop") { +echo "<span class=\"red\"><strong>WARNING:</span> CHANGES HAVE NOT BEEN APPLIED</strong> Click on the <strong>\"Apply Settings\"</strong> button at the main interface tab.<br><br> \n"; +} + +echo " </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n +</table>\n +\n +</form>\n +\n +<p>\n\n"; + +if ($id_d == "") +echo "Click on the <strong>\"Update Rules\"</strong> button to start the updates. <br><br> \n"; + +if ($config['installedpackages']['snortglobal']['last_md5_download'] != "") +echo "The last time the updates were started <strong>$last_md5_download</strong>. <br><br> \n"; + +if ($config['installedpackages']['snortglobal']['last_rules_install'] != "") +echo "The last time the updates were installed <strong>$last_rules_install</strong>. <br><br> \n"; + +include("fend.inc"); + +echo "</body>"; +echo "</html>"; + +exit(0); + +} $pgtitle = "Services: Snort: Update Rules"; include("/usr/local/www/head.inc"); ?> - <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> +<script type="text/javascript" src="/snort/javascript/jquery-1.3.2.js"></script> +<script type="text/javascript" src="/snort/javascript/jquery.blockUI.js?v2.28"></script> + +<script type="text/javascript"> +<!-- + +function displaymessage() +{ + + $.blockUI.defaults.message = "Please be patient...."; + + $.blockUI({ + + css: { + border: 'none', + padding: '15px', + backgroundColor: '#000', + '-webkit-border-radius': '10px', + '-moz-border-radius': '10px', + opacity: .5, + color: '#fff', + } + }); + +} -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +function displaymessagestop() +{ -<?php include("/usr/local/www/fbegin.inc"); ?> +setTimeout($.unblockUI, 2000); -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> +} + +// --> +</script> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> <form action="snort_download_rules.php" method="post"> <div id="inputerrors"></div> @@ -67,23 +261,28 @@ if(!$pgtitle_output) <tr> <td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); ?> - </td> - </tr> - <tr> - <td> + +<script type="text/javascript"> +<!-- + displaymessage(); +// --> +</script> + +</td> +</tr> + <br> + <tr> + <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> @@ -92,7 +291,7 @@ if(!$pgtitle_output) <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'> <tr> <td> - <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' /> + <img border='0' src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' /> </td> </tr> </table> @@ -112,47 +311,34 @@ if(!$pgtitle_output) </tr> </table> </form> - <?php include("fend.inc");?> <?php +conf_mount_rw(); /* Begin main code */ /* Set user agent to Mozilla */ ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); ini_set("memory_limit","125M"); +/* mark the time update started */ +$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A"); + /* send current buffer */ ob_flush(); +conf_mount_rw(); -/* define oinkid */ -if($config['installedpackages']['snort']) - $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; - -/* if missing oinkid exit */ -if(!$oinkid) { - $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab."); - update_all_status($static_output); - hide_progress_bar_status(); - exit; -} - -/* premium_subscriber check */ -//unset($config['installedpackages']['snort']['config'][0]['subscriber']); -//write_config(); // Will cause switch back to read-only on nanobsd -//conf_mount_rw(); // Uncomment this if the previous line is uncommented - -$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +$premium_subscriber_chk = $config['installedpackages']['snortglobal']['snortdownload']; -if ($premium_subscriber_chk === on) { +if ($premium_subscriber_chk == "premium") { $premium_subscriber = "_s"; }else{ $premium_subscriber = ""; } -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk === on) { +$premium_url_chk = $config['installedpackages']['snortglobal']['snortdownload']; +if ($premium_url_chk == "premium") { $premium_url = "sub-rules"; }else{ $premium_url = "reg-rules"; @@ -163,7 +349,6 @@ hide_progress_bar_status(); /* send current buffer */ ob_flush(); - conf_mount_rw(); /* remove old $tmpfname files */ @@ -177,9 +362,11 @@ if (file_exists("{$tmpfname}")) { exec("/bin/mkdir -p {$snortdir}"); exec("/bin/mkdir -p {$snortdir}/rules"); exec("/bin/mkdir -p {$snortdir}/signatures"); +exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/"); /* send current buffer */ ob_flush(); +conf_mount_rw(); /* If tmp dir does not exist create it */ if (file_exists($tmpfname)) { @@ -192,35 +379,39 @@ if (file_exists($tmpfname)) { unhide_progress_bar_status(); /* download md5 sig from snort.org */ -if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - update_status(gettext("md5 temp file exists...")); -} else { - update_status(gettext("Downloading md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); +if ($snortdownload == "basic" || $snortdownload == "premium") +{ + if (file_exists("{$tmpfname}/{$snort_filename_md5}") && + filesize("{$tmpfname}/{$snort_filename_md5}") > 0) { + update_status(gettext("snort.org md5 temp file exists...")); + } else { + update_status(gettext("Downloading snort.org md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5"); - $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done. downloading md5")); + $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w'); + fwrite($f, $image); + fclose($f); + update_status(gettext("Done downloading snort.org md5")); + } } /* download md5 sig from emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; -if ($emergingthreats_url_chk == on) { - update_status(gettext("Downloading md5 file...")); - ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); - $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); +if ($emergingthreats == "on") +{ + update_status(gettext("Downloading emergingthreats md5 file...")); + ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); + $image = @file_get_contents("http://www.emergingthreats.net/version.txt"); // $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt"); - $f = fopen("{$tmpfname}/version.txt", 'w'); - fwrite($f, $image); - fclose($f); - update_status(gettext("Done. downloading md5")); + $f = fopen("{$tmpfname}/version.txt", 'w'); + fwrite($f, $image); + fclose($f); + update_status(gettext("Done downloading emergingthreats md5")); } /* download md5 sig from pfsense.org */ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { - update_status(gettext("md5 temp file exists...")); + update_status(gettext("pfsense md5 temp file exists...")); } else { update_status(gettext("Downloading pfsense md5 file...")); ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)'); @@ -229,23 +420,30 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) { $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w'); fwrite($f, $image); fclose($f); - update_status(gettext("Done. downloading md5")); + update_status(gettext("Done downloading pfsense md5.")); } -/* Time stamps define */ -$last_md5_download = $config['installedpackages']['snort']['last_md5_download']; -$last_rules_install = $config['installedpackages']['snort']['last_rules_install']; - /* If md5 file is empty wait 15min exit */ -if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){ - update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); - update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); - hide_progress_bar_status(); - /* Display last time of sucsessful md5 check from cache */ - echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; - echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; - echo "\n\n</body>\n</html>\n"; - exit(0); +if ($snortdownload != "off") +{ + if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")) + { + update_status(gettext("Please wait... You may only check for New Rules every 15 minutes...")); + update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time.")); + hide_progress_bar_status(); + /* Display last time of sucsessful md5 check from cache */ + echo "\n\n</body>\n</html>\n"; + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; +echo "</body>"; +echo "</html>"; +conf_mount_ro(); + exit(0); + } } /* If emergingthreats md5 file is empty wait 15min exit not needed */ @@ -256,89 +454,138 @@ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){ update_output_window(gettext("Rules are released to support Pfsense packages.")); hide_progress_bar_status(); /* Display last time of sucsessful md5 check from cache */ - echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; - echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; echo "\n\n</body>\n</html>\n"; + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; +echo "</body>"; +echo "</html>"; +conf_mount_ro(); exit(0); } /* Check if were up to date snort.org */ -if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){ -$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($md5_check_new == $md5_check_old) { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); - hide_progress_bar_status(); - /* Timestamps to html */ - echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n"; - echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n"; -// echo "P is this code {$premium_subscriber}"; +if ($snortdownload != "off") +{ + if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")) + { + $md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); + $md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); + $md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + write_config(); // Will cause switch back to read-only on nanobsd + conf_mount_rw(); + if ($md5_check_new == $md5_check_old) + { + update_status(gettext("Your rules are up to date...")); + update_output_window(gettext("You may start Snort now, check update.")); + hide_progress_bar_status(); echo "\n\n</body>\n</html>\n"; $snort_md5_check_ok = on; - } + } + } } /* Check if were up to date emergingthreats.net */ -$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats']; -if ($emergingthreats_url_chk == on) { -if (file_exists("{$snortdir}/version.txt")){ -$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); -$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); -$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -/* Write out time of last sucsessful md5 to cache */ -$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A"); -write_config(); // Will cause switch back to read-only on nanobsd -conf_mount_rw(); -if ($emerg_md5_check_new == $emerg_md5_check_old) { - update_status(gettext("Your emergingthreats rules are up to date...")); - update_output_window(gettext("You may start Snort now, check update.")); +if ($emergingthreats == "on") +{ + if (file_exists("{$snortdir}/version.txt")) + { + $emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt"); + $emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt"); + $emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + // Will cause switch back to read-only on nanobsd + write_config(); + conf_mount_rw(); + if ($emerg_md5_check_new == $emerg_md5_check_old) + { hide_progress_bar_status(); - $emerg_md5_check_chk_ok = on; - } - } + $emerg_md5_check_ok = on; + } + } } /* Check if were up to date pfsense.org */ -if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){ -$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; -$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}"); -$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; -if ($pfsense_md5_check_new == $pfsense_md5_check_old) { + if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5")) + { + $pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`; + $pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5"); + $pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`; + /* Write out time of last sucsessful md5 to cache */ + // Will cause switch back to read-only on nanobsd + write_config(); + conf_mount_rw(); + if ($pfsense_md5_check_new == $pfsense_md5_check_old) + { + hide_progress_bar_status(); $pfsense_md5_check_ok = on; - } -} + } + } -/* Make Clean Snort Directory emergingthreats not checked */ -if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) { - update_status(gettext("Cleaning the snort Directory...")); - update_output_window(gettext("removing...")); - exec("/bin/rm {$snortdir}/rules/emerging*"); - exec("/bin/rm {$snortdir}/version.txt"); - exec("/bin/rm {$snortdir_wan}/rules/emerging*"); - exec("/bin/rm {$snortdir_wan}/version.txt"); - update_status(gettext("Done making cleaning emrg direcory.")); +/* Check if were up to date is so, exit */ +/* WARNING This code needs constant checks */ +if ($snortdownload != "off" && $emergingthreats != "off") +{ + if ($snort_md5_check_ok == "on" && $emerg_md5_check_ok == "on") + { + update_status(gettext("All your rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + echo ' + <script type="text/javascript"> + <!-- + displaymessagestop(); + // --> + </script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } } -/* Check if were up to date exits */ -if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - exit(0); +if ($snortdownload == "on" && $emergingthreats == "off") +{ + if ($snort_md5_check_ok == "on") + { + update_status(gettext("Your snort.org rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + echo ' + <script type="text/javascript"> + <!-- + displaymessagestop(); + // --> + </script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } } -if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) { - update_status(gettext("Your rules are up to date...")); - update_output_window(gettext("You may start Snort now...")); - exit(0); +if ($snortdownload == "off" && $emergingthreats == "on") +{ + if ($emerg_md5_check_ok == "on") + { + update_status(gettext("Your Emergingthreats rules are up to date...")); + update_output_window(gettext("You may start Snort now...")); + echo ' + <script type="text/javascript"> + <!-- + displaymessagestop(); + // --> + </script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } } /* You are Not Up to date, always stop snort when updating rules for low end machines */; @@ -347,45 +594,60 @@ update_output_window(gettext("Stopping Snort service...")); $chk_if_snort_up = exec("pgrep -x snort"); if ($chk_if_snort_up != "") { exec("/usr/bin/touch /tmp/snort_download_halt.pid"); - stop_service("snort"); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop"); sleep(2); } /* download snortrules file */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Snortrule tar file exists...")); -} else { - unhide_progress_bar_status(); - update_status(gettext("There is a new set of Snort rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + update_status(gettext("Snortrule tar file exists...")); + } else { + unhide_progress_bar_status(); + update_status(gettext("There is a new set of Snort rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading rules file.")); - if (150000 > filesize("{$tmpfname}/$snort_filename")){ - update_status(gettext("Error with the snort rules download...")); - update_output_window(gettext("Snort rules file downloaded failed...")); - exit(0); - } - } + download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware"); + update_all_status($static_output); + update_status(gettext("Done downloading rules file.")); + if (150000 > filesize("{$tmpfname}/$snort_filename")){ + update_status(gettext("Error with the snort rules download...")); + update_output_window(gettext("Snort rules file downloaded failed...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; +echo "</body>"; +echo "</html>"; +conf_mount_ro(); + exit(0); + } + } + } } - + /* download emergingthreats rules file */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_status(gettext("Emergingthreats tar file exists...")); -} else { - update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); - update_output_window(gettext("May take 4 to 10 min...")); +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != on) + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext("Emergingthreats tar file exists...")); + }else{ + update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading...")); + update_output_window(gettext("May take 4 to 10 min...")); // download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); - update_all_status($static_output); - update_status(gettext("Done downloading Emergingthreats rules file.")); - } - } - } + download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware"); + update_all_status($static_output); + update_status(gettext("Done downloading Emergingthreats rules file.")); + } + } +} /* download pfsense rules file */ if ($pfsense_md5_check_ok != on) { @@ -431,44 +693,65 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { //} /* Untar snort rules file individually to help people with low system specs */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/{$snort_filename}")) { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/"); - exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/"); - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/"); - update_status(gettext("Done extracting Rules.")); -} else { - update_status(gettext("The Download rules file missing...")); - update_output_window(gettext("Error rules extracting failed...")); - exit(0); - } +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$tmpfname}/{$snort_filename}")) { + update_status(gettext("Extracting rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/mkdir -p {$snortdir}/rules_bk/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/rules_bk rules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/" . + " so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/" . + " so_rules/bad-traffic.rules/" . + " so_rules/chat.rules/" . + " so_rules/dos.rules/" . + " so_rules/exploit.rules/" . + " so_rules/imap.rules/" . + " so_rules/misc.rules/" . + " so_rules/multimedia.rules/" . + " so_rules/netbios.rules/" . + " so_rules/nntp.rules/" . + " so_rules/p2p.rules/" . + " so_rules/smtp.rules/" . + " so_rules/sql.rules/" . + " so_rules/web-client.rules/" . + " so_rules/web-misc.rules/"); + /* add prefix to all snort.org files */ + /* remove this part and make it all php with the simplst code posible */ + chdir ("/usr/local/etc/snort/rules_bk/rules"); + sleep(2); + exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules'); + update_status(gettext("Done extracting Rules.")); + }else{ + update_status(gettext("The Download rules file missing...")); + update_output_window(gettext("Error rules extracting failed...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; +echo "</body>"; +echo "</html>"; +conf_mount_ro(); + exit(0); + } + } } /* Untar emergingthreats rules to tmp */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - update_status(gettext("Extracting rules...")); - update_output_window(gettext("May take a while...")); - exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); - } - } +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != on) + { + if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) + { + update_status(gettext("Extracting rules...")); + update_output_window(gettext("May take a while...")); + exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/"); + } + } } /* Untar Pfsense rules to tmp */ @@ -483,7 +766,7 @@ if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) { /* Untar snort signatures */ if ($snort_md5_check_ok != on) { if (file_exists("{$tmpfname}/{$snort_filename}")) { -$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo']; +$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; if ($premium_url_chk == on) { update_status(gettext("Extracting Signatures...")); update_output_window(gettext("May take a while...")); @@ -493,74 +776,250 @@ if ($premium_url_chk == on) { } } -/* Make Clean Snort Directory */ -//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) { -//if (file_exists("{$snortdir}/rules")) { -// update_status(gettext("Cleaning the snort Directory...")); -// update_output_window(gettext("removing...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/mkdir -p {$snortdir}/signatures"); -// exec("/bin/rm {$snortdir}/*"); -// exec("/bin/rm {$snortdir}/rules/*"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); +/* Copy so_rules dir to snort lib dir */ +/* Disabed untill I find out why there is a segment failt coredump when using these rules on 2.8.5.3 */ +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1")) { + update_status(gettext("Copying so_rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.5.1/* /usr/local/lib/snort/dynamicrules/"); + exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/snort_bad-traffic.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/snort_chat.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/snort_dos.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/snort_exploit.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/snort_imap.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/snort_misc.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/snort_multimedia.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/snort_netbios.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/snort_nntp.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/snort_p2p.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/snort_smtp.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/snort_sql.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/web-activex.rules {$snortdir}/rules/snort_web-activex.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/snort_web-client.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/web-iis.rules {$snortdir}/rules/snort_web-iis.so.rules"); + exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/snort_web.misc.so.rules"); + exec("/bin/rm -r {$snortdir}/so_rules"); + update_status(gettext("Done copying so_rules.")); + }else{ + update_status(gettext("Directory so_rules does not exist...")); + update_output_window(gettext("Error copying so_rules...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } + } +} + +/* Copy renamed snort.org rules to snort dir */ +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) + { + if (file_exists("{$snortdir}/rules_bk/rules/Makefile.am")) + { + update_status(gettext("Copying renamed snort.org rules to snort directory...")); + exec("/bin/cp {$snortdir}/rules_bk/rules/* {$snortdir}/rules/"); + }else{ + update_status(gettext("The renamed snort.org rules do not exist...")); + update_output_window(gettext("Error copying config...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } + } +} + +/* Copy configs to snort dir */ +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) + { + if (file_exists("{$snortdir}/etc/Makefile.am")) { + update_status(gettext("Copying configs to snort directory...")); + exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); + exec("/bin/rm -r {$snortdir}/etc"); + }else{ + update_status(gettext("The snort config does not exist...")); + update_output_window(gettext("Error copying config...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; +echo "</body>"; +echo "</html>"; +conf_mount_ro(); + exit(0); + } + } +} + + +/* Copy md5 sig to snort dir */ +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) { + if (file_exists("{$tmpfname}/$snort_filename_md5")) { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); + }else{ + update_status(gettext("The md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } + } +} -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*"); -//} else { -// update_status(gettext("Making Snort Directory...")); -// update_output_window(gettext("should be fast...")); -// exec("/bin/mkdir -p {$snortdir}"); -// exec("/bin/mkdir -p {$snortdir}/rules"); -// exec("/bin/rm {$snortdir_wan}/*"); -// exec("/bin/rm {$snortdir_wan}/rules/*"); -// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*"); -// update_status(gettext("Done making snort direcory.")); -// } -//} +/* Copy emergingthreats md5 sig to snort dir */ +if ($emergingthreats == "on") +{ + if ($emerg_md5_check_ok != on) + { + if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) + { + update_status(gettext("Copying md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); + }else{ + update_status(gettext("The emergingthreats md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); + } + } +} -/* Copy so_rules dir to snort lib dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { - update_status(gettext("Copying so_rules...")); - update_output_window(gettext("May take a while...")); - exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`"); - exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules"); - exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules"); - exec("/bin/rm -r {$snortdir}/so_rules"); - update_status(gettext("Done copying so_rules.")); +/* Copy Pfsense md5 sig to snort dir */ +if ($pfsense_md5_check_ok != on) { +if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { + update_status(gettext("Copying Pfsense md5 sig to snort directory...")); + exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); } else { - update_status(gettext("Directory so_rules does not exist...")); - update_output_window(gettext("Error copying so_rules...")); - exit(0); + update_status(gettext("The Pfsense md5 file does not exist...")); + update_output_window(gettext("Error copying config...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; + echo "</body>"; + echo "</html>"; + conf_mount_ro(); + exit(0); } } + +/* Copy signatures dir to snort dir */ +if ($snortdownload != "off") +{ + if ($snort_md5_check_ok != on) + { + $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo']; + if ($premium_url_chk == on) + { + if (file_exists("{$snortdir}/doc/signatures")) { + update_status(gettext("Copying signatures...")); + update_output_window(gettext("May take a while...")); + exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); + exec("/bin/rm -r {$snortdir}/doc/signatures"); + update_status(gettext("Done copying signatures.")); + }else{ + update_status(gettext("Directory signatures exist...")); + update_output_window(gettext("Error copying signature...")); + echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; +echo "</body>"; +echo "</html>"; +conf_mount_ro(); + exit(0); + } + } + } +} + +/* double make shure cleanup emerg rules that dont belong */ +if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) { + apc_clear_cache(); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules"); + exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules"); +} + +if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); + exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); +} + +/* make shure default rules are in the right format */ +exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); +/* create a msg-map for snort */ +update_status(gettext("Updating Alert Messages...")); +update_output_window(gettext("Please Wait...")); +exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map"); + + +////////////////// + +/* open oinkmaster_conf for writing" function */ +function oinkmaster_conf($id, $if_real, $iface_uuid) +{ + + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); + /* enable disable setting will carry over with updates */ /* TODO carry signature changes with the updates */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { +if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) { -if (!empty($config['installedpackages']['snort']['rule_sid_on'])) { -$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on']; +if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) { +$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']; $enabled_sid_on_array = split('\|\|', $enabled_sid_on); foreach($enabled_sid_on_array as $enabled_item_on) $selected_sid_on_sections .= "$enabled_item_on\n"; } -if (!empty($config['installedpackages']['snort']['rule_sid_off'])) { -$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off']; +if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) { +$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']; $enabled_sid_off_array = split('\|\|', $enabled_sid_off); foreach($enabled_sid_off_array as $enabled_item_off) $selected_sid_off_sections .= "$enabled_item_off\n"; @@ -578,7 +1037,7 @@ path = /bin:/usr/bin:/usr/local/bin update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ -url = dir:///usr/local/etc/snort_bkup/rules +url = dir:///usr/local/etc/snort/rules $selected_sid_on_sections @@ -586,153 +1045,99 @@ $selected_sid_off_sections EOD; - /* open snort's threshold.conf for writing */ - $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w"); + /* open snort's oinkmaster.conf for writing */ + $oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w"); fwrite($oinkmasterlist, "$snort_sid_text"); - /* close snort's threshold.conf file */ + /* close snort's oinkmaster.conf file */ fclose($oinkmasterlist); + } } -/* Copy configs to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$snortdir}/etc/Makefile.am")) { - update_status(gettext("Copying configs to snort directory...")); - exec("/bin/cp {$snortdir}/etc/* {$snortdir}"); - exec("/bin/rm -r {$snortdir}/etc"); - -} else { - update_status(gettext("The snort config does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } -} +/* Run oinkmaster to snort_wan and cp configs */ +/* If oinkmaster is not needed cp rules normally */ +/* TODO add per interface settings here */ +function oinkmaster_run($id, $if_real, $iface_uuid) +{ -/* Copy md5 sig to snort dir */ -if ($snort_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$snort_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5"); -} else { - update_status(gettext("The md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } -} + global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok; + conf_mount_rw(); -/* Copy emergingthreats md5 sig to snort dir */ -if ($emergingthreats_url_chk == on) { -if ($emerg_md5_check_chk_ok != on) { -if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { - update_status(gettext("Copying md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5"); -} else { - update_status(gettext("The emergingthreats md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } - } -} + if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on) + { -/* Copy Pfsense md5 sig to snort dir */ -if ($pfsense_md5_check_ok != on) { -if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) { - update_status(gettext("Copying Pfsense md5 sig to snort directory...")); - exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5"); -} else { - update_status(gettext("The Pfsense md5 file does not exist...")); - update_output_window(gettext("Error copying config...")); - exit(0); - } -} - -/* Copy signatures dir to snort dir */ -if ($snort_md5_check_ok != on) { -$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo']; -if ($premium_url_chk == on) { -if (file_exists("{$snortdir}/doc/signatures")) { - update_status(gettext("Copying signatures...")); - update_output_window(gettext("May take a while...")); - exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures"); - exec("/bin/rm -r {$snortdir}/doc/signatures"); - update_status(gettext("Done copying signatures.")); -} else { - update_status(gettext("Directory signatures exist...")); - update_output_window(gettext("Error copying signature...")); - exit(0); - } - } -} + if ($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'] == '' && $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'] == '') + { + update_status(gettext("Your first set of rules are being copied...")); + update_output_window(gettext("May take a while...")); + exec("/bin/echo \"test {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + }else{ + update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); + update_output_window(gettext("May take a while...")); + exec("/bin/echo \"test2 {$snortdir} {$snortdir_wan} {$iface_uuid}_{$if_real}\" > /root/debug"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); -/* double make shure cleanup emerg rules that dont belong */ -if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) { - apc_clear_cache(); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules"); - exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules"); + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); + } + } } -if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) { - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so"); - exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*"); -} +/* Start the proccess for every interface rule */ +/* TODO: try to make the code smother */ -/* create a msg-map for snort */ -update_status(gettext("Updating Alert Messages...")); -update_output_window(gettext("Please Wait...")); -exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map"); +if (!empty($config['installedpackages']['snortglobal']['rule'])) +{ -/* Run oinkmaster to snort_wan and cp configs */ -/* If oinkmaster is not needed cp rules normally */ -/* TODO add per interface settings here */ -if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) { - if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { - update_status(gettext("Your first set of rules are being copied...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + /* make oinkmaster.conf for each interface rule */ + oinkmaster_conf($id, $if_real, $iface_uuid); + + /* run oinkmaster for each interface rule */ + oinkmaster_run($id, $if_real, $iface_uuid); -} else { - update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); - update_output_window(gettext("May take a while...")); - exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); - exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); - exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); - - /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ - /* might have to add a sleep for 3sec for flash drives or old drives */ - exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log"); - exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); - - } } +////////////// + +/* mark the time update finnished */ +$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); + /* remove old $tmpfname files */ -if (file_exists("{$tmpfname}")) { - update_status(gettext("Cleaning up...")); - exec("/bin/rm -r /root/snort_rules_up"); -// apc_clear_cache(); +if (file_exists("{$tmpfname}")) +{ + update_status(gettext("Cleaning up...")); + exec("/bin/rm -r /tmp/snort_rules_up"); + sleep(2); + exec("/bin/rm -r {$snortdir}/rules_bk/rules/"); + apc_clear_cache(); } /* php code to flush out cache some people are reportting missing files this might help */ @@ -740,9 +1145,18 @@ sleep(2); apc_clear_cache(); exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync"); +/* make all dirs snorts */ +exec("/usr/sbin/chown -R snort:snort /var/log/snort"); +exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); +exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); +exec("/bin/chmod -R 755 /var/log/snort"); +exec("/bin/chmod -R 755 /usr/local/etc/snort"); +exec("/bin/chmod -R 755 /usr/local/lib/snort"); + + /* if snort is running hardrestart, if snort is not running do nothing */ if (file_exists("/tmp/snort_download_halt.pid")) { - start_service("snort"); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); update_status(gettext("The Rules update finished...")); update_output_window(gettext("Snort has restarted with your new set of rules...")); exec("/bin/rm /tmp/snort_download_halt.pid"); @@ -751,6 +1165,13 @@ if (file_exists("/tmp/snort_download_halt.pid")) { update_output_window(gettext("You may start snort now...")); } +echo ' +<script type="text/javascript"> +<!-- + displaymessagestop(); +// --> +</script>'; + /* hide progress bar and lets end this party */ hide_progress_bar_status(); conf_mount_ro(); diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php index 0fad085b..98d9bcce 100644 --- a/config/snort/snort_dynamic_ip_reload.php +++ b/config/snort/snort_dynamic_ip_reload.php @@ -3,7 +3,7 @@ /* $Id$ */ /* snort_dynamic_ip_reload.php - Copyright (C) 2006 Scott Ullrich and Robert Zeleya + Copyright (C) 2009 Robert Zeleya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -31,19 +31,20 @@ /* NOTE: this file gets included from the pfSense filter.inc plugin process */ /* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */ -require_once("/usr/local/pkg/snort.inc"); -require_once("service-utils.inc"); -require_once("config.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +/* get the varibles from the command line */ +/* Note: snort.sh sould only be using this */ +//$id = $_SERVER["argv"][1]; +//$if_real = $_SERVER["argv"][2]; -if($config['interfaces']['wan']['ipaddr'] == "pppoe" or - $config['interfaces']['wan']['ipaddr'] == "dhcp") { - create_snort_conf(); - exec("killall -HUP snort"); - /* define snortbarnyardlog_chk */ - $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog']; - if ($snortbarnyardlog_info_chk == on) - exec("killall -HUP barnyard2"); -} +//$test_iface = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + +//if ($id == "" || $if_real == "" || $test_iface == "") { +// exec("/usr/bin/logger -p daemon.info -i -t SnortDynIP \"ERORR starting snort_dynamic_ip_reload.php\""); +// exit; +// } + +sync_snort_package_empty(); ?>
\ No newline at end of file diff --git a/config/snort/snort_fbegin.inc b/config/snort/snort_fbegin.inc new file mode 100644 index 00000000..b8faff09 --- /dev/null +++ b/config/snort/snort_fbegin.inc @@ -0,0 +1,288 @@ +<?php + +require_once("globals.inc"); +require_once("notices.inc"); +/* $Id$ */ + function return_ext_menu($section) { + global $config; + $htmltext = ""; + if($config['installedpackages']['menu'] <> "") { + foreach($config['installedpackages']['menu'] as $menuitem) { + if($menuitem['section'] != $section) continue; + if($menuitem['url'] <> "") { + $addresswithport = getenv("HTTP_HOST"); + $colonpos = strpos($addresswithport, ":"); + if ($colonpos !== False){ + //my url is actually just the IP address of the pfsense box + $myurl = substr($addresswithport, 0, $colonpos); + } + else + { + $myurl = $addresswithport; + } + + $description = str_replace('$myurl', $myurl, $menuitem['url']); + } else { + $description = '/pkg.php?xml=' . $menuitem['configfile']; + } + $htmltext .= '<li><a href="' . $description . ' "class="navlnk">' . $menuitem['name'] . '</a></li>' . "\n"; + } + } + return $htmltext; + } + + + + + /* NOTICE ACKNOWLEDGE CODE by Erik Kristensen */ + if ($_REQUEST['noticeaction'] == 'acknowledge') { + $notice_id = $_REQUEST['noticeid']; + close_notice($notice_id); + } + /**********************************************/ +?> + +<div id="wrapper"> + + <div id="header"> + <div id="header-left"><a href="../index.php" id="status-link"><img src="/themes/<?= $g['theme']; ?>/images/transparent.gif" border="0"></img></a></div> + <div id="header-right"> + <div class="container"> + <div class="left">webConfigurator</div> + <div class="right"> +<? + if (are_notices_pending()) { + $notices = get_notices(); + + $requests=array(); + + ## Get Query Arguments from URL ### + foreach ($_REQUEST as $key => $value) { + if ($key != "PHPSESSID") + $requests[] = $key.'='.$value; + } + if(is_array($requests)) + $request_string = implode("&", $requests); + + if(is_array($notices)) { + foreach ($notices as $key => $value) { + $date = date("m-d-y H:i:s", $key); + $noticemsg = str_replace("'", "", $value['notice']); + $noticemsg = str_replace('"', "", $noticemsg); + $noticemsg = str_replace("\n", "", $noticemsg); + $noticemsg = str_replace("<p>", "", $noticemsg); + $noticemsg = str_replace("<pre>", "", $noticemsg); + $noticemsg = str_replace("</pre>", "", $noticemsg); + $noticemsg = str_replace("</p>", "", $noticemsg); + $noticemsg = str_replace("<br>", "", $noticemsg); + $extra_args = ""; + if($_GET['xml']) + $extraargs="&xml=" . $_GET['xml']; + if($_POST['xml']) + $extraargs="&xml=" . $_POST['xml']; + if($_GET['id']) + $extraargs="&xml=" . $_GET['id']; + if($_POST['id']) + $extraargs="&xml=" . $_POST['id']; + $notice_msgs = '<a href="?noticeaction=acknowledge¬iceid=all' . $extraargs . '">Acknowledge All</a> .:. '; + if ($value['url']) { + $notice_msgs .= $date.' - <a href="'.$url.'?'.$request_string.'¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; + } else { + $notice_msgs .= $date.' - <a href="?'.$request_string.'¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>'; + } + $notice_msgs .= " .:. "; + } + } +?> + <div id="alerts"> + <script type="text/javascript"> + var content='<div id="marquee-text"><?= $notice_msgs; ?></div>' + </script> + <script type="text/javascript" src="/ticker.js"></script> + </div> +<? + } else { +?> + <div id="hostname"> + <? print $config['system']['hostname'] . "." . $config['system']['domain']; ?> + </div> +<? + } +?> + </div> + </div> + </div> + </div> <!-- Header DIV --> + <div id="content"> + <div id="left"> + <div id="navigation" style="z-index:1000"> + <ul id="menu"> + <li class="firstdrop"> + <div>System</div> + <ul class="subdrop"> + <li><a href="/system_advanced.php" class="navlnk">Advanced</a></li> + <li><a href="/system_firmware.php" class="navlnk">Firmware</a></li> + <li><a href="/system.php" class="navlnk">General Setup</a></li> + <?php if($g['platform'] == "pfSense" or $g['platform'] == "nanobsd"): ?> + <li><a href="/pkg_mgr.php" class="navlnk">Packages</a></li> + <?php endif; ?> + <li><a href="/wizard.php?xml=setup_wizard.xml" class="navlnk">Setup wizard</a></li> + <li><a href="/system_routes.php" class="navlnk">Static routes</a></li> + </ul> + </li> + <li class="drop"> + <div>Interfaces</div> + <ul class="subdrop"> + <?php if (!isset($config['system']['webgui']['noassigninterfaces'])): ?><li><a href="/interfaces_assign.php" class="navlnks">(assign)</a></li><?php endif; ?> + <li><a href="/interfaces_wan.php" class="navlnk">WAN</a></li> + <li><a href="/interfaces_lan.php" class="navlnk">LAN</a></li> + <?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): if (!isset($config['interfaces']['opt' . $i]['ovpn'])): ?> + <li><a href="/interfaces_opt.php?index=<?=$i;?>" class="navlnk"><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?></a></li> + <?php endif; endfor; ?> + <?php echo return_ext_menu("Interfaces"); ?> + </ul> + </li> +<?php + if($config['system']['shapertype'] <> "m0n0") + $shaper = "firewall_shaper.php"; + else + $shaper = "m0n0/firewall_shaper.php"; +?> + <li class="drop"> + <div>Firewall</div> + <ul class="subdrop"> + <li><a href="/firewall_aliases.php" class="navlnk">Aliases</a></li> + <li><a href="/firewall_nat.php" class="navlnk">NAT</a></li> + <li><a href="/firewall_rules.php" class="navlnk">Rules</a></li> + <li><a href="/firewall_schedule.php" class="navlnk">Schedules</a></li> + <li><a href="<?=$shaper?>" class="navlnk">Traffic Shaper</a></li> + <li><a href="/firewall_virtual_ip.php" class="navlnk">Virtual IPs</a></li> + <?php echo return_ext_menu("Firewall"); ?> + </ul> + </li> + <li class="drop"> + <div>Services</div> + <ul class="subdrop"> + <li><a href="/services_captiveportal.php" class="navlnk">Captive portal</a></li> + <li><a href="/services_dnsmasq.php" class="navlnk">DNS forwarder</a></li> + <li><a href="/services_dhcp_relay.php" class="navlnk">DHCP relay</a></li> + <li><a href="/services_dhcp.php" class="navlnk">DHCP server</a></li> + <li><a href="/services_dyndns.php" class="navlnk">Dynamic DNS</a></li> + <li><a href="/load_balancer_pool.php" class="navlnk">Load Balancer</a></li> + <li><a href="/pkg_edit.php?xml=olsrd.xml&id=0" class="navlnk">OLSR</a></li> + <li><a href="/vpn_pppoe.php" class="navlnk">PPPoE Server</a></li> + <li><a href="/pkg_edit.php?xml=routed/routed.xml&id=0" class="navlnk">RIP</a></li> + <li><a href="/services_snmp.php" class="navlnk">SNMP</a></li> + <li><a href="/pkg_edit.php?xml=miniupnpd.xml&id=0" class="navlnk">UPnP</a></li> + <li><a href="/pkg_edit.php?xml=openntpd.xml&id=0" class="navlnk">OpenNTPD</a></li> + <li><a href="/services_wol.php" class="navlnk">Wake on LAN</a></li> + <?php echo return_ext_menu("Services"); ?> + </ul> + </li> + <li class="drop"> + <div>VPN</div> + <ul class="subdrop"> + <li><a href="/vpn_ipsec.php" class="navlnk">IPsec</a></li> + <li><a href="/pkg.php?xml=openvpn.xml" class="navlnk">OpenVPN</a></li> + <li><a href="/vpn_pptp.php" class="navlnk">PPTP</a></li> + <?php echo return_ext_menu("VPN"); ?> + </ul> + </li> + <li class="drop"> + <div>Status</div> + <ul class="subdrop"> + <?php if (isset($config['captiveportal']['enable'])): ?> + <li><a href="/status_captiveportal.php" class="navlnk">Captive portal</a></li> + <?php endif; ?> + <li><a href="/carp_status.php" class="navlnk">CARP (failover)</a></li> + <li><a href="/diag_dhcp_leases.php" class="navlnk">DHCP leases</a></li> + <li><a href="/status_filter_reload.php" class="navlnk">Filter Reload Status</a></li> + <li><a href="/status_interfaces.php" class="navlnk">Interfaces</a></li> + <li><a href="/diag_ipsec.php" class="navlnk">IPsec</a></li> + <li><a href="/status_slbd_pool.php" class="navlnk">Load Balancer</a></li> + <?php if($g['platform'] == "pfSense"): ?> + <li><a href="/diag_pkglogs.php" class="navlnk">Package logs</a></li> + <?php endif; ?> + <li><a href="/status_queues.php" class="navlnk">Queues</a></li> + <li><a href="/status_rrd_graph.php" class="navlnk">RRD Graphs</a></li> + <li><a href="/status_services.php" class="navlnk">Services</a></li> + <li><a href="/index.php" class="navlnk">System</a></li> + <li><a href="/diag_logs.php" class="navlnk">System logs</a></li> + <li><a href="/status_graph.php?if=wan" class="navlnk">Traffic graph</a></li> + <li><a href="/status_upnp.php" class="navlnk">UPnP</a></li> + <?php $i = 0; $ifdescrs = array(); + if (is_array($config['interfaces']['wan']['wireless']) && + preg_match($g['wireless_regex'], $config['interfaces']['wan']['if'])) + $ifdescrs['wan'] = 'WAN'; + if (is_array($config['interfaces']['lan']['wireless']) && + preg_match($g['wireless_regex'], $config['interfaces']['lan']['if'])) + $ifdescrs['lan'] = 'LAN'; + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + if (is_array($config['interfaces']['opt' . $j]['wireless']) && + isset($config['interfaces']['opt' . $j]['enable']) && + preg_match($g['wireless_regex'], $config['interfaces']['opt' . $j]['if'])) + $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; + } + if (count($ifdescrs) > 0): ?> + <li><a href="/status_wireless.php" class="navlnk">Wireless</a></li> + <?php endif; ?> + <?php echo return_ext_menu("Status"); ?> + </ul> + </li> + <li class="lastdrop"> + <div>Diagnostics</div> + <ul id="diag" class="subdrop"> + <li><a href="/diag_arp.php" class="navlnk">ARP Tables</a></li> + <li><a href="/diag_backup.php" class="navlnk">Backup/Restore</a></li> + <li><a href="/exec.php" class="navlnk">Command Prompt</a></li> + <li><a href="/edit.php" class="navlnk">Edit File</a></li> + <li><a href="/diag_defaults.php" class="navlnk">Factory defaults </a></li> + <li><a href="/halt.php" class="navlnk">Halt system</a></li> +<?php if($g['platform']=="nanobsd"): ?> + <li><a href="/diag_nanobsd.php" class="navlnk">NanoBSD</a></li> +<?php endif; ?> + <li><a href="/diag_ping.php" class="navlnk">Ping</a></li> + <li><a href="/reboot.php" class="navlnk">Reboot system</a></li> + <li><a href="/diag_routes.php" class="navlnk">Routes</a></li> + <li><a href="/diag_dump_states.php" class="navlnk">States</a></li> + <li><a href="/diag_traceroute.php" class="navlnk">Traceroute</a></li> + <li><a href="/diag_packet_capture.php" class="navlnk">Packet Capture</a></li> + <?php echo return_ext_menu("Diagnostics"); ?> + <?php if(isset($config['system']['developer'])): ?> + <li><hr width="80%"/></li> + <li><a href="/restart_httpd.php" class="navlnk">Restart HTTPD</a></li> + <?php endif; ?> + </ul> + </li> + </ul> + </div> + + </div> <!-- Left DIV --> + + <div id="right"> + + +<?php + /* display a top alert bar if need be */ + $need_alert_display = false; + $found_notices = are_notices_pending(); + if($found_notices == true) { + $notices = get_notices(); + if(!$notices) { + $need_alert_display = true; + $display_text = print_notices() . "<br>"; + } + } + if($need_alert_display == true) { + echo "<div style=\"background-color:#000000\" id=\"roundalert\">"; + echo "<table>"; + echo "<tr><td><font color=\"#ffffff\">"; + echo " <img align=\"middle\" src=\"/top_notification.gif\"> "; + echo $display_text; + echo "</td>"; + echo "</tr>"; + echo "</table>"; + echo "</div>"; + } + +?>
\ No newline at end of file diff --git a/config/snort/snort_gui.inc b/config/snort/snort_gui.inc new file mode 100644 index 00000000..95a0e597 --- /dev/null +++ b/config/snort/snort_gui.inc @@ -0,0 +1,66 @@ +<?php +/* $Id$ */ +/* + snort.inc + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2006 Robert Zelaya + part of pfSense + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +include_once("/usr/local/pkg/snort/snort.inc"); + +function print_info_box_np2($msg) { + global $config, $g; + + echo "<table height=\"32\" width=\"100%\">\n"; + echo " <tr>\n"; + echo " <td>\n"; + echo " <div style='background-color:#990000' id='redbox'>\n"; + echo " <table width='100%'><tr><td width='8%'>\n"; + echo " <img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n"; + echo " </td>\n"; + echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n"; + echo " </td>"; + if(stristr($msg, "apply") == true) { + echo " <td>"; + echo " <input name=\"apply\" type=\"submit\" class=\"formbtn\" id=\"apply\" value=\"Apply changes\">\n"; + echo " </td>"; + } + echo " </tr></table>\n"; + echo " </div>\n"; + echo " </td>\n"; + echo "</table>\n"; + echo "<script type=\"text/javascript\">\n"; + echo "NiftyCheck();\n"; + echo "Rounded(\"div#redbox\",\"all\",\"#FFF\",\"#990000\",\"smooth\");\n"; + echo "Rounded(\"td#blackbox\",\"all\",\"#FFF\",\"#000000\",\"smooth\");\n"; + echo "</script>\n"; + echo "\n<br>\n"; + + +} + + +?> diff --git a/config/snort/snort_help_info.php b/config/snort/snort_help_info.php new file mode 100644 index 00000000..5355ec77 --- /dev/null +++ b/config/snort/snort_help_info.php @@ -0,0 +1,191 @@ +<?php +/* $Id$ */ +/* + halt.php + part of pfSense + Copyright (C) 2004 Scott Ullrich + All rights reserved. + + part of m0n0wall as reboot.php (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +header("snort_help_info.php"); +header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); +header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); +header( "Cache-Control: no-cache, must-revalidate" ); +header( "Pragma: no-cache" ); + +$pgtitle = "Snort: Services: Help and Info"; +include('head.inc'); +?> +<style type="text/css"> +iframe +{ + border: 0; +} + +#footer2 +{ + +top: 135px; +position: relative; +background-color: #FFFFFF; +background-image: url("./images/footer.jpg"); +background-repeat: no-repeat; +background-attachment: scroll; +background-position: 0px 0px; +bottom: 0px; +width: 780px; +height: 63px; +color: #000000; +text-align: center; +font-size: 0.8em; +padding-top:64px; +padding-left: 0px; +clear: both; + +} + +</style> +<body> +<?php include("./snort_fbegin.inc"); ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", true, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> + </td> +</tr> +</table> + +<?php +/* TODO: remove when 2.0 stable */ +if ($pfsense_stable == 'yes') { + +$footer2 = " + +<style type=\"text/css\"> + +#footer2 +{ + position: relative; + top: 27px; + background-color: #cccccc; + background-image: none; + background-repeat: repeat; + background-attachment: scroll; + background-position: 0% 0%; + width: 810px; + right: 15px; + font-size: 0.8em; + text-align: center; + padding-top: 0px; + padding-right: 0px; + padding-bottom: 0px; + padding-left: 0px; + clear: both; +} + +</style> + + <div id=\"footer2\"> + <IMG SRC=\"./images/footer2.jpg\" width=\"800px\" height=\"35\" ALT=\"Apps\"> + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com + </div>\n"; +} + +if ($pfsense_stable != 'yes') { +$footer3 = " + +<style type=\"text/css\"> + +#footer3 +{ + +top: 105px; +position: relative; +background-color: #FFFFFF; +background-image: url(\"./images/footer2.jpg\"); +background-repeat: no-repeat; +background-attachment: scroll; +background-position: 0px 0px; +bottom: 0px; +width: 770px; +height: 35px; +color: #000000; +text-align: center; +font-size: 0.8em; +padding-top: 35px; +padding-left: 0px; +clear: both; + +} + +</style> + + <div id=\"footer3\"> + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com + </div>\n"; +} +?> + + +<div> + <iframe style="width: 780px; height: 600px; overflow-x: hidden;" src='/snort/help_and_info.php'></iframe> +</div> + +<?php echo $footer2;?> + +</div> +</div> + +<?php //echo $footer3;?> + + <div id="footer"> + <a target="_blank" href="http://www.pfsense.org/?gui12" class="redlnk">pfSense</a> is © + 2004 - 2009 by <a href="http://www.bsdperimeter.com" class="tblnk">BSD Perimeter LLC</a>. All Rights Reserved. + <a href="/license.php" class="tblnk">view license</a>] + <br/> + + <a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a> + </div> <!-- Footer DIV --> +</body> +</html> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php new file mode 100644 index 00000000..cb51df44 --- /dev/null +++ b/config/snort/snort_interfaces.php @@ -0,0 +1,584 @@ +<?php +/* $Id$ */ +/* + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); + +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +if (isset($config['installedpackages']['snortglobal']['rule'])) { +$id_gen = count($config['installedpackages']['snortglobal']['rule']); +}else{ +$id_gen = '0'; +} + + +/* alert file */ +$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if ($d_snortconfdirty_path_ls != '') { + + write_config(); + + sync_snort_package_empty(); + sync_snort_package(); + + exec('/bin/rm /var/run/snort_conf_*.dirty'); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + exit; + + } + + } + + + +if (isset($_POST['del_x'])) { + /* delete selected rules */ + if (is_array($_POST['rule']) && count($_POST['rule'])) { + foreach ($_POST['rule'] as $rulei) { + + /* convert fake interfaces to real */ + $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']); + $snort_uuid = $a_nat[$rulei]['uuid']; + + /* cool code to check if any snort is up */ + $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); + + if ($snort_up_ck != "") + { + + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}_{$if_real}\" | awk '{print \$1;}'"); + $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + + $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); + $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + + + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + + /* dont flood the syslog code */ + //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); + //sleep(3); + + + /* remove only running instances */ + if ($start_up_s != "") + { + exec("/bin/kill {$start_up_s}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_s != "") + { + exec("/bin/kill {$start2_upb_s}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_r != "") + { + exec("/bin/kill {$start2_upb_r}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + /* stop syslog flood code */ + //$if_real_wan_rulei = $a_nat[$rulei]['interface']; + //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name($if_real_wan_rulei); + //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); + //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); + //exec("/usr/bin/killall syslogd"); + //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); + //sleep(2); + //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); + //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); + + } + + } + + /* for every iface do these steps */ + conf_mount_rw(); + exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); + exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + + conf_mount_ro(); + + unset($a_nat[$rulei]); + + } + + write_config(); + + //touch("/var/run/snort_conf_delete.dirty"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + //exit; + } + +} + + +/* start/stop snort */ +if ($_GET['act'] == 'toggle' && $_GET['id'] != '') +{ + + $if_real = convert_friendly_interface_to_real_interface_name($config['installedpackages']['snortglobal']['rule'][$id]['interface']); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); + + $tester2 = Running_Ck($snort_uuid, $if_real, $id); + + if ($tester2 == 'yes') { + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); + + Running_Stop($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + }else{ + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + } +} + + + +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.19"; +include("head.inc"); + +?> +<body link="#000000" vlink="#000000" alink="#000000"> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<style type="text/css"> + +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 50% 50px; +} +.listbg2 { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #090; + color: #000; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listbg3 { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #777777; + color: #000; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} + +</style> + + + +<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> +<form action="/snort/snort_interfaces.php" method="post" name="iform"> + +<?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if ($d_snortconfdirty_path_ls != '') { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed for one or more interfaces.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", true, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="5%" class="list"> </td> + <td width="1%" class="list"> </td> + <td width="10%" class="listhdrr">If</td> + <td width="10%" class="listhdrr">Snort</td> + <td width="10%" class="listhdrr">Performance</td> + <td width="10%" class="listhdrr">Block</td> + <td width="10%" class="listhdrr">Barnyard2</td> + <td width="50%" class="listhdr">Description</td> + <td width="3%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> + <tr valign="top" id="fr<?=$nnats;?>"> + <?php + + /* convert fake interfaces to real and check if iface is up */ + /* There has to be a smarter way to do this */ + $if_real = convert_friendly_interface_to_real_interface_name($natent['interface']); + $snort_uuid = $natent['uuid']; + + $tester2 = Running_Ck($snort_uuid, $if_real, $id); + + if ($tester2 == 'no') + { + $iconfn = 'pass'; + $class_color_up = 'listbg'; + }else{ + $class_color_up = 'listbg2'; + $iconfn = 'block'; + } + + ?> + <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> + <td class="listt" align="center"></td> + <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + if (!$natent['interface'] || ($natent['interface'] == "wan")) + echo "WAN"; + else if(strtolower($natent['interface']) == "lan") + echo "LAN"; + else if(strtolower($natent['interface']) == "pppoe") + echo "PPPoE"; + else if(strtolower($natent['interface']) == "pptp") + echo "PPTP"; + else + echo strtoupper($natent['interface']); + ?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable']; + if ($check_snort_info == "on") + { + $check_snort = enabled; + } else { + $check_snort = disabled; + } + ?> + <?=strtoupper($check_snort);?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_performance_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['performance']; + if ($check_performance_info != "") { + $check_performance = $check_performance_info; + }else{ + $check_performance = "lowmem"; + } + ?> + <?=strtoupper($check_performance);?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_blockoffenders_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['blockoffenders7']; + if ($check_blockoffenders_info == "on") + { + $check_blockoffenders = enabled; + } else { + $check_blockoffenders = disabled; + } + ?> + <?=strtoupper($check_blockoffenders);?> + </td> + <?php + + $color2_upb = Running_Ck_b($snort_uuid, $if_real, $id); + + if ($color2_upb == 'yes') { + $class_color_upb = 'listbg2'; + }else{ + $class_color_upb = 'listbg'; + } + + ?> + <td class="<?=$class_color_upb;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <?php + $check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable']; + if ($check_snortbarnyardlog_info == "on") + { + $check_snortbarnyardlog = strtoupper(enabled); + }else{ + $check_snortbarnyardlog = strtoupper(disabled); + } + ?> + <?php echo "$check_snortbarnyardlog";?> + </td> + <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> + <font color="#ffffff"> + <?=htmlspecialchars($natent['descr']);?> + </td> + <td valign="middle" class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td> + </tr> + </table> + </tr> + <?php $i++; $nnats++; endforeach; ?> + <tr> + <td class="list" colspan="8"></td> + <td class="list" valign="middle" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><?php if ($nnats == 0): ?><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected Snort Rule?')"><?php endif; ?></td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> + +<br> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings. + <br> + Please edit the <strong>Global Settings</strong> tab before adding an interface. + <br><br> + <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard. + <br> + <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard. + <br> + <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings. +</td> + </table> + +<?php +if ($pkg['tabs'] <> "") { + echo "</td></tr></table>"; +} +?> + +</form> + +<?php +/* TODO: remove when 2.0 stable */ +if ($pfsense_stable == 'yes') { + +$footer2 = " + +<style type=\"text/css\"> + +#footer2 +{ + position: relative; + top: -17px; + background-color: #cccccc; + background-image: none; + background-repeat: repeat; + background-attachment: scroll; + background-position: 0% 0%; + font-size: 0.8em; + text-align: center; + padding-top: 0px; + padding-right: 0px; + padding-bottom: 0px; + padding-left: 10px; + clear: both; +} + +</style> + + <div id=\"footer2\"> + <IMG SRC=\"./images/footer2.jpg\" width=\"780px\" height=\"35\" ALT=\"Apps\"> + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com + </div>\n"; +} + +if ($pfsense_stable != 'yes') { +$footer3 = " + +<style type=\"text/css\"> + +#footer2 +{ + +top: 105px; +position: relative; +background-color: #FFFFFF; +background-image: url(\"./images/footer2.jpg\"); +background-repeat: no-repeat; +background-attachment: scroll; +background-position: 0px 0px; +bottom: 0px; +width: 770px; +height: 35px; +color: #000000; +text-align: center; +font-size: 0.8em; +padding-top: 35px; +padding-left: 0px; +clear: both; + +} + +</style> + + <div id=\"footer2\"> + Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com + </div>\n"; +} +?> + +<?php echo $footer3;?> + +</div> <!-- Right DIV --> +</div> <!-- Content DIV --> + +<?php echo $footer2;?> + + <div id="footer"> + <a target="_blank" href="http://www.pfsense.org/?gui12" class="redlnk">pfSense</a> is © + 2004 - 2009 by <a href="http://www.bsdperimeter.com" class="tblnk">BSD Perimeter LLC</a>. All Rights Reserved. + [<a href="/license.php" class="tblnk">view license</a>] + <br/> + [<a target="_blank" href="https://portal.pfsense.org/?guilead=true" class="tblnk">Commercial Support Available</a>] + </div> <!-- Footer DIV --> + +</div> <!-- Wrapper Div --> +<script type="text/javascript" src="/themes/nervecenter/bottom-loader.js"></script> +</body> +</html> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php new file mode 100644 index 00000000..dddca3af --- /dev/null +++ b/config/snort/snort_interfaces_edit.php @@ -0,0 +1,609 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + + +/* always have a limit of (65535) numbers only or snort will not start do to id limits */ +/* TODO: When inline gets added make the uuid the port number lisstening */ +//function gen_snort_uuid($fileline) +//{ + /* return the first 5 */ + //if (preg_match("/...../", $fileline, $matches1)) + //{ + //$uuid_final = "$matches1[0]"; + //} +//return $uuid_final; +//} + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$snort_uuid = 0; +while ($snort_uuid > 65535 || $snort_uuid == 0) { + $snort_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $snort_uuid; + } +} + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); + +if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; +} + +if (isset($id) && $a_nat[$id]) { + + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['uuid'] = $a_nat[$id]['uuid']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + + + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; +} else { + $pconfig['interface'] = "wan"; +} + +if (isset($_GET['dup'])) + unset($id); + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + + write_config(); + + $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); + + } + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + +if ($_POST["Submit"]) { + + + + // if ($config['installedpackages']['snortglobal']['rule']) { + if ($_POST['descr'] == '' && $pconfig['descr'] == '') { + $input_errors[] = "Please enter a description for your reference."; + } + + if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id_c = -1; + foreach ($rule_array as $value) { + + $id_c += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + + if ($_POST['interface'] == $result_lan) { + $input_errors[] = "Interface $result_lan is in use. Please select another interface."; + } + } + } + + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + } + + /* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + + /* write to conf for 1st time or rewrite the answer */ + $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; + /* if post write to conf or rewite the answer */ + $natent['enable'] = $_POST['enable'] ? on : off; + $natent['uuid'] = $pconfig['uuid']; + $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; + $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; + /* if post = on use on off or rewrite the conf */ + if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + /* if optiion = 0 then the old descr way will not work */ + + /* rewrite the options that are not in post */ + /* make shure values are set befor repost or conf.xml will be broken */ + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + touch("$d_snortconfdirty_path"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + + exit; + } +} + + if ($_POST["Submit2"]) { + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + sleep(1); + + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + } + + if ($_POST["Submit3"]) + { + + Running_Stop($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + + } + + /* This code needs to be below headers */ + if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) + { + + $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); + + if ($snort_up_ck2_info == 'no') { + $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; + }else{ + $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; + } + + }else{ + $snort_up_ck = ''; + } + + +$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("./snort_fbegin.inc"); +?> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript> +<script language="JavaScript"> +<!-- + +function enable_change(enable_change) { + endis = !(document.iform.enable.checked || enable_change); + // make shure a default answer is called if this is envoked. + endis2 = (document.iform.enable); + +<?php +/* make shure all the settings exist or function hide will not work */ +/* if $id is emty allow if and discr to be open */ +if($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') +{ +echo " + document.iform.interface.disabled = endis2; + document.iform.descr.disabled = endis;\n"; +} +?> + document.iform.performance.disabled = endis; + document.iform.blockoffenders7.disabled = endis; + document.iform.alertsystemlog.disabled = endis; + document.iform.tcpdumplog.disabled = endis; + document.iform.snortunifiedlog.disabled = endis; +} +//--> +</script> +<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if ($a_nat[$id]['interface'] != '') { + /* get the interface name */ + $first = 0; + $snortInterfaces = array(); /* -gtm */ + + $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_array = split(',', $if_list); + //print_r($if_array); + if($if_array) { + foreach($if_array as $iface2) { + $if2 = convert_friendly_interface_to_real_interface_name($iface2); + + if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { + $if2 = "ng0"; + } + + /* build a list of user specified interfaces -gtm */ + if($if2){ + array_push($snortInterfaces, $if2); + $first = 1; + } + } + + if (count($snortInterfaces) < 1) { + log_error("Snort will not start. You must select an interface for it to listen on."); + return; + } + } + +} + $tab_array = array(); + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + } + $tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}"); + /* hide user tabs when no settings have be saved */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + //$tab_array[] = array("upload", false, "/snort/snort_conf_upload.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + } + } + display_top_tabs($tab_array); + +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['enable'] == "on") + $checked = checked; + + $onclick_enable = "onClick=\"enable_change(false)\">"; + + echo " + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable + <strong>Enable Interface</strong></td>\n\n"; + ?> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Memory Performance</td> + <td width="78%" class="vtable"> + <select name="performance" class="formfld" id="performance"> + <?php + $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br> + </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Block offenders</td> + <td width="78%" class="vtable"> + <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Checking this option will automatically block hosts that generate a Snort alert.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> + <td width="78%" class="vtable"> + <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will send Alerts to the Pfsense system logs.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> + <td width="78%" class="vtable"> + <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td> + <td width="78%" class="vtable"> + <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_interfaces_edit_bkup.php b/config/snort/snort_interfaces_edit_bkup.php new file mode 100644 index 00000000..92bc7c5a --- /dev/null +++ b/config/snort/snort_interfaces_edit_bkup.php @@ -0,0 +1,609 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +$a_nat = $config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +/* always have a limit of (65535) numbers only or snort will not start do to id limits */ +/* TODO: When inline gets added make the uuid the port number lisstening */ +//function gen_snort_uuid($fileline) +//{ + /* return the first 5 */ + //if (preg_match("/...../", $fileline, $matches1)) + //{ + //$uuid_final = "$matches1[0]"; + //} +//return $uuid_final; +//} + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$snort_uuid = 0; +while ($snort_uuid > 65535 || $snort_uuid == 0) { + $snort_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $snort_uuid; + } +} + +if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; +} + + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); + + +if (isset($id) && $a_nat[$id]) { + + /* old options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['uuid'] = $a_nat[$id]['uuid']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + + + if (!$pconfig['interface']) { + $pconfig['interface'] = "wan"; + } else { + $pconfig['interface'] = "wan"; + } +} + +if (isset($_GET['dup'])) + unset($id); + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + + write_config(); + + sync_snort_package_empty(); + sync_snort_package(); + + unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); + + } + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + +if ($_POST["Submit"]) { + + + + // if ($config['installedpackages']['snortglobal']['rule']) { + if ($_POST['descr'] == '' && $pconfig['descr'] == '') { + $input_errors[] = "Please enter a description for your reference."; + } + + if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id_c = -1; + foreach ($rule_array as $value) { + + $id_c += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + + if ($_POST['interface'] == $result_lan) { + $input_errors[] = "Interface $result_lan is in use. Please select another interface."; + } + } + } + + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + } + + /* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + + /* write to conf for 1st time or rewrite the answer */ + $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; + /* if post write to conf or rewite the answer */ + $natent['enable'] = $_POST['enable'] ? on : off; + $natent['uuid'] = $pconfig['uuid']; + $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; + $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; + /* if post = on use on off or rewrite the conf */ + if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + /* if optiion = 0 then the old descr way will not work */ + + /* rewrite the options that are not in post */ + /* make shure values are set befor repost or conf.xml will be broken */ + if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; } + if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; } + if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; } + if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; } + if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; } + if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; } + if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; } + if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; } + if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; } + if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + touch("$d_snortconfdirty_path"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + + //exit; + } +} + + if ($_POST["Submit2"]) { + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + sleep(1); + + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + } + + if ($_POST["Submit3"]) + { + + Running_Stop($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_edit.php?id=$id"); + + } + + /* This code needs to be below headers */ + if (isset($config['installedpackages']['snortglobal']['rule'][$id]['interface'])) + { + + $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); + + if ($snort_up_ck2_info == 'no') { + $snort_up_ck = '<input name="Submit2" type="submit" class="formbtn" value="Start" onClick="enable_change(true)">'; + }else{ + $snort_up_ck = '<input name="Submit3" type="submit" class="formbtn" value="Stop" onClick="enable_change(true)">'; + } + + }else{ + $snort_up_ck = ''; + } + + +$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("./snort_fbegin.inc"); +?> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</strong></div></noscript> +<script language="JavaScript"> +<!-- + +function enable_change(enable_change) { + endis = !(document.iform.enable.checked || enable_change); + // make shure a default answer is called if this is envoked. + endis2 = (document.iform.enable); + +<?php +/* make shure all the settings exist or function hide will not work */ +/* if $id is emty allow if and discr to be open */ +if($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') +{ +echo " + document.iform.interface.disabled = endis2; + document.iform.descr.disabled = endis;\n"; +} +?> + document.iform.performance.disabled = endis; + document.iform.blockoffenders7.disabled = endis; + document.iform.alertsystemlog.disabled = endis; + document.iform.tcpdumplog.disabled = endis; + document.iform.snortunifiedlog.disabled = endis; +} +//--> +</script> +<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + //if (file_exists($d_snortconfdirty_path)) { + if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if ($a_nat[$id]['interface'] != '') { + /* get the interface name */ + $first = 0; + $snortInterfaces = array(); /* -gtm */ + + $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_array = split(',', $if_list); + //print_r($if_array); + if($if_array) { + foreach($if_array as $iface2) { + $if2 = convert_friendly_interface_to_real_interface_name2($iface2); + + if($config['interfaces'][$iface2]['ipaddr'] == "pppoe") { + $if2 = "ng0"; + } + + /* build a list of user specified interfaces -gtm */ + if($if2){ + array_push($snortInterfaces, $if2); + $first = 1; + } + } + + if (count($snortInterfaces) < 1) { + log_error("Snort will not start. You must select an interface for it to listen on."); + return; + } + } + +} + $tab_array = array(); + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + } + $tab_array[] = array("If Settings", true, "/snort/snort_interfaces_edit.php?id={$id}"); + /* hide user tabs when no settings have be saved */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') { + if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { + //$tab_array[] = array("upload", false, "/snort/snort_conf_upload.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + } + } + display_top_tabs($tab_array); + +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <?php + // <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)"> + // care with spaces + if ($pconfig['enable'] == "on") + $checked = checked; + + $onclick_enable = "onClick=\"enable_change(false)\">"; + + echo " + <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked $onclick_enable + <strong>Enable Interface</strong></td>\n\n"; + ?> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="78%" class="vtable"> + <select name="interface" class="formfld"> + <?php + $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Choose which interface this rule applies to.<br> + Hint: in most cases, you'll want to use WAN here.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Memory Performance</td> + <td width="78%" class="vtable"> + <select name="performance" class="formfld" id="performance"> + <?php + $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); + foreach ($interfaces2 as $iface2 => $ifacename2): ?> + <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename2);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.<br> + </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Block offenders</td> + <td width="78%" class="vtable"> + <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Checking this option will automatically block hosts that generate a Snort alert.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> + <td width="78%" class="vtable"> + <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will send Alerts to the Pfsense system logs.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log to a Tcpdump file</td> + <td width="78%" class="vtable"> + <input name="tcpdumplog" type="checkbox" value="on" <?php if ($pconfig['tcpdumplog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by an application such as Wireshark which understands pcap file formats. <span class="red"><strong>WARNING:</strong></span> File may become large.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log Alerts to a snort unified2 file</td> + <td width="78%" class="vtable"> + <input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td> + </tr> + <tr> + <td width="22%" valign="top"></td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <?php echo $snort_up_ck; ?> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php new file mode 100644 index 00000000..ff3620a3 --- /dev/null +++ b/config/snort/snort_interfaces_global.php @@ -0,0 +1,380 @@ +<?php +/* + snort_interfaces_global.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Copyright (C) 2008-2009 Robert Zelaya + Modified for the Pfsense snort package. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = "Services: Snort: Global Settings"; +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +/* make things short */ +$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; +$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; +$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; +$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; +$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; +$pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whitelistvpns']; +$pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls']; +$pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip']; +$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; + + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) + { + +/* TODO:a dd check user input code. */ + + } + + if (!$input_errors) { + + if ($_POST["Submit"]) { + + $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; + $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; + $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? on : off; + $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; + $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; + $config['installedpackages']['snortglobal']['whitelistvpns'] = $_POST['whitelistvpns'] ? on : off; + $config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off; + $config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off; + $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; + + write_config(); + sleep(2); + + $retval = 0; + + /* set the snort block hosts time IMPORTANT */ + $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; + if ($snort_rm_blocked_info_ck == "never_b") + $snort_rm_blocked_false = ""; + else + $snort_rm_blocked_false = "true"; + + if ($snort_rm_blocked_info_ck != "") + { + snort_rm_blocked_install_cron(""); + snort_rm_blocked_install_cron($snort_rm_blocked_false); + } + + /* set the snort rules update time */ + $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; + if ($snort_rules_up_info_ck == "never_up") + $snort_rules_up_false = ""; + else + $snort_rules_up_false = "true"; + + if ($snort_rules_up_info_ck != "") + { + snort_rules_up_install_cron(""); + snort_rules_up_install_cron($snort_rules_up_false); + } + + + + $savemsg = get_std_save_message($retval); + + } + + sync_snort_package_all(); + sync_snort_package(); + +} + + + if ($_POST["Reset"]) { + +//////>>>>>>>>> + + function snort_deinstall_settings() +{ + + global $config, $g, $id, $if_real; + conf_mount_rw(); + + + exec("/usr/usr/bin/killall snort"); + sleep(2); + exec("/usr/usr/bin/killall -9 snort"); + sleep(2); + exec("/usr/usr/bin/killall barnyard2"); + sleep(2); + exec("/usr/usr/bin/killall -9 barnyard2"); + sleep(2); + + /* Remove snort cron entries Ugly code needs smoothness*/ +function snort_rm_blocked_deinstall_cron($should_install) +{ + global $config, $g; + conf_mount_rw(); + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) + { + if (strstr($item['command'], "snort2c")) + { + $is_installed = true; + break; + } + + $x++; + + } + if($is_installed == true) + { + if($x > 0) + { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + + configure_cron(); + + } + conf_mount_ro(); + +} + + function snort_rules_up_deinstall_cron($should_install) +{ + global $config, $g; + conf_mount_rw(); + + $is_installed = false; + + if(!$config['cron']['item']) + return; + + $x=0; + foreach($config['cron']['item'] as $item) { + if (strstr($item['command'], "snort_check_for_rule_updates.php")) { + $is_installed = true; + break; + } + $x++; + } + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + conf_mount_rw(); + } + configure_cron(); + } +} + +snort_rm_blocked_deinstall_cron(""); +snort_rules_up_deinstall_cron(""); + + + /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ + /* Keep this as a last step */ + unset($config['installedpackages']['snortglobal']); + write_config(); + conf_mount_rw(); + + /* remove all snort iface dir */ + exec('rm -r /usr/local/etc/snort/snort_*'); + exec('rm /var/log/snort/*'); + + conf_mount_ro(); + +} + + snort_deinstall_settings(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces_global.php"); + + exit; + +//////>>>>>>>>> + } +} + +include("head.inc"); +?> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("Global Settings", true, "/snort/snort_interfaces_global.php"); + $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); + $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); + $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); + $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); + $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + display_top_tabs($tab_array); +?> </td></tr> +<tr> +<td class="tabcont"> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncell">Install Snort.org rules</td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="off" onClick="enable_change(false)" <?php if($pconfig['snortdownload']!="premium" && $pconfig['snortdownload']!="basic") echo "checked"; ?>> + Do <strong>NOT</strong> install</td> + </tr> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="premium" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=="premium") echo "checked"; ?>> + Premium rules <a href="http://forum.pfsense.org/index.php/topic,16847.0.html" target="_blank">HIGHLY RECOMMENDED</a></td> + </tr> + <tr> + <td colspan="2"><input name="snortdownload" type="radio" id="snortdownload" value="basic" onClick="enable_change(false)" <?php if($pconfig['snortdownload']=="basic") echo "checked"; ?>> + Basic Rules</td> + </tr> + <tr> + <td> </td> + <td> </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="optsect_t2">Oinkmaster code</td> + </tr> + <tr> + <td class="vncell" valign="top">Code</td> + <td class="vtable"><input name="oinkmastercode" type="text" class="formfld" id="oinkmastercode" size="52" value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br> + Obtain a snort.org Oinkmaster code and paste here.</td> + </table> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Install <strong>Emergingthreats</strong> rules</td> + <td width="78%" class="vtable"> + <input name="emergingthreats" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Remove blocked hosts every</td> + <td width="78%" class="vtable"> + <select name="rm_blocked" class="formfld" id="rm_blocked"> + <?php + $interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the amount of time you would like hosts to be blocked for.<br> + Hint: in most cases, 1 hour is a good choice.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Update rules automatically</td> + <td width="78%" class="vtable"> + <select name="autorulesupdate7" class="formfld" id="autorulesupdate7"> + <?php + $interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS'); + foreach ($interfaces3 as $iface3 => $ifacename3): ?> + <option value="<?=$iface3;?>" <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please select the update times for rules.<br> + Hint: in most cases, every 12 hours is a good choice.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Whitelist VPNs automatically</td> + <td width="78%" class="vtable"> + <input name="whitelistvpns" type="checkbox" value="yes" <?php if ($config['installedpackages']['snortglobal']['whitelistvpns'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> + Checking this option will install whitelists for all VPNs.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Alerts file description type</td> + <td width="78%" class="vtable"> + <select name="snortalertlogtype" class="formfld" id="snortalertlogtype"> + <?php + $interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT'); + foreach ($interfaces4 as $iface4 => $ifacename4): ?> + <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortalertlogtype']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename4);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl">Please choose the type of Alert logging you will like see in your alert file.<br> + Hint: Best pratice is to chose full logging.</span> <span class="red"><strong>WARNING:</strong></span> <strong>On change, alert file will be cleared.</strong></td> + </tr> + <tr> + <td width="22%" valign="top"><input name="Reset" type="submit" class="formbtn" value="Reset" onclick="return confirm('Do you really want to delete all global and interface settings?')"><span class="red"><strong> WARNING:</strong><br> + This will reset all global and interface settings.</span> + </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br></strong></span> + Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.</span></td> + </tr> + </table> + </td> + </tr> + </table> +</form> +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php new file mode 100644 index 00000000..25963cbe --- /dev/null +++ b/config/snort/snort_preprocessors.php @@ -0,0 +1,438 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +if (isset($id) && $a_nat[$id]) { + + /* new options */ + $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; + $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; + $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; + $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; + $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; + $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; + $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; + $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + + /* old options */ + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; + $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable']; + $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql']; + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['uuid'] = $a_nat[$id]['uuid']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; + $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + +if (isset($_GET['dup'])) + unset($id); +} + +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); + +$snort_uuid = $pconfig['uuid']; + + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + + if ($_POST["Submit"]) { + + /* check for overlaps */ + +/* if no errors write to conf */ + if (!$input_errors) { + $natent = array(); + /* repost the options already in conf */ + if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; } + if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; } + if ($pconfig['uuid'] != "") { $natent['uuid'] = $pconfig['uuid']; } + if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } + if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } + if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } + if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } + if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } + if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; } + if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; } + if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; } + if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; } + if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; } + if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; } + if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; } + if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; } + if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; } + if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; } + if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; } + if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; } + if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; } + if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; } + if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; } + if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; } + if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; } + if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; } + if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; } + if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; } + if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; } + if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; } + if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } + if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } + if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } + if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } + if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } + if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; } + if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; } + if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } + if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } + if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } + if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + + /* post new options */ + $natent['perform_stat'] = $_POST['perform_stat']; + if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } + if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } + $natent['perform_stat'] = $_POST['perform_stat'] ? on : off; + $natent['http_inspect'] = $_POST['http_inspect'] ? on : off; + $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off; + $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? on : off; + $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off; + $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off; + $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off; + $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off; + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + /* after click go to this page */ + touch($d_snortconfdirty_path); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: snort_preprocessors.php?id=$id"); + exit; + } +} + +$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("./snort_fbegin.inc"); +?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<style type="text/css"> +.alert { + position:absolute; + top:10px; + left:0px; + width:94%; +background:#FCE9C0; +background-position: 15px; +border-top:2px solid #DBAC48; +border-bottom:2px solid #DBAC48; +padding: 15px 10px 85% 50px; +} +</style> +<noscript><div class="alert" ALIGN=CENTER><img src="../themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php +if($id != "") +{ + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", true, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + +} +?> +</td> +</tr> + <tr> + <td class="tabcont"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + /* display error code if there is no id */ + if($id == "") + { + echo " + <style type=\"text/css\"> + .noid { + position:absolute; + top:10px; + left:0px; + width:94%; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; + } + </style> + <div class=\"alert\" ALIGN=CENTER><img src=\"../themes/nervecenter/images/icons/icon_alert.gif\"/><strong>You can not edit options without an interface ID.</CENTER></div>\n"; + + } + ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br> + Rules may be dependent on preprocessors!<br> + Please save your settings before you click start.<br> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>Performance Statistics</td> + <td width="78%" class="vtable"> + <input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Performance Statistics for this interface.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>HTTP Inspect</td> + <td width="78%" class="vtable"> + <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode and detect HTTP traffic and protocol anomalies.</td> + </tr> + <tr> + <td valign="top" class="vncell">HTTP server flow depth</td> + <td class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td> + </tr> + </table> + Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.<br> + Setting this value too low may cause false negatives. Values above 0 are specified in bytes.<br> + <strong>Default value is 0</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>RPC Decode and Back Orifice detector</td> + <td width="78%" class="vtable"> + <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>FTP and Telnet Normalizer</td> + <td width="78%" class="vtable"> + <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode FTP and Telnet traffic and protocol anomalies.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>SMTP Normalizer</td> + <td width="78%" class="vtable"> + <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>Portscan Detection</td> + <td width="78%" class="vtable"> + <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + Detects various types of portscans and portsweeps.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>DCE/RPC2 Detection</td> + <td width="78%" class="vtable"> + <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable <br>DNS Detection</td> + <td width="78%" class="vtable"> + <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br> + The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td> + <td width="78%" class="vtable"> + <input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>"> + <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br> + Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span> + <br> + Please save your settings before you click Start. </td> + </tr> + </table> + </table> +</form> + +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 94c99f0e..c95d76ca 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -2,7 +2,8 @@ /* $Id$ */ /* edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya + Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2008, 2009 Robert Zelaya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,22 +27,45 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -require("guiconfig.inc"); -require("config.inc"); -if(!is_dir("/usr/local/etc/snort/rules")) { - conf_mount_rw(); - exec('mkdir /usr/local/etc/snort/rules/'); - conf_mount_ro(); + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; } +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + +$iface_uuid = $a_nat[$id]['uuid']; + +// if(!is_dir("/usr/local/etc/snort/rules")) +// exec('mkdir /usr/local/etc/snort/rules/'); + /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { include("head.inc"); -include("fbegin.inc"); +include("./snort_fbegin.inc"); echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; @@ -51,18 +75,15 @@ echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n <tr>\n <td>\n"; - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); echo "</td>\n </tr>\n @@ -105,8 +126,6 @@ function get_middle($source, $beginning, $ending, $init_pos) { function write_rule_file($content_changed, $received_file) { - conf_mount_rw(); - //read snort file with writing enabled $filehandle = fopen($received_file, "w"); @@ -122,7 +141,6 @@ function write_rule_file($content_changed, $received_file) //close file handle fclose($filehandle); - conf_mount_rw(); } function load_rule_file($incoming_file) @@ -137,8 +155,9 @@ function load_rule_file($incoming_file) //close handler fclose ($filehandle); + //string for populating category select - $currentruleset = substr($file, 27); + $currentruleset = basename($rulefile); //delimiter for each new rule is a new line $delimiter = "\n"; @@ -150,10 +169,13 @@ function load_rule_file($incoming_file) } -$ruledir = "/usr/local/etc/snort/rules/"; +$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; $dh = opendir($ruledir); -$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect."; +if ($_GET['openruleset'] != '' && $_GET['ids'] != '') +{ + header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes"); +} while (false !== ($filename = readdir($dh))) { @@ -169,19 +191,22 @@ sort($files); if ($_GET['openruleset']) { - $file = $_GET['openruleset']; + $rulefile = $_GET['openruleset']; } else { - $file = $ruledir.$files[0]; + $rulefile = $ruledir.$files[0]; } //Load the rule file -$splitcontents = load_rule_file($file); +$splitcontents = load_rule_file($rulefile); if ($_POST) { + + conf_mount_rw(); + if (!$_POST['apply']) { //retrieve POST data $post_lineid = $_POST['lineid']; @@ -258,26 +283,20 @@ if ($_POST) $splitcontents[$post_lineid] = $tempstring; //write the new .rules file - write_rule_file($splitcontents, $file); + write_rule_file($splitcontents, $rulefile); //once file has been written, reload file - $splitcontents = load_rule_file($file); + $splitcontents = load_rule_file($rulefile); $stopMsg = true; } - - if ($_POST['apply']) { -// stop_service("snort"); -// sleep(2); -// start_service("snort"); - $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; - $stopMsg = false; - } - } else if ($_GET['act'] == "toggle") { - $toggleid = $_GET['id']; + + conf_mount_rw(); + + $toggleid = $_GET['ids']; //copy rule contents from array into string $tempstring = $splitcontents[$toggleid]; @@ -311,10 +330,10 @@ else if ($_GET['act'] == "toggle") $splitcontents[$toggleid] = $tempstring; //write the new .rules file - write_rule_file($splitcontents, $file); + write_rule_file($splitcontents, $rulefile); //once file has been written, reload file - $splitcontents = load_rule_file($file); + $splitcontents = load_rule_file($rulefile); $stopMsg = true; @@ -326,20 +345,22 @@ else if ($_GET['act'] == "toggle") // sid being turned off $sid_off = str_replace("sid:", "", $sid_off_cut); // rule_sid_on registers - $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; // if off sid is the same as on sid remove it $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; + $a_nat[$id]['rule_sid_on'] = $sid_on_old; // rule sid off registers - $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; // if off sid is the same as off sid remove it $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; + $a_nat[$id]['rule_sid_off'] = $sid_off_old; // add sid off registers to new off sid - $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off']; + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; write_config(); + conf_mount_rw(); + } else { @@ -349,39 +370,55 @@ else if ($_GET['act'] == "toggle") // sid being turned off $sid_on = str_replace("sid:", "", $sid_on_cut); // rule_sid_off registers - $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; // if off sid is the same as on sid remove it $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; + $a_nat[$id]['rule_sid_off'] = $sid_off_old; // rule sid on registers - $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; // if on sid is the same as on sid remove it $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; + $a_nat[$id]['rule_sid_on'] = $sid_on_old; // add sid on registers to new on sid - $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on']; + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; write_config(); + conf_mount_rw(); } } +if ($_GET['saved'] == 'yes') +{ + $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect."; + +// stop_service("snort"); +// sleep(2); +// start_service("snort"); +// $savemsg = ""; +// $stopMsg = false; +} + +$currentruleset = basename($rulefile); + +$ifname = strtoupper($pconfig['interface']); -$pgtitle = "Snort: Rules"; require("guiconfig.inc"); include("head.inc"); + +$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> + <?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; +echo "<form action=\"snort_rules.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; ?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> -<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?> -<br> +<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?> </form> <script type="text/javascript" language="javascript" src="row_toggle.js"> <script src="/javascript/sorttable.js" type="text/javascript"> @@ -403,28 +440,40 @@ function go() } // --> </script> +<script type="text/javascript"> +<!-- +function popup(url) +{ + params = 'width='+screen.width; + params += ', height='+screen.height; + params += ', top=0, left=0' + params += ', fullscreen=yes'; + + newwin=window.open(url,'windowname4', params); + if (window.focus) {newwin.focus()} + return false; +} +// --> +</script> <table width="99%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> - </td> - </tr> - <tr> - <td> + </td> + </tr> + <tr> + <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -447,7 +496,8 @@ function go() echo "<br>Category: "; //string for populating category select - $currentruleset = substr($file, 27); + $currentruleset = basename($rulefile); + ?> <form name="forms"> <select name="selectbox" class="formfld" onChange="go()"> @@ -459,7 +509,7 @@ function go() if ($files[$i] === $currentruleset) $selectedruleset = "selected"; ?> - <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" + <option value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" <?php $i++; @@ -512,7 +562,13 @@ function go() $textss = $textse = ""; $iconb = "icon_block.gif"; } - + + if ($disabled_pos !== false){ + $ischecked = ""; + }else{ + $ischecked = "checked"; + } + $rule_content = explode(' ', $tempstring); $protocol = $rule_content[$counter2];//protocol location @@ -525,87 +581,93 @@ function go() $counter2++; $destination_port = $rule_content[$counter2];//destination port location - $message = get_middle($tempstring, 'msg:"', '";', 0); + if (strstr($tempstring, 'msg: "')) + $message = get_middle($tempstring, 'msg: "', '";', 0); + if (strstr($tempstring, 'msg:"')) + $message = get_middle($tempstring, 'msg:"', '";', 0); - echo "<tr>"; - echo "<td class=\"listt\">"; - echo $textss; + echo "<tr> + <td class=\"listt\"> + $textss\n"; ?> - <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> + <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a> + <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> + <!-- TODO: add checkbox and save so that that disabling is nicer --> <?php - echo $textse; - echo "</td>"; - - - echo "<td class=\"listlr\">"; - echo $textss; - echo $sid; - echo $textse; - echo "</td>"; - - echo "<td class=\"listlr\">"; - echo $textss; - echo $protocol; + echo "$textse + </td> + <td class=\"listlr\"> + $textss + $sid + $textse + </td> + <td class=\"listlr\"> + $textss + $protocol"; + ?> + <?php $printcounter++; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source_port; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination_port; - echo $textse; - echo "</td>"; + echo "$textse + </td> + <td class=\"listlr\"> + $textss + $source + $textse + </td> + <td class=\"listlr\"> + $textss + $source_port + $textse + </td> + <td class=\"listlr\"> + $textss + $destination + $textse + </td> + <td class=\"listlr\"> + $textss + $destination_port + $textse + </td>"; ?> <td class="listbg"><font color="white"> <?php - echo $textss; - echo $message; - echo $textse; - echo "</td>"; + echo "$textss + $message + $textse + </td>"; ?> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + <td><a href="javascript: void(0)"onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + <!-- Codes by Quackit.com --> </tr> </table> </td> <?php } } - echo " "; - echo "There are "; - echo $printcounter; - echo " rules in this category. <br><br>"; + echo " There are $printcounter rules in this category. <br><br>"; ?> </table> </td> </tr> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> - <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> <td>Rule Enabled</td> </tr> <tr> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> + <td><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> <td nowrap>Rule Disabled</td> - - + </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <!-- TODO: add save and cancel for checkbox options --> + <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> </tr> + </table> <tr> <td colspan="10"> <p> @@ -615,12 +677,11 @@ function go() </tr> </table> </table> - </td> </tr> + </table> - <?php include("fend.inc"); ?> </div></body> -</html>
\ No newline at end of file +</html> diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index cbabce73..b770867f 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -1,40 +1,72 @@ +#!/usr/local/bin/php <?php -/* $Id$ */ /* - snort_rules_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + system_edit.php + Copyright (C) 2004, 2005 Scott Ullrich + All rights reserved. + + Adapted for FreeNAS by Volker Theile (votdev@gmx.de) + Copyright (C) 2006-2009 Volker Theile + + Adapted for Pfsense Snort package by Robert Zelaya + Copyright (C) 2008-2009 Robert Zelaya + + Using dp.SyntaxHighlighter for syntax highlighting + http://www.dreamprojections.com/SyntaxHighlighter + Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; +require_once("guiconfig.inc"); +require_once("config.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +$ids = $_GET['ids']; +if (isset($_POST['ids'])) + $ids = $_POST['ids']; + + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; } +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + $file = $_GET['openruleset']; @@ -42,10 +74,10 @@ $file = $_GET['openruleset']; $filehandle = fopen($file, "r"); //get rule id -$lineid = $_GET['id']; +$lineid = $_GET['ids']; //read file into string, and get filesize -$contents = fread($filehandle, filesize($file)); +$contents2 = fread($filehandle, filesize($file)); //close handler fclose ($filehandle); @@ -54,154 +86,158 @@ fclose ($filehandle); $delimiter = "\n"; //split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents); +$splitcontents = explode($delimiter, $contents2); //copy rule contents from array into string $tempstring = $splitcontents[$lineid]; -//explode rule contents into an array, (delimiter is space) -$rule_content = explode(' ', $tempstring); +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; -//search string -$findme = "# alert"; //find string for disabled alerts + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); -//find if alert is disabled -$disabled = strstr($tempstring, $findme); + //write data to file + fwrite($filehandle, $fullfile); -//get sid -$sid = get_middle($tempstring, 'sid:', ';', 0); + //close file handle + fclose($filehandle); +} -//if find alert is false, then rule is disabled -if ($disabled !== false) -{ - //move counter up 1, so we do not retrieve the # in the rule_content array - $counter2 = 2; + + +if($_POST['highlight'] <> "") { + if($_POST['highlight'] == "yes" or + $_POST['highlight'] == "enabled") { + $highlight = "yes"; + } else { + $highlight = "no"; + } +} else { + $highlight = "no"; } + +if($_POST['rows'] <> "") + $rows = $_POST['rows']; else + $rows = 1; + +if($_POST['cols'] <> "") + $cols = $_POST['cols']; +else + $cols = 66; + +if ($_POST) { - $counter2 = 1; + if ($_POST['save']) { + + /* get the changes */ + $rule_content2 = $_POST['code']; + + //copy string into file array for writing + $splitcontents[$lineid] = $rule_content2; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + header("Location: /snort/snort_rules_edit.php?id=$id&openruleset=$file&ids=$ids"); + + } } +$pgtitle = array(gettext("Advanced"), gettext("File Editor")); -$protocol = $rule_content[$counter2];//protocol location -$counter2++; -$source = $rule_content[$counter2];//source location -$counter2++; -$source_port = $rule_content[$counter2];//source port location -$counter2++; -$direction = $rule_content[$counter2]; -$counter2++; -$destination = $rule_content[$counter2];//destination location -$counter2++; -$destination_port = $rule_content[$counter2];//destination port location -$message = get_middle($tempstring, 'msg:"', '";', 0); - -$content = get_middle($tempstring, 'content:"', '";', 0); -$classtype = get_middle($tempstring, 'classtype:', ';', 0); -$revision = get_middle($tempstring, 'rev:', ';',0); - -$pgtitle = "Snort: Edit Rule"; -require("guiconfig.inc"); -include("head.inc"); +// ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform"> - <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listhdr" width="10%">Enabled: </td> - <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td> - </tr> - <tr> - <td class="listhdr" width="10%">SID: </td> - <td class="listlr" width="30%"><?php echo $sid; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Protocol: </td> - <td class="listlr" width="30%"><?php echo $protocol; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source: </td> - <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source Port: </td> - <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Direction:</td> - <td class="listlr" width="30%"><?php echo $direction;?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination:</td> - <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination Port: </td> - <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Message: </td> - <td class="listlr" width="30%"><?php echo $message; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Content: </td> - <td class="listlr" width="30%"><?php echo $content; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Classtype: </td> - <td class="listlr" width="30%"><?php echo $classtype; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Revision: </td> - <td class="listlr" width="30%"><?php echo $revision; ?></td> - </tr> - <tr><td> </td></tr> - <tr> - <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td> - <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">   <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td> - </tr> - </table> - </form> - </td> - </tr> - </table> - </td> -</tr> +<?php include("head.inc");?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont"> + <form action="snort_rules_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post"> + <?php if ($savemsg) print_info_box($savemsg);?> + <table width="100%" cellpadding='9' cellspacing='9' bgcolor='#eeeeee'> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <hr noshade="noshade" /> + <?=gettext("Disable original rule"); ?>: + <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> /> + <label for="highlighting_enabled"><?=gettext("Enabled"); ?></label> + <input id="highlighting_disabled" name="highlight2" type="radio" value="no"<?php if($highlight == "no") echo " checked=\"checked\""; ?> /> + <label for="highlighting_disabled"><?=gettext("Disabled"); ?></label> + </td> + </tr> + </table> + <table width='100%'> + <tr> + <td valign="top" class="label"> + <div style="background: #eeeeee;" id="textareaitem"> + <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="<?php echo $rows; ?>" cols="<?php echo $cols; ?>" name="code"><?php echo $tempstring;?></textarea> + </div> + </td> + </tr> + </table> + <table width='100%'> + <tr> + <td valign="top" class="label"> + <div style="background: #eeeeee;" id="textareaitem"> + <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea disabled wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea> + </div> + </td> + </tr> + </table> + <?php // include("formend.inc");?> + </form> + </td> + </tr> </table> +<script class="javascript" src="/snort/syntaxhighlighter/shCore.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushCSharp.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushPhp.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushJScript.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushJava.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushVb.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushSql.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushXml.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushDelphi.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushPython.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushRuby.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushCss.js"></script> +<script class="javascript"> +<!-- + // Set focus. + document.forms[0].savetopath.focus(); + + // Append css for syntax highlighter. + var head = document.getElementsByTagName("head")[0]; + var linkObj = document.createElement("link"); + linkObj.setAttribute("type","text/css"); + linkObj.setAttribute("rel","stylesheet"); + linkObj.setAttribute("href","/snort/syntaxhighlighter/SyntaxHighlighter.css"); + head.appendChild(linkObj); + + // Activate dp.SyntaxHighlighter? + <?php + if($_POST['highlight'] == "yes") { + echo "dp.SyntaxHighlighter.HighlightAll('code', true, true);\n"; + // Disable 'Save' button. + echo "document.forms[0].Save.disabled = 1;\n"; + } +?> +//--> +</script> +<?php //include("fend.inc");?> -<?php include("fend.inc"); ?> -</div></body> -</html>
\ No newline at end of file +</body> +</html> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index d839ae7a..d232c097 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -3,6 +3,7 @@ /* snort_rulesets.php Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,43 +29,68 @@ */ require("guiconfig.inc"); -require_once("service-utils.inc"); -require("/usr/local/pkg/snort.inc"); +//require_once("filter.inc"); +//require_once("service-utils.inc"); +include_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); -if(!is_dir("/usr/local/etc/snort/rules")) { - conf_mount_rw(); - exec('mkdir /usr/local/etc/snort/rules/'); - conf_mount_ro(); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; } +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']); + + +$iface_uuid = $a_nat[$id]['uuid']; + +$pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories"; + + /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { include("head.inc"); -include("fbegin.inc"); +include("./snort_fbegin.inc"); + +echo "<p class=\"pgtitle\">"; +if($pfsense_stable == 'yes'){echo $pgtitle;} +echo "</p>\n"; echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; -echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n -<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n +echo " <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n <tr>\n <td>\n"; - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); echo "</td>\n </tr>\n @@ -74,7 +100,7 @@ echo "</td>\n <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n <tr>\n <td>\n -# The rules directory is empty.\n +# The rules directory is empty. /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules \n </td>\n </tr>\n </table>\n @@ -87,7 +113,7 @@ echo "</td>\n \n <p>\n\n"; -echo "Please click on the Update Rules tab to install your selected rule sets."; +echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; include("fend.inc"); echo "</body>"; @@ -97,66 +123,117 @@ exit(0); } -if($_POST) { + /* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty"; + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists($d_snortconfdirty_path)) { + + write_config(); + + sync_snort_package_all($id, $if_real, $iface_uuid); + sync_snort_package(); + + unlink($d_snortconfdirty_path); + + } + + } + + if ($_POST["Submit"]) { $enabled_items = ""; $isfirst = true; + if (is_array($_POST['toenable'])) { foreach($_POST['toenable'] as $toenable) { if(!$isfirst) $enabled_items .= "||"; $enabled_items .= "{$toenable}"; $isfirst = false; } - $config['installedpackages']['snort']['rulesets'] = $enabled_items; + }else{ + $enabled_items = $_POST['toenable']; + } + $a_nat[$id]['rulesets'] = $enabled_items; + write_config(); - stop_service("snort"); - create_snort_conf(); - sleep(2); - start_service("snort"); - $savemsg = "The snort ruleset selections have been saved."; + + touch($d_snortconfdirty_path); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + sync_snort_package_all($id, $if_real, $iface_uuid); + header("Location: /snort/snort_rulesets.php?id=$id"); + } -$enabled_rulesets = $config['installedpackages']['snort']['rulesets']; +$enabled_rulesets = $a_nat[$id]['rulesets']; if($enabled_rulesets) $enabled_rulesets_array = split("\|\|", $enabled_rulesets); -$pgtitle = "Snort: Categories"; include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php include("fbegin.inc"); ?> +<?php include("./snort_fbegin.inc"); ?> +<p class="pgtitle"><?php if($pfsense_stable == 'yes'){echo $pgtitle;}?></p> +<?php + +echo "<form action=\"snort_rulesets.php?id={$id}\" method=\"post\" name=\"iform\" id=\"iform\">"; + +?> <?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; + + /* Display message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box2($savemsg); + } + + if (file_exists($d_snortconfdirty_path)) { + echo '<p>'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.<br> + You must apply the changes in order for them to take effect.<br> + '); + } + } + ?> -<form action="snort_rulesets.php" method="post" name="iform" id="iform"> -<script src="/row_toggle.js" type="text/javascript"></script> -<script src="/javascript/sorttable.js" type="text/javascript"></script> -<?php if ($savemsg) print_info_box($savemsg); ?> <table width="99%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", true, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); ?> - </td> - </tr> - <tr> - <td> + </td> + </tr> + <tr> + <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -168,7 +245,7 @@ if(!$pgtitle_output) <!-- <td class="listhdrr">Description</td> --> </tr> <?php - $dir = "/usr/local/etc/snort/rules/"; + $dir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; $dh = opendir($dir); while (false !== ($filename = readdir($dh))) { $files[] = $filename; @@ -177,7 +254,7 @@ if(!$pgtitle_output) foreach($files as $file) { if(!stristr($file, ".rules")) continue; - echo "<tr>"; + echo "<tr>\n"; echo "<td align=\"center\" valign=\"top\">"; if(is_array($enabled_rulesets_array)) if(in_array($file, $enabled_rulesets_array)) { @@ -187,11 +264,11 @@ if(!$pgtitle_output) } else $CHECKED = ""; - echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />"; - echo "</td>"; - echo "<td>"; - echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>"; - echo "</td>"; + echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td>\n"; + echo "<a href='snort_rules.php?id={$id}&openruleset=/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n</tr>\n\n"; //echo "<td>"; //echo "description"; //echo "</td>"; @@ -204,7 +281,7 @@ if(!$pgtitle_output) <tr><td> </td></tr> <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr> <tr><td> </td></tr> - <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr> + <tr><td><input value="Save" type="submit" name="Submit" id="Submit" /></td></tr> </table> </div> </td> @@ -227,4 +304,4 @@ if(!$pgtitle_output) } -?>
\ No newline at end of file +?> diff --git a/config/snort/snort_threshold.xml b/config/snort/snort_threshold.xml deleted file mode 100644 index f9075d3d..00000000 --- a/config/snort/snort_threshold.xml +++ /dev/null @@ -1,129 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>snort-threshold</name> - <version>0.1.0</version> - <title>Snort: Alert Thresholding and Suppression</title> - <include_file>/usr/local/pkg/snort.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> - </tab> - <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> - </tab> - <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> - </tab> - <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> - </tab> - <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - <active/> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Thresholding or Suppression Rule</fielddescr> - <fieldname>threshrule</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Thresholding or Suppression Rule</fielddescr> - <fieldname>threshrule</fieldname> - <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description> - <type>input</type> - <size>40</size> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this item</description> - <type>input</type> - <size>60</size> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_php_resync_config_command> - create_snort_conf(); - </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file diff --git a/config/snort/snort_whitelist.xml b/config/snort/snort_whitelist.xml index 42769e4e..d98f83fa 100644 --- a/config/snort/snort_whitelist.xml +++ b/config/snort/snort_whitelist.xml @@ -45,52 +45,40 @@ <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>snort-whitelist</name> + <name>snortglobal</name> <version>0.1.0</version> <title>Snort: Whitelist</title> - <include_file>/usr/local/pkg/snort.inc</include_file> + <include_file>/usr/local/pkg/snort/snort.inc</include_file> <!-- Menu is where this packages menu will appear --> <tabs> <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=snort.xml&id=0</url> + <text>Snort Interfaces</text> + <url>/snort/snort_interfaces.php</url> </tab> <tab> - <text>Update Rules</text> - <url>/snort_download_rules.php</url> + <text>Global Settings</text> + <url>/snort/snort_interfaces_global.php</url> </tab> <tab> - <text>Categories</text> - <url>/snort_rulesets.php</url> + <text>Rule Updates</text> + <url>/snort/snort_download_rules.php</url> </tab> <tab> - <text>Rules</text> - <url>/snort_rules.php</url> - </tab> - <tab> - <text>Servers</text> - <url>/pkg_edit.php?xml=snort_define_servers.xml&id=0</url> + <text>Alerts</text> + <url>/snort/snort_alerts.php</url> </tab> <tab> <text>Blocked</text> - <url>/snort_blocked.php</url> + <url>/snort/snort_blocked.php</url> </tab> <tab> <text>Whitelist</text> - <url>/pkg.php?xml=snort_whitelist.xml</url> + <url>/pkg.php?xml=/snort/snort_whitelist.xml</url> <active/> </tab> <tab> - <text>Threshold</text> - <url>/pkg.php?xml=snort_threshold.xml</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort_alerts.php</url> - </tab> - <tab> - <text>Advanced</text> - <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> + <text>Help Info</text> + <url>/snort/snort_help_info.php</url> </tab> </tabs> <adddeleteeditpagefields> @@ -124,6 +112,6 @@ <custom_delete_php_command> </custom_delete_php_command> <custom_php_resync_config_command> - create_snort_conf(); + sync_snort_package_empty(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/snort/snort_xmlrpc_sync.php b/config/snort/snort_xmlrpc_sync.php deleted file mode 100644 index db8b3f3e..00000000 --- a/config/snort/snort_xmlrpc_sync.php +++ /dev/null @@ -1,114 +0,0 @@ -<?php - -/* $Id$ */ -/* - snort_xmlrpc_sync.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ - -require_once("/usr/local/pkg/snort.inc"); -require_once("service-utils.inc"); - -if(!$config) { - log_error("\$config is not enabled!!"); -} else { - if(!$g['booting']) - snort_do_xmlrpc_sync(); -} - -function snort_do_xmlrpc_sync() { - - return; /* need to fix the bug which whipes out carp sync settings, etc */ - - global $config, $g; - $syncxmlrpc = $config['installedpackages']['snort']['config'][0]['syncxmlrpc']; - /* option enabled? */ - if(!$syncxmlrpc) - return; - - $carp = &$config['installedpackages']['carpsettings']['config'][0]; - $password = $carp['password']; - - if(!$carp['synchronizetoip']) - return; - - log_error("[SNORT] snort_xmlrpc_sync.php is starting."); - $xmlrpc_sync_neighbor = $carp['synchronizetoip']; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $carp['synchronizetoip']; - - /* xml will hold the sections to sync */ - $xml = array(); - $xml['installedpackages']['snort'] = &$config['installedpackages']['snort']; - $xml['installedpackages']['snortwhitelist'] = &$config['installedpackages']['snortwhitelist']; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - $method = 'pfsense.restore_config_section'; - - /* Sync! */ - log_error("Beginning Snort XMLRPC sync to {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "999"); - if(!$resp) { - $error = "A communications error occured while attempting Snort XMLRPC sync with {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Snort Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Snort Settings Sync", ""); - } else { - log_error("Snort XMLRPC sync successfully completed with {$url}:{$port}."); - } - log_error("[SNORT] snort_xmlrpc_sync.php is ending."); -} - -?>
\ No newline at end of file |
