aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc659
-rw-r--r--config/snort/snort.priv.inc12
-rwxr-xr-xconfig/snort/snort.xml55
-rw-r--r--config/snort/snort_alerts.js115
-rwxr-xr-xconfig/snort/snort_alerts.php293
-rw-r--r--config/snort/snort_alerts.widget.php246
-rw-r--r--config/snort/snort_barnyard.php575
-rw-r--r--config/snort/snort_blocked.php66
-rw-r--r--config/snort/snort_check_cron_misc.inc135
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php162
-rwxr-xr-xconfig/snort/snort_define_servers.php55
-rwxr-xr-xconfig/snort/snort_download_rules.php2
-rwxr-xr-xconfig/snort/snort_download_updates.php314
-rw-r--r--config/snort/snort_edit_hat_data.php34
-rw-r--r--config/snort/snort_frag3_engine.php23
-rw-r--r--config/snort/snort_ftp_client_engine.php23
-rw-r--r--config/snort/snort_ftp_server_engine.php23
-rw-r--r--config/snort/snort_httpinspect_engine.php23
-rw-r--r--config/snort/snort_import_aliases.php20
-rwxr-xr-xconfig/snort/snort_interfaces.php149
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php190
-rw-r--r--config/snort/snort_interfaces_global.php55
-rw-r--r--config/snort/snort_interfaces_suppress.php46
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php36
-rw-r--r--config/snort/snort_interfaces_whitelist.php177
-rw-r--r--config/snort/snort_ip_list_mgmt.php275
-rw-r--r--config/snort/snort_ip_reputation.php506
-rw-r--r--config/snort/snort_iprep_list_browser.php99
-rw-r--r--config/snort/snort_list_view.php28
-rw-r--r--config/snort/snort_log_view.php93
-rw-r--r--config/snort/snort_migrate_config.php39
-rw-r--r--config/snort/snort_passlist.php205
-rw-r--r--config/snort/snort_passlist_edit.php (renamed from config/snort/snort_interfaces_whitelist_edit.php)119
-rw-r--r--config/snort/snort_post_install.php125
-rwxr-xr-xconfig/snort/snort_preprocessors.php380
-rwxr-xr-xconfig/snort/snort_rules.php345
-rwxr-xr-xconfig/snort/snort_rules_edit.php57
-rw-r--r--config/snort/snort_rules_flowbits.php120
-rwxr-xr-xconfig/snort/snort_rulesets.php121
-rw-r--r--config/snort/snort_select_alias.php31
-rw-r--r--config/snort/snort_stream5_engine.php24
-rwxr-xr-xconfig/snort/snort_sync.xml14
-rw-r--r--config/snort/widget-snort.inc24
43 files changed, 3945 insertions, 2148 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 847a0dba..c0c5756c 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -51,11 +51,13 @@ $snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
$snort_version = $snortver[0];
if (empty($snort_version))
- $snort_version = "2.9.5.6";
+ $snort_version = "2.9.6.0";
-/* package version */
-$pfSense_snort_version = "3.0.4";
-$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
+/* Used to indicate latest version of this include file has been loaded */
+$pfSense_snort_version = "3.0.8";
+
+/* get installed package version for display */
+$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}";
// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -81,6 +83,7 @@ define("VRT_FILE_PREFIX", "snort_");
define("GPL_FILE_PREFIX", "GPLv2_");
define("ET_OPEN_FILE_PREFIX", "emerging-");
define("ET_PRO_FILE_PREFIX", "etpro-");
+define("IPREP_PATH", "/var/db/snort/iprep/");
/* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */
$rebuild_rules = false;
@@ -498,21 +501,18 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
return $valresult;
}
-/* checks to see if service is running yes/no and stop/start */
+/* checks to see if service is running */
function snort_is_running($snort_uuid, $if_real, $type = 'snort') {
global $config, $g;
- if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid"))
- return 'yes';
-
- return 'no';
+ return isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid");
}
function snort_barnyard_stop($snortcfg, $if_real) {
global $config, $g;
$snort_uuid = $snortcfg['uuid'];
- if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Barnyard2 STOP for {$snortcfg['descr']}({$if_real})...");
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
@@ -522,7 +522,7 @@ function snort_stop($snortcfg, $if_real) {
global $config, $g;
$snort_uuid = $snortcfg['uuid'];
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort STOP for {$snortcfg['descr']}({$if_real})...");
killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
@@ -534,12 +534,13 @@ function snort_barnyard_start($snortcfg, $if_real) {
global $config, $g;
$snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
/* define snortbarnyardlog_chk */
- if ($snortcfg['barnyard_enable'] == 'on' && !empty($snortcfg['barnyard_mysql'])) {
+ if ($snortcfg['barnyard_enable'] == 'on') {
log_error("[Snort] Barnyard2 START for {$snortcfg['descr']}({$if_real})...");
- exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q");
+ mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
}
}
@@ -547,11 +548,12 @@ function snort_start($snortcfg, $if_real) {
global $config, $g;
$snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
if ($snortcfg['enable'] == 'on') {
log_error("[Snort] Snort START for {$snortcfg['descr']}({$if_real})...");
- exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
}
else
return;
@@ -575,64 +577,44 @@ function snort_reload_config($snortcfg, $signal="SIGHUP") {
$snortdir = SNORTDIR;
$snort_uuid = $snortcfg['uuid'];
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
/******************************************************/
/* Only send the SIGHUP if Snort is running and we */
/* can find a valid PID for the process. */
/******************************************************/
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort RELOAD CONFIG for {$snortcfg['descr']} ({$if_real})...");
- exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid 2>&1 &");
+ mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
}
-function snort_get_friendly_interface($interface) {
+function snort_barnyard_reload_config($snortcfg, $signal="HUP") {
- if (function_exists('convert_friendly_interface_to_friendly_descr'))
- $iface = convert_friendly_interface_to_friendly_descr($interface);
- else {
- if (!$interface || ($interface == "wan"))
- $iface = "WAN";
- else if(strtolower($interface) == "lan")
- $iface = "LAN";
- else if(strtolower($interface) == "pppoe")
- $iface = "PPPoE";
- else if(strtolower($interface) == "pptp")
- $iface = "PPTP";
- else
- $iface = strtoupper($interface);
- }
-
- return $iface;
-}
-
-/* get the real iface name of wan */
-function snort_get_real_interface($interface) {
- global $config;
+ /**************************************************************/
+ /* This function sends the passed SIGNAL to the Barnyard2 */
+ /* instance on the passed interface to cause Barnyard to */
+ /* reload and parse the running configuration without */
+ /* impacting packet processing. It also executes the reload */
+ /* as a background process and returns control immediately */
+ /* to the caller. */
+ /* */
+ /* $signal = HUP (default) parses and reloads config. */
+ /**************************************************************/
+ global $g;
- $lc_interface = strtolower($interface);
- if (function_exists('get_real_interface'))
- return get_real_interface($lc_interface);
- else {
- if ($lc_interface == "lan") {
- if ($config['inerfaces']['lan'])
- return $config['interfaces']['lan']['if'];
- return $interface;
- }
- if ($lc_interface == "wan")
- return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
- $ifname = "opt{$j}";
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
- return $config['interfaces'][$ifname]['if'];
- }
- }
+ $snortdir = SNORTDIR;
+ $snort_uuid = $snortcfg['uuid'];
+ $if_real = get_real_interface($snortcfg['interface']);
- return $interface;
+ /******************************************************/
+ /* Only send the SIGHUP if Barnyard2 is running and */
+ /* we can find a valid PID for the process. */
+ /******************************************************/
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
+ log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for {$snortcfg['descr']} ({$if_real})...");
+ mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
+ }
}
/*
@@ -650,7 +632,7 @@ function snort_post_delete_logs($snort_uuid = 0) {
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
if ($value['uuid'] != $snort_uuid)
continue;
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
if ($if_real != '') {
@@ -661,18 +643,14 @@ function snort_post_delete_logs($snort_uuid = 0) {
@unlink($file);
/* Clean-up packet capture files if any exist */
- $filelist = glob("{$snort_log_dir}/snort.log.*");
- foreach ($filelist as $file)
- @unlink($file);
+ unlink_if_exists("{$snort_log_dir}/snort.log.*");
- /* Clean-up stats files if they are enabled */
- if ($value['perform_stat'] == 'on') {
- $fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w");
- if ($fd) {
- ftruncate($fd, 0);
- fclose($fd);
- }
- }
+ /* Clean-up Barnyard2 archived files if any exist */
+ unlink_if_exists("{$snort_log_dir}/barnyard2/archive/*");
+
+ /* Clean-up stats file if enabled */
+ if ($value['perform_stat'] == 'on')
+ @file_put_contents("{$snort_log_dir}/{$if_real}.stats", "");
}
}
}
@@ -686,62 +664,16 @@ function snort_Getdirsize($node) {
return substr( $blah, 0, strpos($blah, 9) );
}
-/* func for log dir size limit cron */
-function snort_snortloglimit_install_cron($should_install) {
- global $config, $g;
-
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
+function snort_snortloglimit_install_cron($should_install=TRUE) {
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], 'snort_check_cron_misc.inc')) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "*/5";
- $cron_item['hour'] = "*";
- $cron_item['mday'] = "*";
- $cron_item['month'] = "*";
- $cron_item['wday'] = "*";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
- $config['cron']['item'][] = $cron_item;
- }
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
+ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc", $should_install, "*/5");
}
-/* func for updating cron */
function snort_rm_blocked_install_cron($should_install) {
global $config, $g;
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
$snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+
if ($snort_rm_blocked_info_ck == "15m_b") {
$snort_rm_blocked_min = "*/2";
$snort_rm_blocked_hr = "*";
@@ -822,27 +754,15 @@ function snort_rm_blocked_install_cron($should_install) {
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "2419200";
}
- switch($should_install) {
- case true:
- $cron_item = array();
- $cron_item['minute'] = $snort_rm_blocked_min;
- $cron_item['hour'] = $snort_rm_blocked_hr;
- $cron_item['mday'] = $snort_rm_blocked_mday;
- $cron_item['month'] = $snort_rm_blocked_month;
- $cron_item['wday'] = $snort_rm_blocked_wday;
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
-
- /* Add cron job if not already installed, else just update the existing one */
- if (!$is_installed)
- $config['cron']['item'][] = $cron_item;
- elseif ($is_installed)
- $config['cron']['item'][$x] = $cron_item;
- break;
- case false:
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
+
+ // First remove any existing "expiretable" jobs for Snort.
+ install_cron_job("snort2c", false);
+
+ // Now either install the new or updated cron job,
+ // or return if "rm_blocked" is disabled
+ if ($should_install) {
+ $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root");
}
}
@@ -850,18 +770,6 @@ function snort_rm_blocked_install_cron($should_install) {
function snort_rules_up_install_cron($should_install) {
global $config, $g;
- if(!$config['cron']['item'])
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
$snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
/* See if a customized start time has been set for rule file updates */
@@ -924,28 +832,9 @@ function snort_rules_up_install_cron($should_install) {
$snort_rules_up_month = "*";
$snort_rules_up_wday = "*";
}
- switch($should_install) {
- case true:
- $cron_item = array();
- $cron_item['minute'] = $snort_rules_up_min;
- $cron_item['hour'] = $snort_rules_up_hr;
- $cron_item['mday'] = $snort_rules_up_mday;
- $cron_item['month'] = $snort_rules_up_month;
- $cron_item['wday'] = $snort_rules_up_wday;
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php";
-
- /* Add cron job if not already installed, else just update the existing one */
- if (!$is_installed)
- $config['cron']['item'][] = $cron_item;
- elseif ($is_installed)
- $config['cron']['item'][$x] = $cron_item;
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
+
+ $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/snort/snort_check_for_rule_updates.php";
+ install_cron_job($command, $should_install, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root");
}
/* Only run when all ifaces needed to sync. Expects filesystem rw */
@@ -967,14 +856,14 @@ function sync_snort_package_config() {
$snortconf = $config['installedpackages']['snortglobal']['rule'];
foreach ($snortconf as $value) {
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
/* create a snort.conf file for interface */
snort_generate_conf($value);
/* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
- snort_create_barnyard2_conf($value, $if_real);
+ snort_generate_barnyard2_conf($value, $if_real);
}
/* create snort bootup file snort.sh only create once */
@@ -982,7 +871,7 @@ function sync_snort_package_config() {
$snortglob = $config['installedpackages']['snortglobal'];
- snort_snortloglimit_install_cron($snortglob['snortloglimit'] == 'on' ? true : false);
+ snort_snortloglimit_install_cron(true);
/* set the snort block hosts time IMPORTANT */
snort_rm_blocked_install_cron($snortglob['rm_blocked'] != "never_b" ? true : false);
@@ -1004,7 +893,19 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
/*************************************************************/
/* This function reads all the rules file in the passed */
/* $rules_path variable and produces a properly formatted */
- /* sid-msg.map file for use by Snort and/or barnyard2. */
+ /* sid-msg.map v2 file for use by Snort and/or barnyard2. */
+ /* */
+ /* This function produces the new v2 format sid-msg.map */
+ /* with the field layout as follows: */
+ /* */
+ /* GID || SID || REV || CLASSTYPE || PRI || MSG || REF ... */
+ /* */
+ /* On Entry: $rules_path --> array or directory of files */
+ /* or a single file containing */
+ /* the rules to read. */
+ /* $sid_file --> the complete destination path */
+ /* and filename for the output */
+ /* sid-msg.map file. */
/*************************************************************/
$sidMap = array();
@@ -1013,7 +914,7 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
/* First check if we were passed a directory, a single file */
/* or an array of filenames to read. Set our $rule_files */
/* variable accordingly. If we can't figure it out, return */
- /* and don't write a sid_msg_map file. */
+ /* and don't write a sid-msg.map file. */
if (is_string($rules_path)) {
if (is_dir($rules_path))
$rule_files = glob($rules_path . "*.rules");
@@ -1066,7 +967,11 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
$record = "";
/* Parse the rule to find sid and any references. */
+ $gid = '1'; // default to 1 for regular rules
$sid = '';
+ $rev = '';
+ $classtype = 'NOCLASS'; // required default for v2 format
+ $priority = '0'; // required default for v2 format
$msg = '';
$matches = '';
$sidEntry = '';
@@ -1074,23 +979,32 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
$msg = trim($matches[1]);
if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule, $matches))
$sid = trim($matches[1]);
- if (!empty($sid) && !empty($msg)) {
- $sidEntry = $sid . ' || ' . $msg;
+ if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule, $matches))
+ $gid = trim($matches[1]);
+ if (preg_match('/\brev\s*:\s*([^\;]+)/i', $rule, $matches))
+ $rev = trim($matches[1]);
+ if (preg_match('/\bclasstype\s*:\s*([^\;]+)/i', $rule, $matches))
+ $classtype = trim($matches[1]);
+ if (preg_match('/\bpriority\s*:\s*([^\;]+)/i', $rule, $matches))
+ $priority = trim($matches[1]);
+
+ if (!empty($gid) && !empty($sid) && !empty($msg)) {
+ $sidEntry = $gid . ' || ' . $sid . ' || ' . $rev . ' || ' . $classtype . ' || ';
+ $sidEntry .= $priority . ' || ' . $msg;
preg_match_all('/\breference\s*:\s*([^\;]+)/i', $rule, $matches);
foreach ($matches[1] as $ref)
$sidEntry .= " || " . trim($ref);
$sidEntry .= "\n";
- if (!is_array($sidMap[$sid]))
- $sidMap[$sid] = array();
- $sidMap[$sid] = $sidEntry;
+ $sidMap[] = $sidEntry;
}
}
}
- /* Sort the generated sid-msg map by sid */
- ksort($sidMap);
+ /* Sort the generated sid-msg map */
+ natcasesort($sidMap);
/* Now print the result to the supplied file */
- @file_put_contents($sid_file, array_values($sidMap));
+ @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n");
+ @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND);
}
function snort_merge_reference_configs($cfg_in, $cfg_out) {
@@ -1211,7 +1125,7 @@ function snort_load_rules_map($rules_path) {
* Read all the rules into the map array.
* The structure of the map array is:
*
- * map[gid][sid]['rule']['category']['disabled']['flowbits']
+ * map[gid][sid]['rule']['category']['disabled']['action']['flowbits']
*
* where:
* gid = Generator ID from rule, or 1 if general text
@@ -1221,6 +1135,7 @@ function snort_load_rules_map($rules_path) {
* category = File name of file containing the rule
* disabled = 1 if rule is disabled (commented out), 0 if
* rule is enabled
+ * action = alert|log|pass|drop|reject|sdrop
* flowbits = Array of applicable flowbits if rule contains
* flowbits options
***************************************************************/
@@ -1267,7 +1182,7 @@ function snort_load_rules_map($rules_path) {
/* Skip any non-rule lines unless we're in */
/* multiline mode. */
- if (!preg_match('/^\s*#*\s*(alert|drop|pass)/i', $rule) && !$b_Multiline)
+ if (!preg_match('/^\s*#*\s*(alert|log|pass|drop|reject|sdrop)/i', $rule) && !$b_Multiline)
continue;
/* Test for a multi-line rule; loop and reassemble */
@@ -1312,6 +1227,13 @@ function snort_load_rules_map($rules_path) {
else
$map_ref[$gid][$sid]['disabled'] = 0;
+ /* Grab the rule action (this is for a future option) */
+ $matches = array();
+ if (preg_match('/^\s*#*\s*(alert|log|pass|drop|reject|sdrop)/i', $rule, $matches))
+ $map_ref[$gid][$sid]['action'] = $matches[1];
+ else
+ $map_ref[$gid][$sid]['action'] = "";
+
/* Grab any associated flowbits from the rule. */
$map_ref[$gid][$sid]['flowbits'] = snort_get_flowbits($rule);
@@ -1715,7 +1637,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) {
/* If the $rule_map array is empty, then exit. */
if (empty($rule_map)) {
- file_put_contents($rule_file, "");
+ @file_put_contents($rule_file, "");
return;
}
@@ -1829,9 +1751,10 @@ function snort_create_rc() {
/* after any changes to snort.conf saved in the GUI. */
/*********************************************************/
- global $config, $g;
+ global $config, $g, $pfs_version;
$snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
// If no interfaces are configured for Snort, exit
@@ -1845,36 +1768,37 @@ function snort_create_rc() {
$start_snort_iface_start = array();
$start_snort_iface_stop = array();
+ // If not using PBI package, then make sure Barnyard2 can
+ // find the latest MySQL shared libs in /usr/local/lib/mysql
+ if ($pfs_version < 2.1) {
+ $sql_lib_path = "\n# Ensure MySQL shared libs are in ldconfig search path\n";
+ $sql_lib_path .= "/sbin/ldconfig -m /usr/local/lib/mysql";
+ $start_snort_iface_start[] = $sql_lib_path;
+ }
+
// Loop thru each configured interface and build
// the shell script.
foreach ($snortconf as $value) {
+ // Skip disabled Snort interfaces
+ if ($value['enable'] <> 'on')
+ continue;
$snort_uuid = $value['uuid'];
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$start_barnyard = <<<EOE
if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
- pid=`/bin/pgrep -f "barnyard2 -r {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "`
else
pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid`
fi
if [ ! -z \$pid ]; then
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /bin/pkill \$pid -a
- time=0 timeout=30
- while kill -0 \$pid 2>/dev/null; do
- sleep 1
- time=\$((time+1))
- if [ \$time -gt \$timeout ]; then
- break
- fi
- done
- if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
- /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
- fi
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /bin/pkill -HUP \$pid
+ else
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q
fi
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q
EOE;
$stop_barnyard2 = <<<EOE
@@ -1895,7 +1819,7 @@ EOE;
/bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
fi
else
- pid=`/bin/pgrep -f "barnyard2 -r {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "`
if [ ! -z \$pid ]; then
/bin/pkill -f "barnyard2 -r {$snort_uuid} "
time=0 timeout=30
@@ -1910,7 +1834,7 @@ EOE;
fi
EOE;
- if ($value['barnyard_enable'] == 'on' && !empty($value['barnyard_mysql']))
+ if ($value['barnyard_enable'] == 'on')
$start_barnyard2 = $start_barnyard;
else
$start_barnyard2 = $stop_barnyard2;
@@ -1920,7 +1844,7 @@ EOE;
###### For Each Iface
# Start snort and barnyard2
if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
- pid=`/bin/pgrep -f "snort -R {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "`
else
pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
fi
@@ -1930,7 +1854,7 @@ EOE;
/bin/pkill -HUP \$pid
else
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
fi
sleep 2
@@ -1956,10 +1880,10 @@ EOE;
/bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
fi
else
- pid=`/bin/pgrep -f "snort -R {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "`
if [ ! -z \$pid ]; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /bin/pkill -f "snort -R {$snort_uuid} "
+ /bin/pkill -fn "snort -R {$snort_uuid} "
time=0 timeout=30
while kill -0 \$pid 2>/dev/null; do
sleep 1
@@ -2019,79 +1943,122 @@ EOD;
@chmod("{$rcdir}/snort.sh", 0755);
}
-/* open barnyard2.conf for writing */
-function snort_create_barnyard2_conf($snortcfg, $if_real) {
- global $config, $g;
-
- $snortdir = SNORTDIR;
- $snort_uuid = $snortcfg['uuid'];
-
- if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
-
- if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
- @touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
- }
-
- $barnyard2_conf_text = snort_generate_barnyard2_conf($snortcfg, $if_real);
+function snort_generate_barnyard2_conf($snortcfg, $if_real) {
- /* write out barnyard2_conf */
- @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text);
-}
+ /****************************************************/
+ /* This function creates the barnyard2.conf config */
+ /* file for the passed interface when Barnyard2 is */
+ /* enabled. */
+ /****************************************************/
-/* open barnyard2.conf for writing" */
-function snort_generate_barnyard2_conf($snortcfg, $if_real) {
global $config, $g;
- $snortdir = SNORTDIR;
$snort_uuid = $snortcfg['uuid'];
+ $snortdir = SNORTDIR;
+ $snortcfgdir = SNORTDIR . "/snort_{$snort_uuid}_{$if_real}";
+ $snortlogdir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+
+ // Create required directories for barnyard2 if missing
+ if (!is_dir("{$snortlogdir}/barnyard2"))
+ safe_mkdir("{$snortlogdir}/barnyard2");
+ if (!is_dir("{$snortlogdir}/barnyard2/archive"))
+ safe_mkdir("{$snortlogdir}/barnyard2/archive");
+
+ // Create the barnyard2 waldo file if missing
+ if (!file_exists("{$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
+ @touch("{$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo");
+ mwexec("/bin/chmod 770 {$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ }
+
+ // If there is no gen-msg.map file present, create an
+ // empty one so Barnyard2 will at least start.
+ if (!file_exists("{$snortcfgdir}/gen-msg.map"))
+ @file_put_contents("{$snortcfgdir}/gen-msg.map", "");
+
+ $snortbarnyard_hostname_info = php_uname("n");
+
+ // Set general config parameters
+ $gen_configs = "config quiet\nconfig daemon\nconfig decode_data_link\nconfig alert_with_interface_name\nconfig event_cache_size: 8192";
+ if ($snortcfg['barnyard_show_year'] == 'on')
+ $gen_configs .= "\nconfig show_year";
+ if ($snortcfg['barnyard_obfuscate_ip'] == 'on')
+ $gen_configs .= "\nconfig obfuscate";
+ if ($snortcfg['barnyard_dump_payload'] == 'on')
+ $gen_configs .= "\nconfig dump_payload";
+ if ($snortcfg['barnyard_archive_enable'] == 'on')
+ $gen_configs .= "\nconfig archivedir: {$snortlogdir}/barnyard2/archive";
+
+ // Set output plugins
+ $snortbarnyardlog_output_plugins = "";
+ if ($snortcfg['barnyard_mysql_enable'] == 'on') {
+ $by2_dbpwd = base64_decode($snortcfg['barnyard_dbpwd']);
+ $snortbarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: log, mysql, ";
+ $snortbarnyardlog_output_plugins .= "user={$snortcfg['barnyard_dbuser']} password={$by2_dbpwd} ";
+ $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}";
+ if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0)
+ $snortbarnyardlog_output_plugins .= " sensor_name={$snortcfg['barnyard_sensor_name']}";
+ if ($snortcfg['barnyard_disable_sig_ref_tbl'] == 'on')
+ $snortbarnyardlog_output_plugins .= " disable_signature_reference_table";
+ $snortbarnyardlog_output_plugins .= "\n\n";
+ }
+ if ($snortcfg['barnyard_syslog_enable'] == 'on') {
+ $snortbarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\noutput alert_syslog_full: ";
+ if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0)
+ $snortbarnyardlog_output_plugins .= "sensor_name {$snortcfg['barnyard_sensor_name']}, ";
+ else
+ $snortbarnyardlog_output_plugins .= "sensor_name {$snortbarnyard_hostname_info}, ";
+ if ($snortcfg['barnyard_syslog_local'] == 'on')
+ $snortbarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n";
+ else {
+ $snortbarnyardlog_output_plugins .= "server {$snortcfg['barnyard_syslog_rhost']}, protocol {$snortcfg['barnyard_syslog_proto']}, ";
+ $snortbarnyardlog_output_plugins .= "port {$snortcfg['barnyard_syslog_dport']}, operation_mode {$snortcfg['barnyard_syslog_opmode']}, ";
+ $snortbarnyardlog_output_plugins .= "log_facility {$snortcfg['barnyard_syslog_facility']}, log_priority {$snortcfg['barnyard_syslog_priority']}\n\n";
+ }
+ }
+ if ($snortcfg['barnyard_bro_ids_enable'] == 'on') {
+ $snortbarnyardlog_output_plugins .= "# alert_bro: log to a Bro-IDS receiver\n";
+ $snortbarnyardlog_output_plugins .= "output alert_bro: {$snortcfg['barnyard_bro_ids_rhost']}:{$snortcfg['barnyard_bro_ids_dport']}\n";
+ }
- /* TODO: add support for the other 5 output plugins */
- $snortbarnyardlog_database_info_chk = $snortcfg['barnyard_mysql'];
- $snortbarnyardlog_hostname_info_chk = php_uname("n");
- /* user add arguments */
+ // Trim leading and trailing newlines and spaces
+ $snortbarnyardlog_output_plugins = rtrim($snortbarnyardlog_output_plugins, "\n");
+
+ // User pass-through arguments
$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['barnconfigpassthru']));
+ // Create the conf file as a text string
$barnyard2_conf_text = <<<EOD
-# barnyard2.conf
+# barnyard2.conf
# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
#
-# set the appropriate paths to the file(s) your Snort process is using
-
-config reference_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config
-config classification_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config
-config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map
-config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map
-config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: {$if_real}
-config decode_data_link
-config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo
-
-# Show year in timestamps
-config show_year
+## General Barnyard2 settings ##
+{$gen_configs}
+config reference_file: {$snortcfgdir}/reference.config
+config classification_file: {$snortcfgdir}/classification.config
+config sid_file: {$snortcfgdir}/sid-msg.map
+config gen_file: {$snortcfgdir}/gen-msg.map
+config hostname: {$snortbarnyard_hostname_info}
+config interface: {$if_real}
+config waldo_file: {$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo
+config logdir: {$snortlogdir}
## START user pass through ##
-
- {$snortbarnyardlog_config_pass_thru}
-
+{$snortbarnyardlog_config_pass_thru}
## END user pass through ##
-# Step 2: setup the input plugins
+## Setup input plugins ##
input unified2
-config logdir: /var/log/snort/snort_{$if_real}{$snort_uuid}
-
-# database: log to a variety of databases
-# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
-
- $snortbarnyardlog_database_info_chk
+## Setup output plugins ##
+{$snortbarnyardlog_output_plugins}
EOD;
- return $barnyard2_conf_text;
+ /* Write out barnyard2_conf text string to disk */
+ @file_put_contents("{$snortcfgdir}/barnyard2.conf", $barnyard2_conf_text);
+ unset($barnyard2_conf_text);
}
function snort_deinstall() {
@@ -2103,6 +2070,7 @@ function snort_deinstall() {
$snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
+ $iprep_path = IPREP_PATH;
log_error(gettext("[Snort] Snort package uninstall in progress..."));
@@ -2115,7 +2083,7 @@ function snort_deinstall() {
mwexec('/usr/bin/killall -9 snort', true);
sleep(2);
// Delete any leftover snort PID files in /var/run
- array_map('@unlink', glob("/var/run/snort_*.pid"));
+ unlink_if_exists("/var/run/snort_*.pid");
/* Make sure all active Barnyard2 processes are terminated */
/* Log a message only if a running process is detected */
@@ -2126,38 +2094,48 @@ function snort_deinstall() {
mwexec('/usr/bin/killall -9 barnyard2', true);
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
/* Remove the snort user and group */
mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
- /* Remove snort cron entries Ugly code needs smoothness */
- if (!function_exists('snort_deinstall_cron')) {
- function snort_deinstall_cron($crontask) {
- global $config, $g;
-
- if(!is_array($config['cron']['item']))
- return;
+ /* Remove all the Snort cron jobs. */
+ install_cron_job("snort2c", false);
+ install_cron_job("snort_check_for_rule_updates.php", false);
+ install_cron_job("snort_check_cron_misc.inc", false);
+ configure_cron();
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], $crontask)) {
- $is_installed = true;
- break;
+ /* Remove our associated Dashboard widget config. If */
+ /* "save settings" is enabled, then save old widget */
+ /* container settings so we can restore them later. */
+ $widgets = $config['widgets']['sequence'];
+ if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "snort_alerts-container")) {
+ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ $config['installedpackages']['snortglobal']['dashboard_widget'] = $widget;
}
- $x++;
+ unset($widgetlist[$key]);
+ break;
}
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
}
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall.");
}
- /* Remove all the Snort cron jobs. */
- snort_deinstall_cron("snort2c");
- snort_deinstall_cron("snort_check_for_rule_updates.php");
- snort_deinstall_cron("snort_check_cron_misc.inc");
- configure_cron();
+ /* See if we are to clear blocked hosts on uninstall */
+ if ($config['installedpackages']['snortglobal']['clearblocks'] == 'on') {
+ log_error(gettext("[Snort] Removing all blocked hosts from <snort2c> table..."));
+ mwexec("/sbin/pfctl -t snort2c -T flush");
+ }
+
+ /* See if we are to clear Snort log files on uninstall */
+ if ($config['installedpackages']['snortglobal']['clearlogs'] == 'on') {
+ log_error(gettext("[Snort] Clearing all Snort-related log files..."));
+ unlink_if_exists("{$snort_rules_upd_log}");
+ mwexec("/bin/rm -rf {$snortlogdir}");
+ }
/**********************************************************/
/* Test for existence of library backup tarballs in /tmp. */
@@ -2186,8 +2164,11 @@ function snort_deinstall() {
log_error(gettext("Not saving settings... all Snort configuration info and logs deleted..."));
unset($config['installedpackages']['snortglobal']);
unset($config['installedpackages']['snortsync']);
- @unlink("{$snort_rules_upd_log}");
+ unlink_if_exists("{$snort_rules_upd_log}");
+ log_error(gettext("[Snort] Flushing <snort2c> firewall table to remove addresses blocked by Snort..."));
+ mwexec("/sbin/pfctl -t snort2c -T flush");
mwexec("/bin/rm -rf {$snortlogdir}");
+ mwexec("/bin/rm -rf {$iprep_path}");
log_error(gettext("[Snort] The package has been removed from this system..."));
}
}
@@ -2220,7 +2201,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
return;
/* Log a message for rules rebuild in progress */
- log_error(gettext("[Snort] Updating rules configuration for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ log_error(gettext("[Snort] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ..."));
/* Enable all, some or none of the SDF rules depending on setting. */
if ($snortcfg['sensitive_data'] == 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
@@ -2230,7 +2211,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$sd_tmp_new_file="";
foreach ($sd_tmp_file as $sd_tmp_line)
$sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
- file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
+ @file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
}
}
elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
@@ -2280,6 +2261,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$enabled_rules[$k1][$k2]['rule'] = $v['rule'];
$enabled_rules[$k1][$k2]['category'] = $v['category'];
$enabled_rules[$k1][$k2]['disabled'] = $v['disabled'];
+ $enabled_rules[$k1][$k2]['action'] = $v['action'];
$enabled_rules[$k1][$k2]['flowbits'] = $v['flowbits'];
}
}
@@ -2302,6 +2284,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$enabled_rules[$k1][$k2]['rule'] = $p['rule'];
$enabled_rules[$k1][$k2]['category'] = $p['category'];
$enabled_rules[$k1][$k2]['disabled'] = $p['disabled'];
+ $enabled_rules[$k1][$k2]['action'] = $p['action'];
$enabled_rules[$k1][$k2]['flowbits'] = $p['flowbits'];
}
}
@@ -2314,7 +2297,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Check for and disable any rules dependent upon disabled preprocessors if */
/* this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {
- log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...');
snort_filter_preproc_rules($snortcfg, $enabled_rules);
}
@@ -2323,7 +2306,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. */
if ($snortcfg['autoflowbitrules'] == 'on') {
- log_error('[Snort] Enabling any flowbit-required rules for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...');
$fbits = snort_resolve_flowbits($all_rules, $enabled_rules);
/* Check for and disable any flowbit-required rules the user has */
@@ -2333,7 +2316,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Check for and disable any flowbit-required rules dependent upon */
/* disabled preprocessors if this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {
- log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...');
snort_filter_preproc_rules($snortcfg, $fbits, true);
}
snort_write_flowbit_rules_file($fbits, "{$snortcfgdir}/rules/{$flowbit_rules_file}");
@@ -2356,11 +2339,11 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Log a warning if the interface has no rules defined or enabled */
if ($no_rules_defined)
- log_error(gettext("[Snort] Warning - no text rules or IPS-Policy selected for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ log_error(gettext("[Snort] Warning - no text rules or IPS-Policy selected for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ..."));
/* Build a new sid-msg.map file from the enabled */
/* rules and copy it to the interface directory. */
- log_error(gettext("[Snort] Building new sig-msg.map file for " . snort_get_friendly_interface($snortcfg['interface']) . "..."));
+ log_error(gettext("[Snort] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "..."));
snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map");
}
@@ -2485,7 +2468,7 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
/* when flowbit-required rules are being assessed after the */
/* primary enforcing rules have been evaluated. */
/***************************************************************/
- $iface = snort_get_friendly_interface($snortcfg['interface']);
+ $iface = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
$file = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
if ($persist_log)
$fp = fopen($file, 'a');
@@ -2551,7 +2534,7 @@ function snort_generate_conf($snortcfg) {
else
$protect_preproc_rules = "off";
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
$snort_uuid = $snortcfg['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
@@ -2611,8 +2594,18 @@ function snort_generate_conf($snortcfg) {
/* define snortunifiedlog */
$snortunifiedlog_type = "";
- if ($snortcfg['snortunifiedlog'] == "on")
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ if ($snortcfg['barnyard_enable'] == "on") {
+ if (isset($snortcfg['unified2_log_limit']))
+ $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}";
+ else
+ $u2_log_limit = "limit 128";
+
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}";
+ if ($snortcfg['barnyard_log_vlan_events'] == 'on')
+ $snortunifiedlog_type .= ", vlan_event_types";
+ if ($snortcfg['barnyard_log_mpls_events'] == 'on')
+ $snortunifiedlog_type .= ", mpls_event_types";
+ }
/* define spoink */
$spoink_type = "";
@@ -2621,7 +2614,7 @@ function snort_generate_conf($snortcfg) {
if ($snortcfg['blockoffenderskill'] == "on")
$pfkill = "kill";
$spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true);
- /* write whitelist */
+ /* write Pass List */
@file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist));
$spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
}
@@ -3170,6 +3163,49 @@ preprocessor sensitive_data: \
EOD;
+ /* define IP Reputation preprocessor */
+ if (is_array($snortcfg['blist_files']['item'])) {
+ $blist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['blist_files']['item'] as $blist) {
+ if ($bIsFirst) {
+ $blist_files .= "blacklist " . IPREP_PATH . $blist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist;
+ }
+ }
+ if (is_array($snortcfg['wlist_files']['item'])) {
+ $wlist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['wlist_files']['item'] as $wlist) {
+ if ($bIsFirst) {
+ $wlist_files .= "whitelist " . IPREP_PATH . $wlist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist;
+ }
+ }
+ if (!empty($blist_files))
+ $ip_lists = $blist_files;
+ if (!empty($wlist_files))
+ $ip_lists .= ", \\ \n" . $wlist_files;
+ if ($snortcfg['iprep_scan_local'] == 'on')
+ $ip_lists .= ", \\ \n\tscan_local";
+
+ $reputation_preproc = <<<EOD
+# IP Reputation preprocessor #
+preprocessor reputation: \
+ memcap {$snortcfg['iprep_memcap']}, \
+ priority {$snortcfg['iprep_priority']}, \
+ nested_ip {$snortcfg['iprep_nested_ip']}, \
+ white {$snortcfg['iprep_white']}, \
+ {$ip_lists}
+
+EOD;
+
/* define servers as IP variables */
$snort_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -3200,11 +3236,11 @@ EOD;
"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
);
$snort_preproc = array (
- "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc"
+ "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan",
+ "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc"
);
$default_disabled_preprocs = array(
- "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc"
+ "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
@@ -3517,7 +3553,7 @@ EOD;
// Check for and configure Host Attribute Table if enabled
$host_attrib_config = "";
if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) {
- file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data']));
+ @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data']));
$host_attrib_config = "# Host Attribute Table #\n";
$host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n";
if (!empty($snortcfg['max_attribute_hosts']))
@@ -3754,14 +3790,7 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src
EOD;
// Write out snort.conf file
- $conf = fopen("{$snortcfgdir}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open {$snortcfgdir}/snort.conf for writing.");
- conf_mount_ro();
- return -1;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
+ @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
conf_mount_ro();
unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
unset($home_net, $external_net, $ipvardef, $portvardef);
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 795924ea..8db5408d 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -24,10 +24,9 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_edit.php*
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_global.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress_edit.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist_edit.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_passlist.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_passlist_edit.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_list_view.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_log_view.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_migrate_config.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_post_install.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_preprocessors.php*";
@@ -37,9 +36,14 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rules_flowbits.php*"
$priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_ip_list_mgmt.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*";
+$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*";
+$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*";
+$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*";
$priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*";
$priv_list['page-services-snort']['match'][] = "snort/snort.inc*";
-
?> \ No newline at end of file
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 637773df..ca99accf 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -46,12 +46,12 @@
<requirements>None</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
- <version>2.9.5.6</version>
- <title>Services:2.9.5.6 pkg v3.0.4</title>
+ <version>2.9.6.0</version>
+ <title>Services:2.9.6.0 pkg v3.0.8</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
- <tooltiptext>Setup snort specific settings</tooltiptext>
+ <tooltiptext>Set up snort specific settings</tooltiptext>
<section>Services</section>
<url>/snort/snort_interfaces.php</url>
</menu>
@@ -74,12 +74,12 @@
<item>https://packages.pfsense.org/packages/config/snort/snort_check_cron_misc.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/snort/snort_migrate_config.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/snort/snort_post_install.php</item>
</additional_files_needed>
@@ -119,7 +119,7 @@
<item>https://packages.pfsense.org/packages/config/snort/snort_download_updates.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item>
</additional_files_needed>
@@ -161,12 +161,12 @@
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_whitelist.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_passlist.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_whitelist_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_passlist_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
@@ -181,11 +181,6 @@
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>https://packages.pfsense.org/packages/config/snort/snort_log_view.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/snort/snort_list_view.php</item>
</additional_files_needed>
<additional_files_needed>
@@ -238,19 +233,49 @@
<chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/snort/snort.priv.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_ip_reputation.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_ip_list_mgmt.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_iprep_list_browser.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.widget.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/widget-snort.inc</item>
+ </additional_files_needed>
<fields>
</fields>
<custom_add_php_command>
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.4")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.8")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
<custom_php_install_command>
<![CDATA[
- include_once("/usr/local/pkg/snort/snort_post_install.php");
+ include_once("/usr/local/www/snort/snort_post_install.php");
]]>
</custom_php_install_command>
<custom_php_deinstall_command>
diff --git a/config/snort/snort_alerts.js b/config/snort/snort_alerts.js
new file mode 100644
index 00000000..647eb1b1
--- /dev/null
+++ b/config/snort/snort_alerts.js
@@ -0,0 +1,115 @@
+
+var snorttimer;
+var snortisBusy = false;
+var snortisPaused = false;
+
+if (typeof getURL == 'undefined') {
+ getURL = function(url, callback) {
+ if (!url)
+ throw 'No URL for getURL';
+ try {
+ if (typeof callback.operationComplete == 'function')
+ callback = callback.operationComplete;
+ } catch (e) {}
+ if (typeof callback != 'function')
+ throw 'No callback function for getURL';
+ var http_request = null;
+ if (typeof XMLHttpRequest != 'undefined') {
+ http_request = new XMLHttpRequest();
+ }
+ else if (typeof ActiveXObject != 'undefined') {
+ try {
+ http_request = new ActiveXObject('Msxml2.XMLHTTP');
+ } catch (e) {
+ try {
+ http_request = new ActiveXObject('Microsoft.XMLHTTP');
+ } catch (e) {}
+ }
+ }
+ if (!http_request)
+ throw 'Both getURL and XMLHttpRequest are undefined';
+ http_request.onreadystatechange = function() {
+ if (http_request.readyState == 4) {
+ callback( { success : true,
+ content : http_request.responseText,
+ contentType : http_request.getResponseHeader("Content-Type") } );
+ }
+ }
+ http_request.open('GET', url, true);
+ http_request.send(null);
+ }
+}
+
+function snort_alerts_fetch_new_events_callback(callback_data) {
+ var data_split;
+ var new_data_to_add = Array();
+ var data = callback_data.content;
+ data_split = data.split("\n");
+
+ // Loop through rows and generate replacement HTML
+ for(var x=0; x<data_split.length-1; x++) {
+ row_split = data_split[x].split("||");
+ var line = '';
+ line = '<td class="' + snortWidgetColClass + '">' + row_split[0] + '<br/>' + row_split[1] + '</td>';
+ line += '<td class="' + snortWidgetColClass + '" style="overflow: hidden; text-overflow: ellipsis;" nowrap>';
+ line += '<div style="display:inline;" title="' + row_split[2] + '">' + row_split[2] + '</div><br/>';
+ line += '<div style="display:inline;" title="' + row_split[3] + '">' + row_split[3] + '</div></td>';
+ line += '<td class="' + snortWidgetColClass + '">' + 'Priority: ' + row_split[4] + ' ' + row_split[5] + '</td>';
+ new_data_to_add[new_data_to_add.length] = line;
+ }
+ snort_alerts_update_div_rows(new_data_to_add);
+ snortisBusy = false;
+}
+
+function snort_alerts_update_div_rows(data) {
+ if(snortisPaused)
+ return;
+
+ var rows = $$('#snort-alert-entries>tr');
+
+ // Number of rows to move by
+ var move = rows.length + data.length - snort_nentries;
+ if (move < 0)
+ move = 0;
+
+ for (var i = rows.length - 1; i >= move; i--) {
+ rows[i].innerHTML = rows[i - move].innerHTML;
+ }
+
+ var tbody = $$('#snort-alert-entries');
+ for (var i = data.length - 1; i >= 0; i--) {
+ if (i < rows.length) {
+ rows[i].innerHTML = data[i];
+ } else {
+ var newRow = document.getElementById('snort-alert-entries').insertRow(0);
+ newRow.innerHTML = data[i];
+ }
+ }
+
+ // Add the even/odd class to each of the rows now
+ // they have all been added.
+ rows = $$('#snort-alert-entries>tr');
+ for (var i = 0; i < rows.length; i++) {
+ rows[i].className = i % 2 == 0 ? snortWidgetRowOddClass : snortWidgetRowEvenClass;
+ }
+}
+
+function fetch_new_snortalerts() {
+ if(snortisPaused)
+ return;
+ if(snortisBusy)
+ return;
+ snortisBusy = true;
+ getURL('/widgets/widgets/snort_alerts.widget.php?getNewAlerts=' + new Date().getTime(), snort_alerts_fetch_new_events_callback);
+}
+
+function snort_alerts_toggle_pause() {
+ if(snortisPaused) {
+ snortisPaused = false;
+ fetch_new_snortalerts();
+ } else {
+ snortisPaused = true;
+ }
+}
+/* start local AJAX engine */
+snorttimer = setInterval('fetch_new_snortalerts()', snortupdateDelay);
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 804c6e8a..45443ec2 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -40,6 +40,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$supplist = array();
+$snortlogdir = SNORTLOGDIR;
function snort_is_alert_globally_suppressed($list, $gid, $sid) {
@@ -98,11 +99,13 @@ function snort_add_supplist_entry($suppress) {
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
$found_list = true;
+ $list_name = $s_list['name'];
} else {
/* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
$found_list = true;
+ $list_name = $alist['name'];
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
@@ -120,7 +123,7 @@ function snort_add_supplist_entry($suppress) {
/* If we created a new list or updated an existing one, save the change, */
/* tell Snort to load it, and return true; otherwise return false. */
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List {$list_name}.");
sync_snort_package_config();
snort_reload_config($a_instance[$instanceid]);
return true;
@@ -129,18 +132,18 @@ function snort_add_supplist_entry($suppress) {
return false;
}
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
-if ($_POST['instance'])
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
-if (empty($instanceid))
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
+ $instanceid = htmlspecialchars($_GET['instance']);
+if (empty($instanceid) || !is_numericint($instanceid))
$instanceid = 0;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[$instanceid]['uuid'];
-$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+$if_real = get_real_interface($a_instance[$instanceid]['interface']);
// Load up the arrays of force-enabled and force-disabled SIDs
$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']);
@@ -167,69 +170,76 @@ if ($_POST['save']) {
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
- write_config();
+ write_config("Snort pkg: updated ALERTS tab settings.");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
-if ($_POST['todelete'] || $_GET['todelete']) {
+if ($_POST['todelete']) {
$ip = "";
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- else if($_GET['todelete'])
- $ip = $_GET['todelete'];
- if (is_ipaddr($ip)) {
- exec("/sbin/pfctl -t snort2c -T delete {$ip}");
- $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
+ if($_POST['ip']) {
+ $ip = $_POST['ip'];
+ if (is_ipaddr($_POST['ip'])) {
+ exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+ $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Hosts Table.");
+ }
}
}
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
-
- /* Add the new entry to the Suppress List */
- if (snort_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
- else
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
-}
-
-if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if ($_GET['act'] == "addsuppress_srcip")
+if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ if ($_POST['addsuppress_srcip'])
$method = "by_src";
- else
+ elseif ($_POST['addsuppress_dstip'])
$method = "by_dst";
-
- /* Check for valid IP addresses, exit if not valid */
- if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- }
- else {
- header("Location: /snort/snort_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $method ="all";
+
+ // See which kind of Suppress Entry to create
+ switch ($method) {
+ case "all":
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List.");
+ break;
+ case "by_src":
+ case "by_dst":
+ // Check for valid IP addresses, exit if not valid
+ if (is_ipaddr($_POST['ip'])) {
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List.");
+ }
+ else {
+ $input_errors[] = gettext("An invalid IP address was passed as a Suppress List parameter.");
+ }
+ break;
+ default:
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
+ exit;
}
- /* Add the new entry to the Suppress List */
- if (snort_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
- else
- /* We did not find the defined list, so notify the user with an error */
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ if (!$input_errors) {
+ /* Add the new entry to the Suppress List and signal Snort to reload config */
+ if (snort_add_supplist_entry($suppress)) {
+ snort_reload_config($a_instance[$instanceid]);
+ $savemsg = $success;
+ /* Give Snort a couple seconds to reload the configuration */
+ sleep(2);
+ }
+ else
+ $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ }
}
-if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gen_id'];
-
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['sidid'];
+if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ // Get the GID and SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gen_id'];
+ $sid= $_POST['sidid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it if present.
@@ -266,7 +276,7 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
unset($a_instance[$instanceid]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid}");
/*************************************************/
/* Update the snort.conf file and rebuild the */
@@ -279,16 +289,17 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
/* Soft-restart Snort to live-load the new rules */
snort_reload_config($a_instance[$instanceid]);
- $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
+ /* Give Snort a couple seconds to reload the configuration */
+ sleep(2);
+
+ $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
-if ($_GET['action'] == "clear" || $_POST['delete']) {
+if ($_POST['delete']) {
snort_post_delete_logs($snort_uuid);
- $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
- if ($fd)
- fclose($fd);
+ file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", "");
/* XXX: This is needed if snort is run as snort user */
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ mwexec("/bin/chmod 660 {$snortlogdir}/*", true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
@@ -298,7 +309,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($_POST['download']) {
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
- exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
+ exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
if (file_exists("/tmp/{$file_name}")) {
ob_start(); //important or other posts will fail
@@ -338,16 +349,21 @@ include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php?instance={$instanceid}\" />\n";
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
- print_info_box($savemsg);
- }
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="/snort/snort_alerts.php" method="post" id="formalert">
+<input type="hidden" name="instance" id="instance" value="<?=$instanceid;?>"/>
+<input type="hidden" name="sidid" id="sidid" value=""/>
+<input type="hidden" name="gen_id" id="gen_id" value=""/>
+<input type="hidden" name="ip" id="ip" value=""/>
+<input type="hidden" name="descr" id="descr" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -357,10 +373,11 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php?instance={$instanceid}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -372,13 +389,13 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<tr>
<td width="22%" class="vncell"><?php echo gettext('Instance to inspect'); ?></td>
<td width="78%" class="vtable">
- <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()">
+ <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ")&nbsp;{$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -386,22 +403,23 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<tr>
<td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
- 'log files will be saved.'); ?>&nbsp;&nbsp;<a href="/snort/snort_alerts.php?action=clear&instance=<?=$instanceid;?>">
+ <input name="download" type="submit" class="formbtns" value="Download"
+ title="<?=gettext("Download interface log files as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext('All log files will be saved.');?>&nbsp;&nbsp;
<input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
- <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
+ onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/>
+ &nbsp;<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save">
- <?php echo gettext('Refresh'); ?> <input name="arefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
- <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;<?php echo gettext('Refresh');?>&nbsp;&nbsp;<input name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/>
+ <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/>
+ &nbsp;<?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -410,39 +428,39 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
</tr>
<tr>
<td width="100%" colspan="2">
- <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="9%" align="center" axis="date">
- <col width="45" align="center" axis="number">
- <col width="65" align="center" axis="string">
+ <col width="10%" align="center" axis="date">
+ <col width="40" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="10%" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
+ <col width="7%" align="center" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
- <col width="9%" align="center" axis="number">
+ <col width="7%" align="center" axis="string">
+ <col width="10%" align="center" axis="number">
<col axis="string">
</colgroup>
<thead>
<tr>
- <th class="listhdrr" axis="date"><?php echo gettext("DATE"); ?></th>
- <th class="listhdrr" axis="number"><?php echo gettext("PRI"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("PROTO"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("CLASS"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SRC"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SPORT"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DST"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DPORT"); ?></th>
+ <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th>
+ <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th>
</tr>
</thead>
<tbody>
<?php
/* make sure alert file exists */
-if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -{$anentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
+if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
if (file_exists("/tmp/alert_{$snort_uuid}")) {
$tmpblocked = array_flip(snort_get_blocked_ips());
$counter = 0;
@@ -450,7 +468,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
$fd = fopen("/tmp/alert_{$snort_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) < 13)
continue;
/* Time */
@@ -482,9 +500,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
- $alert_ip_src .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[6])) . "'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>";
+ $alert_ip_src .= "&nbsp;&nbsp;<input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[6]}','{$alert_descr}');\" ";
+ $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'>";
}
elseif (isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
$alert_ip_src .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -492,9 +510,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[6]])) {
- $alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[6])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_src .= "&nbsp;<input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[6]}';\" ";
+ $alert_ip_src .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>";
}
/* IP SRC Port */
$alert_src_p = $fields[7];
@@ -515,9 +532,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
- $alert_ip_dst .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[8])) . "'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>";
+ $alert_ip_dst .= "&nbsp;&nbsp;<input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[8]}','{$alert_descr}');\" ";
+ $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>";
}
elseif (isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
$alert_ip_dst .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -525,18 +542,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[8]])) {
- $alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[8])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_dst .= "&nbsp;<input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[8]}';\" ";
+ $alert_ip_dst .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>";
}
/* IP DST Port */
$alert_dst_p = $fields[9];
/* SID */
$alert_sid_str = "{$fields[1]}:{$fields[2]}";
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2])) {
- $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}'>";
- $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>";
+ $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','{$alert_descr}');\" ";
+ $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>";
}
else {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -544,31 +560,31 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for toggling rule state */
if (isset($disablesid[$fields[1]][$fields[2]])) {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block_d.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>";
}
else {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Click to force-disable rule and remove from current rules set.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
$alert_class = $fields[11];
+ /* Write out a table row */
echo "<tr>
<td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td>
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
- <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
-
$counter++;
}
fclose($fd);
@@ -588,6 +604,21 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
<?php
include("fend.inc");
?>
-
+<script type="text/javascript">
+function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
+
+ // This function stuffs the passed GID, SID
+ // and other values into hidden Form Fields
+ // for postback.
+ if (typeof srcipip == "undefined")
+ var srcipip = "";
+ if (typeof ruledescr == "undefined")
+ var ruledescr = "";
+ document.getElementById("sidid").value = rulesid;
+ document.getElementById("gen_id").value = rulegid;
+ document.getElementById("ip").value = srcip;
+ document.getElementById("descr").value = ruledescr;
+}
+</script>
</body>
</html>
diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php
new file mode 100644
index 00000000..0700ef2a
--- /dev/null
+++ b/config/snort/snort_alerts.widget.php
@@ -0,0 +1,246 @@
+<?php
+/*
+ snort_alerts.widget.php
+ Copyright (C) 2009 Jim Pingle
+ mod 24-07-2012
+ mod 28-02-2014 by Bill Meeks
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$nocsrf = true;
+
+require_once("guiconfig.inc");
+require_once("/usr/local/www/widgets/include/widget-snort.inc");
+
+global $config, $g;
+
+/* retrieve snort variables */
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+
+// Test pfSense version and set different CSS class variables
+// depending on version. 2.1 offers enhanced CSS styles.
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pfs_version > '2.0') {
+ $alertRowEvenClass = "listMReven";
+ $alertRowOddClass = "listMRodd";
+ $alertColClass = "listMRr";
+}
+else {
+ $alertRowEvenClass = "listr";
+ $alertRowOddClass = "listr";
+ $alertColClass = "listr";
+}
+
+/* check if Snort widget alert display lines value is set */
+$snort_nentries = $config['widgets']['widget_snort_display_lines'];
+if (!isset($snort_nentries) || $snort_nentries < 0)
+ $snort_nentries = 5;
+
+/* array sorting of the alerts */
+function sksort(&$array, $subkey="id", $sort_ascending=false) {
+ /* an empty array causes sksort to fail - this test alleviates the error */
+ if(empty($array))
+ return false;
+ if (count($array)) {
+ $temp_array[key($array)] = array_shift($array);
+ };
+ foreach ($array as $key => $val){
+ $offset = 0;
+ $found = false;
+ foreach ($temp_array as $tmp_key => $tmp_val) {
+ if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) {
+ $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset));
+ $found = true;
+ };
+ $offset++;
+ };
+ if (!$found) $temp_array = array_merge($temp_array, array($key => $val));
+ };
+
+ if ($sort_ascending) {
+ $array = array_reverse($temp_array);
+ } else $array = $temp_array;
+ /* below is the complement for empty array test */
+ return true;
+};
+
+// Called by Ajax to update the "snort-alert-entries" <tbody> table element's contents
+if (isset($_GET['getNewAlerts'])) {
+ $response = "";
+ $s_alerts = snort_widget_get_alerts();
+ $counter = 0;
+ foreach ($s_alerts as $a) {
+ $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||";
+ $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n";
+ $counter++;
+ if($counter >= $snort_nentries)
+ break;
+ }
+ echo $response;
+ return;
+}
+
+// See if saving new display line count value
+if(isset($_POST['widget_snort_display_lines'])) {
+ $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines'];
+ write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard");
+ header("Location: ../../index.php");
+}
+
+// Read "$snort_nentries" worth of alerts from the top of the alert.log file
+// of each configured interface, and then return the most recent '$snort_entries'
+// alerts in a sorted array (most recent alert first).
+function snort_widget_get_alerts() {
+
+ global $config, $a_instance, $snort_nentries;
+ $snort_alerts = array();
+ /* read log file(s) */
+ $counter=0;
+ foreach ($a_instance as $instanceid => $instance) {
+ $snort_uuid = $a_instance[$instanceid]['uuid'];
+ $if_real = get_real_interface($a_instance[$instanceid]['interface']);
+
+ /* make sure alert file exists, then "tail" the last '$snort_nentries' from it */
+ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -{$snort_nentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_snort{$snort_uuid}");
+
+ if (file_exists("/tmp/alert_snort{$snort_uuid}")) {
+
+ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
+ /* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
+ $fd = fopen("/tmp/alert_snort{$snort_uuid}", "r");
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 13)
+ continue;
+
+ // Get the Snort interface this alert was received from
+ $snort_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']);
+
+ // "fields[0]" is the complete timestamp in ASCII form. Convert
+ // to a UNIX timestamp so we can use it for various date and
+ // time formatting. Also extract the MM/DD/YY component and
+ // reverse its order to YY/MM/DD for proper sorting.
+ $fields[0] = trim($fields[0]); // remove trailing space before comma delimiter
+ $tstamp = strtotime(str_replace("-", " ", $fields[0])); // remove "-" between date and time components
+ $tmp = substr($fields[0],6,2) . '/' . substr($fields[0],0,2) . '/' . substr($fields[0],3,2);
+ $snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0],0,8),$tmp,$fields[0]);
+
+ $snort_alerts[$counter]['timeonly'] = date("H:i:s", $tstamp);
+ $snort_alerts[$counter]['dateonly'] = date("M d", $tstamp);
+ // Add square brackets around any any IPv6 address
+ if (strpos($fields[6], ":") === FALSE)
+ $snort_alerts[$counter]['src'] = trim($fields[6]);
+ else
+ $snort_alerts[$counter]['src'] = "[" . trim($fields[6]) . "]";
+ // Add the SRC PORT if not null
+ if (!empty($fields[7]))
+ $snort_alerts[$counter]['src'] .= ":" . trim($fields[7]);
+ // Add square brackets around any any IPv6 address
+ if (strpos($fields[8], ":") === FALSE)
+ $snort_alerts[$counter]['dst'] = trim($fields[8]);
+ else
+ $snort_alerts[$counter]['dst'] = "[" . trim($fields[8]) . "]";
+ // Add the DST PORT if not null
+ if (!empty($fields[9]))
+ $snort_alerts[$counter]['dst'] .= ":" . trim($fields[9]);
+ $snort_alerts[$counter]['priority'] = trim($fields[12]);
+ $snort_alerts[$counter]['category'] = trim($fields[11]);
+ $counter++;
+ };
+ fclose($fd);
+ @unlink("/tmp/alert_snort{$snort_uuid}");
+ };
+ };
+ };
+
+ /* sort the alerts array */
+ if (isset($config['syslog']['reverse'])) {
+ sksort($snort_alerts, 'timestamp', false);
+ } else {
+ sksort($snort_alerts, 'timestamp', true);
+ };
+
+ return $snort_alerts;
+}
+?>
+
+<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" />
+<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;">
+ <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd">
+ Enter number of recent alerts to display (default is 5)<br/>
+ <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" />
+ &nbsp;&nbsp;<input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" />
+ </form>
+</div>
+
+<table id="snort-alert-tbl" width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;">
+ <colgroup>
+ <col style="width: 24%;" />
+ <col style="width: 38%;" />
+ <col style="width: 38%;" />
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="widgetsubheader"><?=gettext("IF/Date");?></th>
+ <th class="widgetsubheader"><?=gettext("Src/Dst Address");?></th>
+ <th class="widgetsubheader"><?=gettext("Classification");?></th>
+ </tr>
+ </thead>
+ <tbody id="snort-alert-entries">
+ <?php
+ $snort_alerts = snort_widget_get_alerts();
+ $counter=0;
+ if (is_array($snort_alerts)) {
+ foreach ($snort_alerts as $alert) {
+ $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass;
+ echo(" <tr class='" . $alertRowClass . "'>
+ <td class='" . $alertColClass . "'>" . $alert['instanceid'] . "&nbsp;" . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td>
+ <td class='" . $alertColClass . "' style='overflow: hidden; text-overflow: ellipsis;' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td>
+ <td class='" . $alertColClass . "'>Priority: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>");
+ $counter++;
+ if($counter >= $snort_nentries)
+ break;
+ }
+ }
+ ?>
+ </tbody>
+</table>
+
+<script type="text/javascript">
+//<![CDATA[
+<!-- needed in the snort_alerts.js file code -->
+ var snortupdateDelay = 10000; // update every 10 seconds
+ var snort_nentries = <?=$snort_nentries;?>; // number of alerts to display (5 is default)
+ var snortWidgetRowEvenClass = "<?=$alertRowEvenClass;?>"; // allows alternating background on 2.1 and higher
+ var snortWidgetRowOddClass = "<?=$alertRowOddClass;?>"; // allows alternating background on 2.1 and higher
+ var snortWidgetColClass = "<?=$alertColClass;?>"; // sets column CSS style (different on 2.1 and higher)
+
+<!-- needed to display the widget settings menu -->
+ selectIntLink = "snort_alerts-configure";
+ textlink = document.getElementById(selectIntLink);
+ textlink.style.display = "inline";
+//]]>
+</script>
+
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 2457b573..902c1637 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,9 +35,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -47,63 +50,151 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$pconfig = array();
+
+// The keys in the $retentions array are the retention period
+// converted to hours.
+$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'),
+ '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'),
+ '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") );
+
+$log_sizes = array( '0' => gettext('NO LIMIT'), '8' => gettext('8 MB'), '16' => gettext('16 MB'), '32' => gettext('32 MB'),
+ '64' => gettext('64 MB'), '128' => gettext('128 MB'), '256' => gettext('256 MB') );
+
if (isset($id) && $a_nat[$id]) {
- /* old options */
$pconfig = $a_nat[$id];
if (!empty($a_nat[$id]['barnconfigpassthru']))
$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+ if (!empty($a_nat[$id]['barnyard_dbpwd']))
+ $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']);
+ if (empty($a_nat[$id]['barnyard_show_year']))
+ $pconfig['barnyard_show_year'] = "on";
+ if (empty($a_nat[$id]['unified2_log_limit']))
+ $pconfig['unified2_log_limit'] = "32";
+ if (empty($a_nat[$id]['barnyard_archive_enable']))
+ $pconfig['barnyard_archive_enable'] = "on";
+ if (empty($a_nat[$id]['u2_archived_log_retention']))
+ $pconfig['u2_archived_log_retention'] = "168";
+ if (empty($a_nat[$id]['barnyard_obfuscate_ip']))
+ $pconfig['barnyard_obfuscate_ip'] = "off";
+ if (empty($a_nat[$id]['barnyard_syslog_dport']))
+ $pconfig['barnyard_syslog_dport'] = "514";
+ if (empty($a_nat[$id]['barnyard_syslog_proto']))
+ $pconfig['barnyard_syslog_proto'] = "udp";
+ if (empty($a_nat[$id]['barnyard_syslog_opmode']))
+ $pconfig['barnyard_syslog_opmode'] = "default";
+ if (empty($a_nat[$id]['barnyard_syslog_facility']))
+ $pconfig['barnyard_syslog_facility'] = "LOG_USER";
+ if (empty($a_nat[$id]['barnyard_syslog_priority']))
+ $pconfig['barnyard_syslog_priority'] = "LOG_INFO";
+ if (empty($a_nat[$id]['barnyard_bro_ids_dport']))
+ $pconfig['barnyard_bro_ids_dport'] = "47760";
}
-if (isset($_GET['dup']))
- unset($id);
+if ($_POST['save']) {
+ // Check that at least one output plugin is enabled
+ if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' &&
+ $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on")
+ $input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
-if ($_POST) {
+ // Validate inputs if MySQL database loggging enabled
+ if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_dbhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host.");
+ if (empty($_POST['barnyard_dbname']))
+ $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database.");
+ if (empty($_POST['barnyard_dbuser']))
+ $input_errors[] = gettext("You must provide a DB user login name when logging to a MySQL database.");
+ }
+
+ // Validate inputs if syslog output enabled
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if ($_POST['barnyard_log_vlan_events'] == 'on' || $_POST['barnyard_log_mpls_events'] == 'on')
+ $input_errors[] = gettext("Logging of VLAN or MPLS events is not compatible with syslog output. You must disable VLAN and MPLS event type logging when using the syslog output option.");
+ }
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' &&
+ $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port.");
+ if (empty($_POST['barnyard_syslog_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host.");
+ }
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
- if ($natent['interface'] != $_POST['interface'])
- $input_error[] = "This interface has already an instance defined";
+ // Validate inputs if Bro-IDS output enabled
+ if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port.");
+ if (empty($_POST['barnyard_bro_ids_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host.");
}
- /* if no errors write to conf */
+ // if no errors write to conf
if (!$input_errors) {
$natent = array();
/* repost the options already in conf */
$natent = $pconfig;
$natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
- if ($_POST['barnyard_mysql']) $natent['barnyard_mysql'] = $_POST['barnyard_mysql']; else unset($natent['barnyard_mysql']);
+ $natent['barnyard_show_year'] = $_POST['barnyard_show_year'] ? 'on' : 'off';
+ $natent['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'] ? 'on' : 'off';
+ $natent['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'] ? 'on' : 'off';
+ $natent['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'] ? 'on' : 'off';
+ $natent['barnyard_log_vlan_events'] = $_POST['barnyard_log_vlan_events'] ? 'on' : 'off';
+ $natent['barnyard_log_mpls_events'] = $_POST['barnyard_log_mpls_events'] ? 'on' : 'off';
+ $natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
+ $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
+ $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off';
+ $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
+ $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
+
+ if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']);
+ if ($_POST['u2_archived_log_retention']) $natent['u2_archived_log_retention'] = $_POST['u2_archived_log_retention']; else unset($natent['u2_archived_log_retention']);
+ if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
+ if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
+ if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
+ if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']);
+ if ($_POST['barnyard_dbpwd']) $natent['barnyard_dbpwd'] = base64_encode($_POST['barnyard_dbpwd']); else unset($natent['barnyard_dbpwd']);
+ if ($_POST['barnyard_syslog_rhost']) $natent['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; else unset($natent['barnyard_syslog_rhost']);
+ if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514';
+ if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER';
+ if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO';
+ if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']);
+ if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760';
if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
- if ($_POST['barnyard_enable'] == "on")
- $natent['snortunifiedlog'] = 'on';
- else
- $natent['snortunifiedlog'] = 'off';
-
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- $a_nat[] = $natent;
- }
- write_config();
+ $a_nat[$id] = $natent;
+ write_config("Snort pkg: modified Barnyard2 settings.");
- /* No need to rebuild rules if just toggling Barnyard2 on or off */
+ // No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
sync_snort_package_config();
- /* after click go to this page */
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: snort_barnyard.php?id=$id");
- exit;
+ // If disabling Barnyard2 on the interface, stop any
+ // currently running instance. If an instance is
+ // running, signal it to reload the configuration.
+ // If Barnyard2 is enabled but not running, notify the
+ // user to restart Snort to enable Unified2 output.
+ if ($a_nat[$id]['barnyard_enable'] == "off") {
+ snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
+ elseif ($a_nat[$id]['barnyard_enable'] == "on") {
+ if (snort_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2"))
+ snort_barnyard_reload_config($a_nat[$id], "HUP");
+ else {
+ // Notify user a Snort restart is required if enabling Barnyard2 for the first time
+ $savemsg = gettext("NOTE: you must restart Snort on this interface to activate unified2 logging for Barnyard2.");
+ }
+ }
+ $pconfig = $natent;
+ }
+ else {
+ // We had errors, so save previous field data to prevent retyping
+ $pconfig = $_POST;
}
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Barnyard2 Settings");
include_once("head.inc");
@@ -111,21 +202,6 @@ include_once("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<script language="JavaScript">
-<!--
-
-function enable_change(enable_change) {
- endis = !(document.iform.barnyard_enable.checked || enable_change);
- // make shure a default answer is called if this is envoked.
- endis2 = (document.iform.barnyard_enable);
-
- document.iform.barnyard_mysql.disabled = endis;
- document.iform.barnconfigpassthru.disabled = endis;
-}
-//-->
-</script>
<?php
@@ -138,10 +214,10 @@ function enable_change(enable_change) {
print_info_box($savemsg);
}
- ?>
+?>
-<form action="snort_barnyard.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>" /> </td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -149,23 +225,25 @@ function enable_change(enable_change) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -178,46 +256,282 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td>
<td width="78%" class="vtable">
- <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)">
+ <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"/>
<strong><?php echo gettext("Enable Barnyard2"); ?></strong><br/>
- <?php echo gettext("This will enable barnyard2 for this interface. You will also have to set the database credentials."); ?></td>
+ <?php echo gettext("This will enable barnyard2 for this interface. You will also to enable at least one logging destination below."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Show Year"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_show_year" type="checkbox" value="on" <?php if ($pconfig['barnyard_show_year'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable the year being shown in timestamps. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
+ <td width="78%" class="vtable"><select name="unified2_log_limit" class="formselect" id="unified2_log_limit">
+ <?php foreach ($log_sizes as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['unified2_log_limit']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?php echo gettext("Choose a Unified2 Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/><br/>
+ <?php echo gettext("This sets the maximum size for a Unified2 Log file before it is rotated and a new one created."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable the archiving of processed unified2 log files. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?><br/>
+ <?php echo gettext("Unified2 log files will be moved to an archive folder for subsequent cleanup when processed."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="u2_archived_log_retention" class="formselect" id="u2_archived_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['u2_archived_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When Barnyard2 output is enabled, Snort writes event data to a binary format file that Barnyard2 reads and processes. ") .
+ gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") .
+ gettext("remain in the archive folder before they are automatically deleted.");?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Dump Payload"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dump_payload" type="checkbox" value="on" <?php if ($pconfig['barnyard_dump_payload'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable dumping of application data from unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Obfuscate IP Addresses"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_obfuscate_ip" type="checkbox" value="on" <?php if ($pconfig['barnyard_obfuscate_ip'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>
+ </td>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log VLAN Events"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_log_vlan_events" type="checkbox" value="on" <?php if ($pconfig['barnyard_log_vlan_events'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable logging of VLAN event types in unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log MPLS Events"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_log_mpls_events" type="checkbox" value="on" <?php if ($pconfig['barnyard_log_mpls_events'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable logging of MPLS event types in unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_sensor_name" type="text" class="formfld unknown"
+ id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/>
+ &nbsp;<?php echo gettext("Unique name for this sensor. Leave blank to use internal default."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable MySQL Database"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_mysql_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_mysql_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/>
+ <?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td>
+ </tr>
+ <tbody id="mysql_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbhost" type="text" class="formfld host"
+ id="barnyard_dbhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of the MySQL database server"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbname" type="text" class="formfld unknown"
+ id="barnyard_dbname" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbname']);?>"/>
+ &nbsp;<?php echo gettext("Instance or DB name of the MySQL database"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbuser" type="text" class="formfld user"
+ id="barnyard_dbuser" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbuser']);?>"/>
+ &nbsp;<?php echo gettext("Username for the MySQL database"); ?>
+ </td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Settings"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Password"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbpwd" type="password" class="formfld pwd"
+ id="barnyard_dbpwd" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbpwd']);?>"/>
+ &nbsp;<?php echo gettext("Password for the MySQL database user"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Snort instances."); ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Syslog"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_syslog()"/>
+ <?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td>
+ </tr>
+ <tbody id="syslog_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_default"
+ value="default" <?php if ($pconfig['barnyard_syslog_opmode'] == 'default') echo "checked";?>/>
+ <?php echo gettext("DEFAULT"); ?>&nbsp;<input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_complete"
+ value="complete" <?php if ($pconfig['barnyard_syslog_opmode'] == 'complete') echo "checked";?>/>
+ <?php echo gettext("COMPLETE"); ?>&nbsp;&nbsp;
+ <?php echo gettext("Select the level of detail to include when reporting"); ?><br/><br/>
+ <?php echo gettext("DEFAULT mode is compatible with the standard Snort syslog format. COMPLETE mode includes additional information such as the raw packet data (displayed in hex format)."); ?>
+ </td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Log to a MySQL Database"); ?></td>
- <td width="78%" class="vtable"><input name="barnyard_mysql"
- type="text" class="formfld unknown" id="barnyard_mysql" style="width:95%;" size="85"
- value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br/>
- <span class="vexpl"><?php echo gettext("Example: output database: alert, mysql, " .
- "dbname=snort user=snort host=localhost password=xyz"); ?><br/>
- <?php echo gettext("Example: output database: log, mysql, dbname=snort user=snort " .
- "host=localhost password=xyz"); ?></span></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Only"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?>
+ onClick="toggle_local_syslog()"/>
+ <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/>
+ <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_rhost" type="text" class="formfld host"
+ id="barnyard_syslog_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote syslog host"); ?>
+ </td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_dport" type="text" class="formfld unknown"
+ id="barnyard_syslog_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for syslog on remote host. Default is ") . "<strong>" . gettext("514") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_udp"
+ value="udp" <?php if ($pconfig['barnyard_syslog_proto'] == 'udp') echo "checked";?>/>
+ <?php echo gettext("UDP"); ?>&nbsp;<input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_tcp"
+ value="tcp" <?php if ($pconfig['barnyard_syslog_proto'] == 'tcp') echo "checked";?>/>
+ <?php echo gettext("TCP"); ?>&nbsp;&nbsp;
+ <?php echo gettext("Select IP protocol to use for remote reporting. Default is ") . "<strong>" . gettext("UDP") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_syslog_facility" id="barnyard_syslog_facility" class="formselect">
+ <?php
+ $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL1",
+ "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" );
+ foreach ($log_facility as $facility) {
+ $selected = "";
+ if ($facility == $pconfig['barnyard_syslog_facility'])
+ $selected = " selected";
+ echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_syslog_priority" id="barnyard_syslog_priority" class="formselect">
+ <?php
+ $log_priority = array( "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" );
+ foreach ($log_priority as $priority) {
+ $selected = "";
+ if ($priority == $pconfig['barnyard_syslog_priority'])
+ $selected = " selected";
+ echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_bro_ids()"/>
+ <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td>
+ </tr>
+ <tbody id="bro_ids_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_rhost" type="text" class="formfld host"
+ id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown"
+ id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration " .
- "pass through"); ?></td>
+ "pass-through"); ?></td>
<td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;"
cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
<br/>
- <?php echo gettext("Arguments here will be automatically inserted into the running " .
+ <?php echo gettext("Arguments entered here will be automatically inserted into the running " .
"barnyard2 configuration."); ?></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="id" type="hidden" value="<?=$id;?>"> </td>
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save Barnyard2 configuration");?>" />
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span></span>
<br/>
- <?php echo gettext("Please save your settings before you click start."); ?> </td>
+ <?php echo gettext("Remember to save your settings before you leave this tab."); ?> </td>
</tr>
</table>
</div>
@@ -225,10 +539,107 @@ function enable_change(enable_change) {
</tr>
</table>
</form>
+
<script language="JavaScript">
-<!--
+function toggle_mySQL() {
+ var endis = !document.iform.barnyard_mysql_enable.checked;
+
+ document.iform.barnyard_dbhost.disabled = endis;
+ document.iform.barnyard_dbname.disabled = endis;
+ document.iform.barnyard_dbuser.disabled = endis;
+ document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
+
+ if (endis)
+ document.getElementById("mysql_config_rows").style.display = "none";
+ else
+ document.getElementById("mysql_config_rows").style.display = "";
+}
+
+function toggle_syslog() {
+ var endis = !document.iform.barnyard_syslog_enable.checked;
+
+ document.iform.barnyard_syslog_opmode_default.disabled = endis;
+ document.iform.barnyard_syslog_opmode_complete.disabled = endis;
+ document.iform.barnyard_syslog_local.disabled = endis;
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+
+ if (endis)
+ document.getElementById("syslog_config_rows").style.display = "none";
+ else
+ document.getElementById("syslog_config_rows").style.display = "";
+}
+
+function toggle_local_syslog() {
+ var endis = document.iform.barnyard_syslog_local.checked;
+
+ if (document.iform.barnyard_syslog_enable.checked) {
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+ }
+}
+
+function toggle_bro_ids() {
+ var endis = !document.iform.barnyard_bro_ids_enable.checked;
+
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+
+ if (endis)
+ document.getElementById("bro_ids_config_rows").style.display = "none";
+ else
+ document.getElementById("bro_ids_config_rows").style.display = "";
+}
+
+function enable_change(enable_change) {
+ endis = !(document.iform.barnyard_enable.checked || enable_change);
+ // make sure a default answer is called if this is invoked.
+ endis2 = (document.iform.barnyard_enable);
+ document.iform.unified2_log_limit.disabled = endis;
+ document.iform.barnyard_archive_enable.disabled = endis;
+ document.iform.u2_archived_log_retention.disabled = endis;
+ document.iform.barnyard_show_year.disabled = endis;
+ document.iform.barnyard_dump_payload.disabled = endis;
+ document.iform.barnyard_obfuscate_ip.disabled = endis;
+ document.iform.barnyard_log_vlan_events.disabled = endis;
+ document.iform.barnyard_log_mpls_events.disabled = endis;
+ document.iform.barnyard_sensor_name.disabled = endis;
+ document.iform.barnyard_mysql_enable.disabled = endis;
+ document.iform.barnyard_dbhost.disabled = endis;
+ document.iform.barnyard_dbname.disabled = endis;
+ document.iform.barnyard_dbuser.disabled = endis;
+ document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
+ document.iform.barnyard_syslog_enable.disabled = endis;
+ document.iform.barnyard_syslog_local.disabled = endis;
+ document.iform.barnyard_syslog_opmode_default.disabled = endis;
+ document.iform.barnyard_syslog_opmode_complete.disabled = endis;
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+ document.iform.barnyard_bro_ids_enable.disabled = endis;
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+ document.iform.barnconfigpassthru.disabled = endis;
+}
+
enable_change(false);
-//-->
+toggle_mySQL();
+toggle_syslog();
+toggle_local_syslog();
+toggle_bro_ids();
</script>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 4fc470d3..76d5a9df 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -34,6 +34,8 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+$snortlogdir = SNORTLOGDIR;
+
// Grab pfSense version so we can refer to it later on this page
$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -48,14 +50,14 @@ if (empty($pconfig['blertnumber']))
else
$bnentries = $pconfig['blertnumber'];
-if ($_POST['todelete'] || $_GET['todelete']) {
+if ($_POST['todelete']) {
$ip = "";
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- else if($_GET['todelete'])
- $ip = $_GET['todelete'];
+ if ($_POST['ip'])
+ $ip = $_POST['ip'];
if (is_ipaddr($ip))
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+ else
+ $input_errors[] = gettext("An invalid IP address was provided as a parameter.");
}
if ($_POST['remove']) {
@@ -117,7 +119,7 @@ if ($_POST['save'])
$config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
- write_config();
+ write_config("Snort pkg: updated BLOCKED tab settings.");
header("Location: /snort/snort_blocked.php");
exit;
@@ -140,12 +142,19 @@ include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['brefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
-?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
-<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="/snort/snort_blocked.php" method="post">
+<input type="hidden" name="ip" id="ip" value=""/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -156,10 +165,11 @@ if ($pconfig['brefresh'] == 'on')
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -172,22 +182,23 @@ if ($pconfig['brefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext("All " .
- "blocked hosts will be saved."); ?>&nbsp;&nbsp;<input name="remove" type="submit"
- class="formbtns" value="Clear">&nbsp;<span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>
- <?php echo gettext("all hosts will be removed."); ?>
+ <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext("All blocked hosts will be saved."); ?>&nbsp;&nbsp;
+ <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>"
+ onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/>&nbsp;
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>&nbsp;<?php echo gettext("all hosts will be removed."); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save"> <?php echo gettext("Refresh"); ?> <input
- name="brefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
- <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;<input
- name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
- size="5" value="<?=htmlspecialchars($bnentries);?>"> <?php printf(gettext("Enter the " .
- "number of blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;&nbsp;<?php echo gettext("Refresh"); ?>&nbsp;<input name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>/>
+ &nbsp;<?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"/>&nbsp;<?php printf(gettext("Enter number of " .
+ "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -225,13 +236,13 @@ if ($pconfig['brefresh'] == 'on')
if (!empty($blocked_ips_array)) {
$tmpblocked = array_flip($blocked_ips_array);
$src_ip_list = array();
- foreach (glob("/var/log/snort/*/alert") as $alertfile) {
+ foreach (glob("{$snortlogdir}/*/alert") as $alertfile) {
$fd = fopen($alertfile, "r");
if ($fd) {
/* 0 1 2 3 4 5 6 7 8 9 10 11 12
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) < 13)
continue;
if (isset($tmpblocked[$fields[6]])) {
@@ -280,8 +291,9 @@ if ($pconfig['brefresh'] == 'on')
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
- <td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
- <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\">
+ <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\"
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td>
</tr>\n";
}
}
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index 038a11cd..a5b9e65e 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -1,10 +1,11 @@
<?php
/*
- * snort_chk_log_dir_size.php
+ * snort_check_cron_misc.inc
* part of pfSense
*
- * Modified for the Pfsense snort package v. 1.8+
+ * Modified for the pfSense snort package v. 1.8+
* Copyright (C) 2009-2010 Robert Zelaya Developer
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,68 +32,98 @@
require_once("/usr/local/pkg/snort/snort.inc");
-// 'B' => 1,
-// 'KB' => 1024,
-// 'MB' => 1024 * 1024,
-// 'GB' => 1024 * 1024 * 1024,
-// 'TB' => 1024 * 1024 * 1024 * 1024,
-// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+$snortlogdir = SNORTLOGDIR;
+function snort_check_dir_size_limit($snortloglimitsize) {
-/* chk if snort log dir is full if so clear it */
-$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
-$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+ /********************************************************
+ * This function checks the total size of the Snort *
+ * logging sub-directory structure and prunes the files *
+ * for all Snort interfaces if the size exceeds the *
+ * passed limit. *
+ * *
+ * On Entry: $snortloglimitsize = dir size limit in *
+ * in megabytes *
+ ********************************************************/
-if ($g['booting']==true)
- return;
+ global $g, $config;
-if ($snortloglimit == 'off')
- return;
+ // Convert Log Limit Size setting from MB to KB
+ $snortloglimitsizeKB = round($snortloglimitsize * 1024);
+ $snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
+ if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
+ log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
+ conf_mount_rw();
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
+ // Truncate the Rules Update Log file if it exists
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
+ @file_put_contents(RULES_UPD_LOGFILE, "");
+ }
-/* Convert Log Limit Size setting from MB to KB */
-$snortloglimitsizeKB = round($snortloglimitsize * 1024);
-$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
-if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
- log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
- conf_mount_rw();
-
- /* Truncate the Rules Update Log file if it exists */
- if (file_exists(RULES_UPD_LOGFILE)) {
- log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
- $fd = @fopen(RULES_UPD_LOGFILE, "w+");
- if ($fd)
- fclose($fd);
- }
+ // Clean-up the logs for each configured Snort instance
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $snort_uuid = $value['uuid'];
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+ log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
+ snort_post_delete_logs($snort_uuid);
+
+ // Truncate the alert log file if it exists
+ if (file_exists("{$snort_log_dir}/alert")) {
+ @file_put_contents("{$snort_log_dir}/alert", "");
+ }
- /* Clean-up the logs for each configured Snort instance */
- foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $snort_uuid = $value['uuid'];
- $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
- log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
- snort_post_delete_logs($snort_uuid);
-
- /* Truncate the alert log file if it exists */
- if (file_exists("{$snort_log_dir}/alert")) {
- $fd = @fopen("{$snort_log_dir}/alert", "w+");
- if ($fd)
- fclose($fd);
+ // This is needed if snort is run as snort user
+ mwexec('/bin/chmod 660 {$snort_log_dir}/*', true);
+
+ // Soft-restart Snort process to resync logging
+ if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
+ mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+ }
}
+ conf_mount_ro();
+ log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
+ }
+}
+
+/*************************
+ * Start of main code *
+ *************************/
+
+// If firewall is booting, do nothing
+if ($g['booting'] == true)
+ return;
- /* This is needed if snort is run as snort user */
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
+// If no interfaces defined, there is nothing to clean up
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- /* Soft-restart Snort process to resync logging */
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
- log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+// Check unified2 archived log retention in the interface logging directories if enabled
+foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}";
+ if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*");
+ $prune_count = 0;
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) {
+ $prune_count++;
+ unlink_if_exists($f);
+ }
}
+ unset($files);
+ if ($prune_count > 0)
+ log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s)..."));
}
- conf_mount_ro();
- log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
}
+// Check the overall log directory limit (if enabled) and prune if necessary
+if ($config['installedpackages']['snortglobal']['snortloglimit'] == 'on')
+ snort_check_dir_size_limit($config['installedpackages']['snortglobal']['snortloglimitsize']);
+
+return;
+
?>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index e13c3bef..667f4044 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -5,7 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -62,10 +62,13 @@ if (!defined("ET_OPEN_FILE_PREFIX"))
define("ET_OPEN_FILE_PREFIX", "emerging-");
if (!defined("ET_PRO_FILE_PREFIX"))
define("ET_PRO_FILE_PREFIX", "etpro-");
+if (!defined("IPREP_PATH"))
+ define("IPREP_PATH", "/var/db/snort/iprep/");
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
+$snortiprepdir = IPREP_PATH;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
/* Save the state of $pkg_interface so we can restore it */
@@ -95,7 +98,7 @@ exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26
// Save the version with decimal delimiters for use in extracting the rules
$snort_version = $snortver[0];
if (empty($snort_version))
- $snort_version = "2.9.5.6";
+ $snort_version = "2.9.6.0";
// Create a collapsed version string for use in the tarball filename
$snortver[0] = str_replace(".", "", $snortver[0]);
@@ -150,22 +153,54 @@ function snort_download_file_url($url, $file_out) {
global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update;
+ $rfc2616 = array(
+ 100 => "100 Continue",
+ 101 => "101 Switching Protocols",
+ 200 => "200 OK",
+ 201 => "201 Created",
+ 202 => "202 Accepted",
+ 203 => "203 Non-Authoritative Information",
+ 204 => "204 No Content",
+ 205 => "205 Reset Content",
+ 206 => "206 Partial Content",
+ 300 => "300 Multiple Choices",
+ 301 => "301 Moved Permanently",
+ 302 => "302 Found",
+ 303 => "303 See Other",
+ 304 => "304 Not Modified",
+ 305 => "305 Use Proxy",
+ 306 => "306 (Unused)",
+ 307 => "307 Temporary Redirect",
+ 400 => "400 Bad Request",
+ 401 => "401 Unauthorized",
+ 402 => "402 Payment Required",
+ 403 => "403 Forbidden",
+ 404 => "404 Not Found",
+ 405 => "405 Method Not Allowed",
+ 406 => "406 Not Acceptable",
+ 407 => "407 Proxy Authentication Required",
+ 408 => "408 Request Timeout",
+ 409 => "409 Conflict",
+ 410 => "410 Gone",
+ 411 => "411 Length Required",
+ 412 => "412 Precondition Failed",
+ 413 => "413 Request Entity Too Large",
+ 414 => "414 Request-URI Too Long",
+ 415 => "415 Unsupported Media Type",
+ 416 => "416 Requested Range Not Satisfiable",
+ 417 => "417 Expectation Failed",
+ 500 => "500 Internal Server Error",
+ 501 => "501 Not Implemented",
+ 502 => "502 Bad Gateway",
+ 503 => "503 Service Unavailable",
+ 504 => "504 Gateway Timeout",
+ 505 => "505 HTTP Version Not Supported"
+ );
+
// Initialize required variables for the pfSense "read_body()" function
$file_size = 1;
$downloaded = 1;
$first_progress_update = TRUE;
-
-
- // Array of message strings for HTTP Response Codes
- $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content",
- 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found",
- 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request",
- 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden",
- 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required",
- 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error",
- 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable",
- 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" );
-
$last_curl_error = "";
$fout = fopen($file_out, "wb");
@@ -215,8 +250,8 @@ function snort_download_file_url($url, $file_out) {
if ($rc === false)
$last_curl_error = curl_error($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if (isset($http_resp_msg[$http_code]))
- $last_curl_error = $http_resp_msg[$http_code];
+ if (isset($rfc2616[$http_code]))
+ $last_curl_error = $rfc2616[$http_code];
curl_close($ch);
fclose($fout);
@@ -250,7 +285,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
/* error occurred. */
/**********************************************************/
- global $pkg_interface, $snort_rules_upd_log, $last_curl_error;
+ global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors;
$snortdir = SNORTDIR;
$filename_md5 = basename($file_dst);
@@ -292,9 +327,9 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
log_error(gettext("[Snort] {$desc} md5 download failed..."));
log_error(gettext("[Snort] Server returned error code {$rc}..."));
error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log);
- if ($pkg_interface == "console")
- error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+ $update_errors = true;
return false;
}
}
@@ -318,7 +353,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* FALSE if download was not successful. */
/**********************************************************/
- global $pkg_interface, $snort_rules_upd_log, $last_curl_error;
+ global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors;
$snortdir = SNORTDIR;
$filename = basename($file_dst);
@@ -348,6 +383,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log);
error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+ $update_errors = true;
return false;
}
return true;
@@ -357,9 +393,9 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
update_output_window(gettext("{$desc} file download failed..."));
log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'..."));
error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log);
- if ($pkg_interface == "console")
- error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+ $update_errors = true;
return false;
}
@@ -371,25 +407,27 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* remove any old $tmpfname files */
if (is_dir("{$tmpfname}"))
- exec("/bin/rm -r {$tmpfname}");
+ exec("/bin/rm -rf {$tmpfname}");
/* Make sure required snortdirs exsist */
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-exec("/bin/mkdir -p {$snortdir}/preproc_rules");
-exec("/bin/mkdir -p {$tmpfname}");
-exec("/bin/mkdir -p {$snortlibdir}/dynamicrules");
-exec("/bin/mkdir -p {$snortlogdir}");
+safe_mkdir("{$snortdir}/rules");
+safe_mkdir("{$snortdir}/signatures");
+safe_mkdir("{$snortdir}/preproc_rules");
+safe_mkdir("{$tmpfname}");
+safe_mkdir("{$snortlibdir}/dynamicrules");
+safe_mkdir("{$snortlogdir}");
+safe_mkdir("{$snortiprepdir}");
/* See if we need to automatically clear the Update Log based on 1024K size limit */
if (file_exists($snort_rules_upd_log)) {
if (1048576 < filesize($snort_rules_upd_log))
- exec("/bin/rm -r {$snort_rules_upd_log}");
+ @unlink("{$snort_rules_upd_log}");
}
/* Log start time for this rules update */
error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log);
$last_curl_error = "";
+$update_errors = false;
/* Check for and download any new Snort VRT sigs */
if ($snortdownload == 'on') {
@@ -430,15 +468,17 @@ if ($emergingthreats == 'on') {
/* Untar Snort rules file to tmp and install the rules */
if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
- /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */
- /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */
+ /* Currently, only FreeBSD-8-1, FreeBSD-9-0 and FreeBSD-10-0 precompiled SO rules exist from Snort.org */
+ /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x or FreeBSD 10.x */
$freebsd_version_so = 'FreeBSD-8-1';
if (substr(php_uname("r"), 0, 1) == '9')
$freebsd_version_so = 'FreeBSD-9-0';
+ elseif (substr(php_uname("r"), 0, 2) == '10')
+ $freebsd_version_so = 'FreeBSD-10-0';
/* Remove the old Snort rules files */
$vrt_prefix = VRT_FILE_PREFIX;
- array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules"));
+ unlink_if_exists("{$snortdir}/rules/{$vrt_prefix}*.rules");
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
@@ -487,7 +527,7 @@ if ($snortdownload == 'on') {
exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
} else
$nosorules = true;
- exec("rm -r {$tmpfname}/so_rules");
+ exec("rm -rf {$tmpfname}/so_rules");
if ($nosorules == false) {
/* extract Shared Object stub rules, rename and copy to the rules folder. */
if ($pkg_interface <> "console")
@@ -498,7 +538,7 @@ if ($snortdownload == 'on') {
$newfile = basename($file, ".rules");
@copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules");
}
- exec("rm -r {$tmpfname}/so_rules");
+ exec("rm -rf {$tmpfname}/so_rules");
}
/* extract base etc files */
if ($pkg_interface <> "console") {
@@ -556,7 +596,7 @@ if ($snortcommunityrules == 'on') {
update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed..."));
}
error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log);
- exec("rm -r {$tmpfname}/community");
+ exec("rm -rf {$tmpfname}/community");
}
}
@@ -574,10 +614,10 @@ if ($emergingthreats == 'on') {
/* Remove the old Emerging Threats rules files */
$eto_prefix = ET_OPEN_FILE_PREFIX;
$etpro_prefix = ET_PRO_FILE_PREFIX;
- array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*.rules"));
- array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*.rules"));
- array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*ips.txt"));
- array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*ips.txt"));
+ unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*.rules");
+ unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*.rules");
+ unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*ips.txt");
+ unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*ips.txt");
$files = glob("{$tmpfname}/emerging/rules/*.rules");
foreach ($files as $file) {
@@ -591,10 +631,14 @@ if ($emergingthreats == 'on') {
$files = glob("{$tmpfname}/emerging/rules/*ips.txt");
foreach ($files as $file) {
$newfile = basename($file);
- if ($etpro == "on")
+ if ($etpro == "on") {
+ @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}");
@copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
- else
+ }
+ else {
+ @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}");
@copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}");
+ }
}
/* base etc files for Emerging Threats rules */
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
@@ -613,13 +657,13 @@ if ($emergingthreats == 'on') {
update_output_window(gettext("Installation of {$et_name} rules completed..."));
}
error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
- exec("rm -r {$tmpfname}/emerging");
+ exec("rm -rf {$tmpfname}/emerging");
}
}
function snort_apply_customizations($snortcfg, $if_real) {
- global $vrt_enabled;
+ global $vrt_enabled, $rebuild_rules;
$snortdir = SNORTDIR;
/* Update the Preprocessor rules from the master configuration for the interface if Snort */
@@ -632,7 +676,8 @@ function snort_apply_customizations($snortcfg, $if_real) {
}
}
- snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
+ if ($rebuild_rules == true)
+ snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
/* Copy the master config and map files to the interface directory */
@copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
@@ -688,11 +733,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Create configuration for each active Snort interface */
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $tmp = "Updating rules configuration for: " . snort_get_friendly_interface($value['interface']) . " ...";
+ $if_real = get_real_interface($value['interface']);
+ $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ...";
if ($pkg_interface <> "console"){
update_status(gettext($tmp));
- update_output_window(gettext("Please wait while Snort interface files are being updated..."));
+ update_output_window(gettext("Please wait while Snort interface files are updated..."));
}
// Make sure the interface subdirectory and required sub-directories exists.
@@ -713,7 +758,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
$tmp = "\t" . $tmp . "\n";
if ($value['protect_preproc_rules'] == 'on') {
$tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for ");
- $tmp .= snort_get_friendly_interface($value['interface']) . "...\n";
+ $tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n";
}
error_log($tmp, 3, $snort_rules_upd_log);
}
@@ -729,13 +774,6 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Clear the rebuild rules flag. */
$rebuild_rules = false;
- /* remove old $tmpfname files */
- if (is_dir("{$tmpfname}")) {
- if ($pkg_interface <> "console")
- update_status(gettext("Cleaning up after rules extraction..."));
- exec("/bin/rm -r {$tmpfname}");
- }
-
/* Restart snort if already running and we are not rebooting to pick up the new rules. */
if (is_process_running("snort") && !$g['booting']) {
if ($pkg_interface <> "console") {
@@ -755,6 +793,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
}
}
+/* remove $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+ exec("/bin/rm -rf {$tmpfname}");
+}
+
if ($pkg_interface <> "console")
update_status(gettext("The Rules update has finished..."));
log_error(gettext("[Snort] The Rules update has finished."));
@@ -764,4 +807,11 @@ conf_mount_ro();
/* Restore the state of $pkg_interface */
$pkg_interface = $pkg_interface_orig;
+/* Save this update status to the configuration file */
+if ($update_errors)
+ $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("failed");
+else
+ $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success");
+$config['installedpackages']['snortglobal']['last_rule_upd_time'] = time();
+write_config("Snort pkg: updated status for updated rules package(s) check.");
?>
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 7c057b19..4d1b3c2e 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -35,12 +36,14 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
@@ -87,20 +90,20 @@ $snort_ports = array(
);
// Sort our SERVERS and PORTS arrays to make values
-// easier to locate by the the user.
+// easier to locate for the user.
ksort($snort_servers);
ksort($snort_ports);
$pconfig = $a_nat[$id];
/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-if ($_POST) {
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -131,7 +134,7 @@ if ($_POST) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified settings for VARIABLES tab.");
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
@@ -149,9 +152,11 @@ if ($_POST) {
header("Location: snort_define_servers.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports");
include_once("head.inc");
@@ -160,7 +165,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display Alert message */
if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
@@ -180,23 +184,25 @@ if ($savemsg)
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -256,7 +262,7 @@ if ($savemsg)
<tr>
<td width="30%" valign="top">&nbsp;</td>
<td width="70%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="save" type="submit" class="formbtn" value="Save">
<input name="id" type="hidden" value="<?=$id;?>">
</td>
</tr>
@@ -276,9 +282,6 @@ if ($savemsg)
if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 562a6b36..f35341f1 100755
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -91,7 +91,7 @@ include("head.inc");
<?php
$snort_gui_include = true;
-include("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
+include("/usr/local/www/snort/snort_check_for_rule_updates.php");
/* hide progress bar and lets end this party */
echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 5c9b8210..ecc1e5b5 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -39,7 +39,6 @@ require_once("/usr/local/pkg/snort/snort.inc");
/* Define some locally required variables from Snort constants */
$snortdir = SNORTDIR;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
-$log = $snort_rules_upd_log;
/* Grab the Snort binary version programmatically and */
/* use it to construct the proper Snort VRT rules */
@@ -52,38 +51,71 @@ if (empty($snortver[0]))
$snortver[0] = str_replace(".", "", $snortver[0]);
$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
-//$snort_rules_file = VRT_DNLD_FILENAME;
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
-/* load only javascript that is needed */
-$snort_load_jquery = 'yes';
-$snort_load_jquery_colorbox = 'yes';
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+/* Get last update information if available */
+if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_time']))
+ $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['snortglobal']['last_rule_upd_time']);
+else
+ $last_rule_upd_time = gettext("Unknown");
+if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_status']))
+ $last_rule_upd_status = htmlspecialchars($config['installedpackages']['snortglobal']['last_rule_upd_status']);
+else
+ $last_rule_upd_status = gettext("Unknown");
+
if ($etpro == "on") {
$emergingthreats_filename = ETPRO_DNLD_FILENAME;
- $et_name = "EMERGING THREATS PRO RULES";
+ $et_name = "Emerging Threats Pro Rules";
}
else {
$emergingthreats_filename = ET_DNLD_FILENAME;
- $et_name = "EMERGING THREATS RULES";
+ $et_name = "Emerging Threats Open Rules";
}
-/* quick md5s chk */
-$snort_org_sig_chk_local = 'N/A';
-if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
+/* quick md5 chk of downloaded rules */
+if ($snortdownload == 'on') {
+ $snort_org_sig_chk_local = 'Not Downloaded';
+ $snort_org_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_org_sig_chk_local = 'Not Enabled';
+ $snort_org_sig_date = 'Not Enabled';
+}
+if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on') {
$snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5");
+ $snort_org_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_rules_file}.md5"));
+}
-$emergingt_net_sig_chk_local = 'N/A';
-if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5"))
+if ($etpro == "on" || $emergingthreats == "on") {
+ $emergingt_net_sig_chk_local = 'Not Downloaded';
+ $emergingt_net_sig_date = 'Not Downloaded';
+}
+else {
+ $emergingt_net_sig_chk_local = 'Not Enabled';
+ $emergingt_net_sig_date = 'Not Enabled';
+}
+if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on" || $emergingthreats == "on")) {
$emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/{$emergingthreats_filename}.md5");
+ $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$emergingthreats_filename}.md5"));
+}
-$snort_community_sig_chk_local = 'N/A';
-if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5"))
+if ($snortcommunityrules == 'on') {
+ $snort_community_sig_chk_local = 'Not Downloaded';
+ $snort_community_sig_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_community_sig_chk_local = 'Not Enabled';
+ $snort_community_sig_sig_date = 'Not Enabled';
+}
+if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5") && $snortcommunityrules == 'on') {
$snort_community_sig_chk_local = file_get_contents("{$snortdir}/{$snort_community_rules_filename}.md5");
+ $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5"));
+}
/* Check for postback to see if we should clear the update log file. */
if (isset($_POST['clear'])) {
@@ -91,7 +123,27 @@ if (isset($_POST['clear'])) {
mwexec("/bin/rm -f {$snort_rules_upd_log}");
}
-if (isset($_POST['update'])) {
+if (isset($_POST['check'])) {
+ header("Location: /snort/snort_download_rules.php");
+ exit;
+}
+
+if ($_POST['force']) {
+ // Mount file system R/W since we need to remove files
+ conf_mount_rw();
+
+ // Remove the existing MD5 signature files to force a download
+ if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5"))
+ @unlink("{$snortdir}/{$emergingthreats_filename}.md5");
+ if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5"))
+ @unlink("{$snortdir}/{$snort_community_rules_filename}.md5");
+ if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
+ @unlink("{$snortdir}/{$snort_rules_file}.md5");
+
+ // Revert file system to R/O.
+ conf_mount_ro();
+
+ // Go download the updates
header("Location: /snort/snort_download_rules.php");
exit;
}
@@ -101,6 +153,15 @@ $snort_rules_upd_logfile_chk = 'no';
if (file_exists("{$snort_rules_upd_log}"))
$snort_rules_upd_logfile_chk = 'yes';
+if ($_POST['view']&& $snort_rules_upd_logfile_chk == 'yes') {
+ $contents = @file_get_contents($snort_rules_upd_log);
+ if (empty($contents))
+ $input_errors[] = gettext("Unable to read log file: {$snort_rules_upd_log}");
+}
+
+if ($_POST['hide'])
+ $contents = "";
+
$pgtitle = gettext("Snort: Updates");
include_once("head.inc");
?>
@@ -108,25 +169,6 @@ include_once("head.inc");
<body link="#000000" vlink="#000000" alink="#000000">
<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<script language="javascript" type="text/javascript">
-function wopen(url, name, w, h)
-{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
-w += 32;
-h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<form action="snort_download_updates.php" method="post" name="iform" id="iform">
@@ -139,111 +181,134 @@ h += 96;
$tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
<td>
<div id="mainarea">
<table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr align="center">
- <td>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td>
+ </tr>
+ <tr>
+ <td align="center"><br/>
+ <table width="95%" border="0" cellpadding="2" cellspacing="2">
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Rule Set Name/Publisher");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Hash");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th>
+ </tr>
+ </thead>
<tr>
- <td id="download_rules_td" style="background-color: #eeeeee">
- <div height="32" width="725px" style="background-color: #eeeeee">
- <p style="text-align: left; margin-left: 225px;">
- <font color="#777777" size="2.5px">
- <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
- <font color="#FF850A" size="1px"><b>SNORT VRT RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b><?=$et_name;?>&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
- </p>
- </div>
- </td>
+ <td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td>
</tr>
- </table>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/>
- <br/>
-
- <?php
-
- if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') {
- echo '
- <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
- <p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000">&nbsp;&nbsp;' . gettext('No rule types have been selected for download. ') .
- gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>';
-
- echo '</p>' . "\n";
- } else {
-
- echo '
- <input type="submit" value="' . gettext("Update Rules") . '" name="update" id="Submit" class="formbtn" /><br/>' . "\n";
-
- }
-
- ?> <br/>
- </p>
- </div>
- </td>
+ <td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td>
</tr>
- </table>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/>
- <br>
- <?php
-
- if ($snort_rules_upd_logfile_chk == 'yes') {
- echo "
- <button class=\"formbtn\" onclick=\"wopen('snort_log_view.php?logfile={$log}', 'LogViewer', 800, 600)\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>";
- echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Clear Log\" name=\"clear\" id=\"Submit\" class=\"formbtn\" />\n";
- }else{
- echo "
- <button disabled='disabled'><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>&nbsp;&nbsp;&nbsp;" . gettext("Log is empty.") . "\n";
- }
- echo '<br><br>' . gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded.");
- ?>
- <br/>
- </p>
- </div>
- </td>
+ <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td>
</tr>
- </table>
-
- <br/>
+ </table><br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("UPDATE YOUR RULE SET");?></td>
+ </tr>
+ <tr>
+ <td align="center">
+ <table width="45%" border="0" cellpadding="0" cellspacing="0">
+ <tbody>
+ <tr>
+ <td class="list" align="right"><strong><?php echo gettext("Last Update:");?></strong></td>
+ <td class="list" align="left"><?php echo $last_rule_upd_time;?></td>
+ </tr>
+ <tr>
+ <td class="list" align="right"><strong><?php echo gettext("Result:");?></strong></td>
+ <td class="list" align="left"><?php echo $last_rule_upd_status;?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td align="center">
+ <?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?>
+ <br/><button disabled="disabled"><?=gettext("Check");?></button>&nbsp;&nbsp;&nbsp;&nbsp;
+ <button disabled="disabled"><?=gettext("Force");?></button>
+ <br/>
+ <p style="text-align:center;" class="vexpl">
+ <font class="red"><b><?php echo gettext("WARNING:");?></b></font>&nbsp;
+ <?php echo gettext('No rule types have been selected for download. ') .
+ gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
+ <br/></p>
+ <?php else: ?>
+ <br/>
+ <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn"
+ title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn"
+ title="<?=gettext("Force an update of all enabled rule sets");?>"
+ onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/>
+ <br/><br/>
+ <?php endif; ?>
+ </td>
+ </tr>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl">
- <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
- &nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
- gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
- gettext(" will go down from time to time. Please be patient."); ?></span>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td>
+ </tr>
+ <tr>
+ <td align="center" valign="middle" class="vexpl">
+ <?php if ($snort_rules_upd_logfile_chk == 'yes'): ?>
+ <br/>
+ <?php if (!empty($contents)): ?>
+ <input type="submit" value="<?php echo gettext("Hide"); ?>" name="hide" id="hide" class="formbtn"
+ title="<?php echo gettext("Hide rules update log"); ?>"/>
+ <?php else: ?>
+ <input type="submit" value="<?php echo gettext("View"); ?>" name="view" id="view" class="formbtn"
+ title="<?php echo gettext("View rules update log"); ?>"/>
+ <?php endif; ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?php echo gettext("Clear"); ?>" name="clear" id="clear" class="formbtn"
+ title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/>
+ <br/>
+ <?php else: ?>
+ <br/>
+ <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/>
+ <?php endif; ?>
+ <br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/>
+ </td>
+ </tr>
+ <?php if (!empty($contents)): ?>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("RULE SET UPDATE LOG");?></td>
+ </tr>
+ <tr>
+ <td align="center">
+ <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="24" cols="80" name="logtext"><?=$contents;?></textarea>
</div>
- </td>
- </tr>
- </table>
-
+ </td>
+ </tr>
+ <?php endif; ?>
+ <tr>
+ <td align="center">
+ <span class="vexpl"><br/>
+ <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
+ &nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
+ gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
+ gettext(" will go down from time to time. Please be patient."); ?></span><br/>
</td>
</tr>
</table>
@@ -252,7 +317,6 @@ h += 96;
</td>
</tr>
</table>
-<!-- end of final table -->
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index f6d00b0b..a5ec0aad 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -3,6 +3,7 @@
* snort_edit_hat_data.php
* Copyright (C) 2004 Scott Ullrich
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* originially part of m0n0wall (http://m0n0.ch/wall)
@@ -47,9 +48,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -62,24 +65,27 @@ else
if ($_POST['clear']) {
unset($a_nat[$id]['host_attribute_data']);
- write_config();
+ $a_nat[$id]['host_attribute_table'] = 'off';
+ write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
- header("Location: /snort/snort_edit_hat_data.php?id={$id}");
- exit;
+ $pconfig['host_attribute_data'] = "";
}
-if ($_POST['host_attribute_data']) {
+if ($_POST['save']) {
$a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']);
- write_config();
+ if (strlen($_POST['host_attribute_data']) > 0)
+ $a_nat[$id]['host_attribute_table'] = 'on';
+ else
+ $a_nat[$id]['host_attribute_table'] = 'off';
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
- header("Location: /snort/snort_preprocessors.php?id={$id}");
- exit;
+ $pconfig['host_attribute_data'] = $_POST['host_attribute_data'];
}
-$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Host Attribute Table Data");
include_once("head.inc");
@@ -89,8 +95,8 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
@@ -106,11 +112,11 @@ if ($savemsg)
<tr>
<td>
<input type='hidden' name='id' value='<?=$id;?>'>
- <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=$pconfig['host_attribute_data'];?></textarea></td>
+ <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=htmlspecialchars($pconfig['host_attribute_data']);?></textarea></td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/>&nbsp;&nbsp;
<input type="button" class="formbtn" value=" <?php echo gettext("Return"); ?>" onclick="parent.location='snort_preprocessors.php?id=<?=$id;?>'" title="<?php echo gettext("Return to Preprocessors tab"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all Host Attribute data for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all Host Attribute data"); ?>"/>
</td>
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index 89a21dc8..9489bf16 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_frag3_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
@@ -90,10 +93,10 @@ if ($_POST['Cancel']) {
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import") {
if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
/* Grab all the POST values and save in new temp array */
$engine = array();
@@ -182,14 +185,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified frag3 engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine");
include_once("head.inc");
@@ -324,7 +327,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php
index b039df5b..f462efa8 100644
--- a/config/snort/snort_ftp_client_engine.php
+++ b/config/snort/snort_ftp_client_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_client_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,12 +33,15 @@ global $g;
$snortdir = SNORTDIR;
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -84,7 +87,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "bounce_to_net" || $_GET['varname'] == "bounce_to_port")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_client_import']))
$_SESSION['ftp_client_import'] = array();
@@ -112,7 +115,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -213,14 +216,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_client engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine");
include_once("head.inc");
@@ -353,7 +356,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index e70033e7..cb9abc9c 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_server_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab any QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -85,7 +88,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_server_import']))
$_SESSION['ftp_server_import'] = array();
@@ -109,7 +112,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -184,14 +187,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_server engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine");
include_once("head.inc");
@@ -316,7 +319,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php
index 94d3364f..c7680892 100644
--- a/config/snort/snort_httpinspect_engine.php
+++ b/config/snort/snort_httpinspect_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_httpinspect_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,12 +33,15 @@ global $g;
$snortdir = SNORTDIR;
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -137,7 +140,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
$_SESSION['http_inspect_import'] = array();
$_SESSION['http_inspect_import'][$_GET['varname']] = $_GET['varvalue'];
@@ -160,7 +163,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -293,14 +296,14 @@ if ($_POST['Submit']) {
}
// Now write the new engine array to conf
- write_config();
+ write_config("Snort pkg: modified http_inspect engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: {$if_friendly} - HTTP_Inspect Preprocessor Engine");
include_once("head.inc");
@@ -637,7 +640,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save httpinspect engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index 77cd5490..80b3bb1d 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
snort_import_aliases.php
- Copyright (C) 2013 Bill Meeks
+ Copyright (C) 2013, 2014 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -32,12 +32,15 @@ require_once("functions.inc");
require_once("/usr/local/pkg/snort/snort.inc");
// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
if (isset($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (isset($_POST['eng']))
$eng = $_POST['eng'];
+elseif (isset($_GET['eng']))
+ $eng = htmlspecialchars($_GET['eng']);
// Make sure we have a valid rule ID and ENGINE name, or
// else bail out to top-level menu.
@@ -46,7 +49,10 @@ if (is_null($id) || is_null($eng)) {
exit;
}
-// Used to track if any selectable Aliases are found
+// Used to track if any selectable Aliases are found. Selectable
+// means aliases matching the requirements of the configuration
+// engine we are importing into (e.g., single IP only or
+// multiple IP alias).
$selectablealias = false;
// Initialize required array variables as necessary
@@ -89,7 +95,7 @@ switch ($eng) {
break;
case "stream5_tcp_engine":
$anchor = "#stream5_row";
- $multi_ip = true;
+ $multi_ip = false;
$title = "Stream5 TCP Engine";
break;
case "ftp_server_engine":
@@ -200,7 +206,7 @@ if ($_POST['save']) {
}
// Now write the new engine array to conf and return
- write_config();
+ write_config("Snort pkg: imported new host or network alias.");
header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}");
exit;
@@ -269,7 +275,7 @@ include("head.inc");
?>
<?php if ($disable): ?>
<tr title="<?=$tooltip;?>">
- <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
+ <td class="listlr" align="center" sorttable_customkey=""><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height="11" border="0"/>
<?php else: ?>
<tr>
<td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 15d9addc..c82ec57e 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,60 +29,43 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-$nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortdir = SNORTDIR;
+$snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+// Calculate the index of the next added Snort interface
$id_gen = count($config['installedpackages']['snortglobal']['rule']);
if (isset($_POST['del_x'])) {
- /* delete selected rules */
+ /* Delete selected Snort interfaces */
if (is_array($_POST['rule'])) {
conf_mount_rw();
foreach ($_POST['rule'] as $rulei) {
- /* convert fake interfaces to real */
- $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
+ $if_real = get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
snort_stop($a_nat[$rulei], $if_real);
- exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}");
+ exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}");
exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}");
- // If interface had auto-generated Suppress List, then
- // delete that along with the interface
- $autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
- if (is_array($config['installedpackages']['snortglobal']['suppress']) &&
- is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
- $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
- foreach ($a_suppress as $k => $i) {
- if ($i['name'] == $autolist) {
- unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]);
- break;
- }
- }
- }
-
// Finally delete the interface's config entry entirely
unset($a_nat[$rulei]);
}
conf_mount_ro();
- /* If all the Snort interfaces are removed, then unset the config array. */
+ /* If all the Snort interfaces are removed, then unset the interfaces config array. */
if (empty($a_nat))
unset($a_nat);
- write_config();
+ write_config("Snort pkg: deleted one or more Snort interfaces.");
sleep(2);
/* if there are no ifaces remaining do not create snort.sh */
@@ -106,13 +90,13 @@ if (isset($_POST['del_x'])) {
}
-/* start/stop snort */
-if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
- $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id];
- $if_real = snort_get_real_interface($snortcfg['interface']);
- $if_friendly = snort_get_friendly_interface($snortcfg['interface']);
+/* start/stop barnyard2 */
+if ($_POST['bartoggle'] && is_numericint($_POST['id'])) {
+ $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
+ $if_real = get_real_interface($snortcfg['interface']);
+ $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') {
+ if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})...");
sync_snort_package_config();
snort_barnyard_start($snortcfg, $if_real);
@@ -120,27 +104,18 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})...");
snort_barnyard_stop($snortcfg, $if_real);
}
-
sleep(3); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
}
/* start/stop snort */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
- $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id];
- $if_real = snort_get_real_interface($snortcfg['interface']);
- $if_friendly = snort_get_friendly_interface($snortcfg['interface']);
+if ($_POST['toggle'] && is_numericint($_POST['id'])) {
+ $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
+ $if_real = get_real_interface($snortcfg['interface']);
+ $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') {
+ if (snort_is_running($snortcfg['uuid'], $if_real)) {
log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})...");
snort_stop($snortcfg, $if_real);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
} else {
log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})...");
@@ -149,16 +124,8 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
sync_snort_package_config();
$rebuild_rules = false;
snort_start($snortcfg, $if_real);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
}
sleep(3); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
}
$pgtitle = "Services: $snort_package_version";
@@ -169,34 +136,18 @@ include_once("head.inc");
<?php
include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
-<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
/* Display Alert message */
if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
-
- //if (file_exists($d_snortconfdirty_path)) {
- if ($d_snortconfdirty_path_ls != '') {
- echo '<p>';
-
- if($savemsg)
- print_info_box_np("{$savemsg}");
- else {
- print_info_box_np(gettext(
- 'The Snort configuration has changed for one or more interfaces.<br>' .
- 'You must apply the changes in order for them to take effect.<br>'
- ));
- }
- }
?>
+<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="">
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -207,10 +158,11 @@ if ($pfsense_stable == 'yes')
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -257,11 +209,10 @@ if ($pfsense_stable == 'yes')
<?php
/* convert fake interfaces to real and check if iface is up */
- /* There has to be a smarter way to do this */
- $if_real = snort_get_real_interface($natent['interface']);
- $natend_friendly= snort_get_friendly_interface($natent['interface']);
+ $if_real = get_real_interface($natent['interface']);
+ $natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$snort_uuid = $natent['uuid'];
- if (snort_is_running($snort_uuid, $if_real) == 'no'){
+ if (!snort_is_running($snort_uuid, $if_real)){
$iconfn = 'block';
$iconfn_msg1 = 'Snort is not running on ';
$iconfn_msg2 = '. Click to start.';
@@ -271,7 +222,7 @@ if ($pfsense_stable == 'yes')
$iconfn_msg1 = 'Snort is running on ';
$iconfn_msg2 = '. Click to stop.';
}
- if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no'){
+ if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')){
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
@@ -312,14 +263,13 @@ if ($pfsense_stable == 'yes')
<?php
$check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
if ($check_snort_info == "on") {
- echo strtoupper("enabled");
- echo "<a href='?act=toggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" ";
+ echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>";
echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
} else
- echo strtoupper("disabled");
+ echo gettext("DISABLED");
?>
</td>
<td class="listr"
@@ -353,13 +303,11 @@ if ($pfsense_stable == 'yes')
<?php
$check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
if ($check_snortbarnyardlog_info == "on") {
- echo strtoupper("enabled");
- echo "<a href='?act=bartoggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>";
} else
- echo strtoupper("disabled");
+ echo gettext("DISABLED");
?>
</td>
<td class="listbg"
@@ -393,8 +341,7 @@ if ($pfsense_stable == 'yes')
src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
width="17" height="17" " border="0">
<?php else: ?>
- <input name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>"
onclick="return intf_del()">
<?php endif; ?></td>
@@ -420,12 +367,8 @@ if ($pfsense_stable == 'yes')
</td>
</tr>
<tr>
- <td colspan="3" class="vexpl"><br>
- </td>
- </tr>
- <tr>
- <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br>
- <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong>
+ <td colspan="3" class="vexpl">
+ <?php echo gettext("New settings will not take effect until interface restart."); ?>
</td>
</tr>
<tr>
@@ -484,9 +427,9 @@ function intf_del() {
}
}
if (isSelected)
- return confirm('Do you really want to delete the selected Snort mapping?');
+ return confirm('Do you really want to delete the selected Snort interface mapping(s)?');
else
- alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
+ alert("There is no Snort interface mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
}
</script>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 72aa82e2..4c868844 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,6 +34,9 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
+$snortdir = SNORTDIR;
+$snortlogdir = SNORTLOGDIR;
+
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -41,9 +45,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_rule = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -63,13 +69,7 @@ else {
$snort_uuid = $pconfig['uuid'];
// Get the physical configured interfaces on the firewall
-if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
-else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-}
+$interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
@@ -89,6 +89,8 @@ elseif (isset($id) && !isset($a_rule[$id])) {
foreach ($ifaces as $i) {
if (!in_array($i, $ifrules)) {
$pconfig['interface'] = $i;
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['enable'] = 'on';
break;
}
}
@@ -99,19 +101,26 @@ elseif (isset($id) && !isset($a_rule[$id])) {
}
}
-if (isset($_GET['dup']))
- unset($id);
-
// Set defaults for empty key parameters
if (empty($pconfig['blockoffendersip']))
$pconfig['blockoffendersip'] = "both";
if (empty($pconfig['performance']))
$pconfig['performance'] = "ac-bnfa";
-if ($_POST["Submit"]) {
- if (!$_POST['interface'])
+if ($_POST["save"]) {
+ if (!isset($_POST['interface']))
$input_errors[] = "Interface is mandatory";
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Snort instance.");
+ break;
+ }
+ }
+ }
+
/* if no errors write to conf */
if (!$input_errors) {
$natent = $a_rule[$id];
@@ -136,6 +145,8 @@ if ($_POST["Submit"]) {
if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']);
if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']);
if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']);
+ if ($_POST['alert_log_limit']) $natent['alert_log_limit'] = $_POST['alert_log_limit']; else unset($natent['alert_log_limit']);
+ if ($_POST['alert_log_retention']) $natent['alert_log_retention'] = $_POST['alert_log_retention']; else unset($natent['alert_log_retention']);
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
@@ -145,14 +156,20 @@ if ($_POST["Submit"]) {
if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; }
if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; }
- $if_real = snort_get_real_interface($natent['interface']);
+ $if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
+ // See if moving an existing Snort instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
- $oif_real = snort_get_real_interface($a_rule[$id]['interface']);
- snort_stop($a_rule[$id], $oif_real);
- exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']);
+ $oif_real = get_real_interface($a_rule[$id]['interface']);
+ if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ snort_stop($a_rule[$id], $oif_real);
+ $snort_start = true;
+ }
+ else
+ $snort_start = false;
+ exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
- exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}");
conf_mount_ro();
}
$a_rule[$id] = $natent;
@@ -256,7 +273,7 @@ if ($_POST["Submit"]) {
snort_stop($natent, $if_real);
/* Save configuration changes */
- write_config();
+ write_config("Snort pkg: modified interface configuration for {$natent['interface']}.");
/* Most changes don't require a rules rebuild, so default to "off" */
$rebuild_rules = false;
@@ -264,6 +281,10 @@ if ($_POST["Submit"]) {
/* Update snort.conf and snort.sh files for this interface */
sync_snort_package_config();
+ /* See if we need to restart Snort after an interface re-assignment */
+ if ($snort_start == true)
+ snort_start($natent, $if_real);
+
/*******************************************************/
/* Signal Snort to reload configuration if we changed */
/* HOME_NET, EXTERNAL_NET or Suppress list values. */
@@ -284,21 +305,18 @@ if ($_POST["Submit"]) {
$pconfig = $_POST;
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php include("fbegin.inc");
-<?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -306,7 +324,8 @@ include_once("head.inc");
}
?>
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
+<form action="snort_interfaces_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -314,12 +333,13 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -328,9 +348,10 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -345,7 +366,7 @@ include_once("head.inc");
if ($pconfig['enable'] == "on")
$checked = "checked";
echo "
- <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\">
+ <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"/>
&nbsp;&nbsp;" . gettext("Enable or Disable") . "\n";
?>
<br/>
@@ -368,15 +389,15 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
<td width="78%" class="vtable"><input name="descr" type="text"
- class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/>
+ class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/><br/>
<span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td>
- <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
<?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td>
</tr>
<tr>
@@ -384,14 +405,14 @@ include_once("head.inc");
<td width="78%" class="vtable">
<input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
<?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
- onClick="enable_blockoffenders()">
+ onClick="enable_blockoffenders();" />
<?php echo gettext("Checking this option will automatically block hosts that generate a " .
"Snort alert."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td>
<td width="78%" class="vtable">
- <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+ <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/>
<?php echo gettext("Checking this option will kill firewall states for the blocked IP"); ?>
</td>
</tr>
@@ -410,12 +431,12 @@ include_once("head.inc");
?>
</select>&nbsp;&nbsp;
<?php echo gettext("Select which IP extracted from the packet you wish to block"); ?><br/>
- <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Search Method"); ?></td>
<td width="78%" class="vtable">
@@ -442,7 +463,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Split ANY-ANY"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>>
+ <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>/>
<?php echo gettext("Enable splitting of ANY-ANY port group.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This setting is a memory/performance trade-off. It reduces memory footprint by not " .
@@ -454,7 +475,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Search Optimize"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>>
+ <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>/>
<?php echo gettext("Enable search optimization.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This setting optimizes fast pattern memory when used with search-methods AC or AC-SPLIT " .
@@ -465,7 +486,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Inserts"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>>
+ <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>/>
<?php echo gettext("Do not evaluate stream inserted packets against the detection engine.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This is a potential performance improvement based on the idea the stream rebuilt packet " .
@@ -475,15 +496,14 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Checksum Check Disable"); ?></td>
<td width="78%" class="vtable">
- <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>>
+ <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>/>
<?php echo gettext("Disable checksum checking within Snort to improve performance."); ?>
<br><span class="red"><?php echo gettext("Hint: ") . "</span>" .
gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?>
</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks " .
- "Snort should inspect and whitelist."); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks Snort should inspect and whitelist"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td>
@@ -545,11 +565,11 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td>
<td width="78%" class="vtable">
<select name="whitelistname" class="formselect" id="whitelistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
+ /* find whitelist (Pass List) names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
if (is_array($snortglob['whitelist']['item'])) {
foreach ($snortglob['whitelist']['item'] as $value) {
@@ -562,19 +582,19 @@ include_once("head.inc");
}
?>
</select>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')"
- id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','passlist')"
+ id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <span class="vexpl"><?php echo gettext("Choose the whitelist you want this interface to " .
+ <span class="vexpl"><?php echo gettext("Choose the Pass List you want this interface to " .
"use."); ?> </span><br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
- <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
- "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
+ <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("The default " .
+ "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired."); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
<td width="78%" class="vtable">
@@ -602,29 +622,28 @@ include_once("head.inc");
gettext("Default option disables suppression and filtering."); ?>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " .
- "be automatically inserted into the Snort configuration."); ?></td>
-</tr>
-<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td>
- <td width="78%" class="vtable">
- <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
- </td>
-</tr>
-<tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " .
+ "be automatically inserted into the Snort configuration."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td>
+ <td width="78%" class="vtable">
+ <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
- <input name="id" type="hidden" value="<?=$id;?>"/>
- </td>
-</tr>
-<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
- gettext("Please save your settings before you attempt to start Snort."); ?>
- </td>
-</tr>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
+ gettext("Please save your settings before you attempt to start Snort."); ?>
+ </td>
+ </tr>
</table>
</div>
</td></tr>
@@ -684,11 +703,12 @@ function getSelectedValue(elemID) {
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
- elemType = "whitelist";
+ elemType = "passlist";
}
var url = "snort_list_view.php?id=" + id + "&wlist=";
url = url + getSelectedValue(elemID) + "&type=" + elemType;
- wopen(url, 'WhitelistViewer', 640, 480);
+ url = url + "&time=" + new Date().getTime();
+ wopen(url, 'PassListViewer', 640, 480);
}
enable_change(false);
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index b22a6934..69a182bd 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Copyright (C) 2008-2009 Robert Zelaya
@@ -42,23 +43,26 @@ global $g;
$snortdir = SNORTDIR;
/* make things short */
-$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
+$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off';
$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
-$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
-$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
+$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off';
+$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off';
$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
$pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime'];
-$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
-$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off';
+$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off';
+$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs'] == "on" ? 'on' : 'off';
+$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off';
+/* Set sensible values for any empty default params */
if (empty($pconfig['snortloglimit']))
$pconfig['snortloglimit'] = 'on';
-if (empty($pconfig['rule_update_starttime']))
- $pconfig['rule_update_starttime'] = '00:30';
+if (!isset($pconfig['rule_update_starttime']))
+ $pconfig['rule_update_starttime'] = '00:05';
if ($_POST['rule_update_starttime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime']))
@@ -73,12 +77,14 @@ if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off';
// If any rule sets are being turned off, then remove them
// from the active rules section of each interface. Start
@@ -145,7 +151,7 @@ if (!$input_errors) {
/* create whitelist and homenet file then sync files */
sync_snort_package_config();
- write_config();
+ write_config("Snort pkg: modified global settings.");
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -187,10 +193,11 @@ if ($input_errors)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -268,7 +275,7 @@ if ($input_errors)
<tr>
<td>&nbsp;</td>
<td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" .
- gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
+ gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are automatically disabled when the ETPro rules are selected."); ?></td>
</tr>
</table>
<table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0">
@@ -310,11 +317,11 @@ if ($input_errors)
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td>
<td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4"
- maxlength="5" value="<?=$pconfig['rule_update_starttime'];?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
+ maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
<?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" .
- gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/>
+ gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/>
<?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " .
- "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td>
+ "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td>
</tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
@@ -322,7 +329,7 @@ if ($input_errors)
<tr>
<?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
- "Limit"); ?><br/>
+ "Limit"); ?><br/><br/>
<br/>
<br/>
<span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
@@ -368,6 +375,18 @@ if ($input_errors)
<?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files After Deinstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("All Snort log files will be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td>
<td width="78%" class="vtable"><input name="forcekeepsettings"
id="forcekeepsettings" type="checkbox" value="yes"
@@ -377,7 +396,7 @@ if ($input_errors)
<tr>
<td width="22%" valign="top">
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" >
+ <input name="save" type="submit" class="formbtn" value="Save" >
</td>
</tr>
<tr>
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index e42b7f8c..ecbd04a7 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -46,7 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
-
function snort_suppresslist_used($supplist) {
/****************************************************************/
@@ -69,15 +68,15 @@ function snort_suppresslist_used($supplist) {
return false;
}
-if ($_GET['act'] == "del") {
- if ($a_suppress[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
- if (snort_suppresslist_used($a_suppress[$_GET['id']]['name'])) {
- $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!");
+if ($_POST['del']) {
+ if ($a_suppress[$_POST['list_id']] && is_numericint($_POST['list_id'])) {
+ /* make sure list is not being referenced by any Snort interfaces */
+ if (snort_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to a Snort interface and cannot be removed! Unassign it from all Snort interfaces first.");
}
else {
- unset($a_suppress[$_GET['id']]);
- write_config();
+ unset($a_suppress[$_POST['list_id']]);
+ write_config("Snort pkg: deleted a Suppress List.");
header("Location: /snort/snort_interfaces_suppress.php");
exit;
}
@@ -93,14 +92,16 @@ include_once("head.inc");
<?php
include_once("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
if ($input_errors) {
print_input_errors($input_errors);
}
+if ($savemsg)
+ print_info_box($savemsg);
?>
-<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="/snort/snort_interfaces_suppress.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -110,10 +111,11 @@ if ($input_errors) {
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -137,15 +139,13 @@ if ($input_errors) {
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td valign="middle"><a
- href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
- <td><a
- href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
+ <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Edit Suppress List"); ?>"></a></td>
+ <td><input type="image" name="del[]"
+ onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete Suppress List");?>"/></td>
</tr>
</table>
</td>
@@ -160,7 +160,7 @@ if ($input_errors) {
<td valign="middle"><a
href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
+ width="17" height="17" border="0" title="<?php echo gettext("Add a new list"); ?>"></a></td>
</tr>
</table>
</td>
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 3d703987..986bfc38 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -10,6 +10,7 @@
*
* modified for the pfsense snort package
* Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,7 +38,6 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -48,9 +48,16 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+}
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
@@ -77,7 +84,7 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['uuid'] = uniqid();
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -102,7 +109,6 @@ if ($_POST['submit']) {
}
}
-
if (!$input_errors) {
$s_list = array();
$s_list['name'] = $_POST['name'];
@@ -118,7 +124,7 @@ if ($_POST['submit']) {
else
$a_suppress[] = $s_list;
- write_config();
+ write_config("Snort pkg: modified Suppress List {$s_list['name']}.");
sync_snort_package_config();
header("Location: /snort/snort_interfaces_suppress.php");
@@ -135,14 +141,14 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="/snort/snort_interfaces_suppress_edit.php" name="iform" id="iform" method="post">
+<input name="id" type="hidden" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -152,10 +158,11 @@ if ($savemsg)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -204,11 +211,10 @@ if ($savemsg)
</td>
</tr>
<tr>
- <td colspan="2"><input id="submit" name="submit" type="submit"
+ <td colspan="2"><input id="save" name="save" type="submit"
class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
- onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?>
+ onclick="history.back();"/>
</td>
</tr>
</table>
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php
deleted file mode 100644
index 9391eb85..00000000
--- a/config/snort/snort_interfaces_whitelist.php
+++ /dev/null
@@ -1,177 +0,0 @@
-<?php
-/*
- * snort_interfaces_whitelist.php
- *
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
- $config['installedpackages']['snortglobal']['whitelist'] = array();
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['whitelist']['item']))
- $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
-else
- $id_gen = '0';
-
-if ($_GET['act'] == "del") {
- if ($a_whitelist[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
- unset($a_whitelist[$_GET['id']]);
- write_config();
- sync_snort_package_config();
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- }
-}
-
-$pgtitle = gettext("Snort: Whitelists");
-include_once("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-include_once("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($savemsg) print_info_box($savemsg);
-?>
-
-<form action="/snort/snort_interfaces_whitelist.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
-?>
- </td>
-</tr>
-<tr>
- <td><div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="20%" class="listhdrr">File Name</td>
- <td width="40%" class="listhdrr">Values</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
- </tr>
- <?php foreach ($a_whitelist as $i => $list): ?>
- <tr>
- <td class="listlr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?php
- $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
- echo $addresses;
- if(count($addresses) < 10) {
- echo " ";
- } else {
- echo "...";
- }
- ?></td>
- <td class="listbg"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit whitelist"); ?>"></a></td>
- <td><a
- href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete whitelist"); ?>"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-<br>
-<table width="100%" border="0" cellpadding="1"
- cellspacing="1">
- <tr>
- <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
- <p><?php echo gettext("Here you can create whitelist files for your " .
- "snort package rules."); ?><br>
- <?php echo gettext("Please add all the ips or networks you want to protect against snort " .
- "block decisions."); ?><br>
- <?php echo gettext("Remember that the default whitelist only includes local networks."); ?><br>
- <?php echo gettext("Be careful, it is very easy to get locked out of your system."); ?></p></span></td>
- </tr>
- <tr>
- <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td>
- </tr>
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php
new file mode 100644
index 00000000..ae4a1032
--- /dev/null
+++ b/config/snort/snort_ip_list_mgmt.php
@@ -0,0 +1,275 @@
+<?php
+/*
+ * Copyright (C) 2004 Scott Ullrich
+ * Copyright (C) 2011-2012 Ermal Luci
+ * All rights reserved.
+ *
+ * originially part of m0n0wall (http://m0n0.ch/wall)
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * modified for the pfsense snort package
+ * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+
+// Hard-code the path where IP Lists are stored
+// and disregard any user-supplied path element.
+$iprep_path = IPREP_PATH;
+
+// Set default to not show IP List editor controls
+$iplist_edit_style = "display: none;";
+
+function snort_is_iplist_active($iplist) {
+
+ /***************************************************
+ * This function checks all the configured Snort *
+ * interfaces to see if the passed IP List is used *
+ * as a whitelist or blacklist by an interface. *
+ * *
+ * Returns: TRUE if IP List is in use *
+ * FALSE if IP List is not in use *
+ ***************************************************/
+
+ global $g, $config;
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return FALSE;
+
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) {
+ if (is_array($rule['wlist_files']['item'])) {
+ foreach ($rule['wlist_files']['item'] as $file) {
+ if ($file == $iplist)
+ return TRUE;
+ }
+ }
+ if (is_array($rule['blist_files']['item'])) {
+ foreach ($rule['blist_files']['item'] as $file) {
+ if ($file == $iplist)
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+
+if (isset($_POST['upload'])) {
+ if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) {
+ $tmp_name = $_FILES["iprep_fileup"]["tmp_name"];
+ $name = $_FILES["iprep_fileup"]["name"];
+ move_uploaded_file($tmp_name, "{$iprep_path}{$name}");
+ }
+ else
+ $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}");
+}
+
+if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) {
+ if (!snort_is_iplist_active($_POST['iplist_fname']))
+ unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}");
+ else
+ $input_errors[] = gettext("This IP List is currently assigned as a Whitelist or Blackist for an interface and cannot be deleted.");
+}
+
+if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) {
+ $file = $iprep_path . basename($_POST['iplist_fname']);
+ $data = file_get_contents($file);
+ if ($data !== FALSE) {
+ $iplist_data = htmlspecialchars($data);
+ $iplist_edit_style = "display: table-row-group;";
+ $iplist_name = basename($_POST['iplist_fname']);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("An error occurred reading the file.");
+ }
+}
+
+if (isset($_POST['save']) && isset($_POST['iplist_data'])) {
+ if (strlen(basename($_POST['iplist_name'])) > 0) {
+ $file = $iprep_path . basename($_POST['iplist_name']);
+ $data = str_replace("\r\n", "\n", $_POST['iplist_data']);
+ file_put_contents($file, $data);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("You must provide a valid filename for the IP List.");
+ $iplist_edit_style = "display: table-row-group;";
+ }
+}
+
+// Get all files in the IP Lists sub-directory as an array
+// Leave this as the last thing before spewing the page HTML
+// so we can pick up any changes made to files in code above.
+$ipfiles = return_dir_as_array($iprep_path);
+
+$pgtitle = gettext("Snort: IP Reputation Lists");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="/snort/snort_ip_list_mgmt.php" enctype="multipart/form-data" method="post">
+<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
+<input type="hidden" name="iplist_fname" id="iplist_fname" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("IP Lists"), true, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
+?>
+</td>
+</tr>
+<tbody id="uploader" style="display: none;" class="tabcont">
+ <tr>
+ <td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td>
+ </tr>
+ <tr>
+ <td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" />
+ &nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>"
+ title="<?=gettext("Upload selected IP list to firewall");?>"/>&nbsp;&nbsp;<input type="button"
+ value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td>
+ <td class="list"></td>
+ </tr>
+</tbody>
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <colgroup>
+ <col style="width: 50%;">
+ <col style="width: 25%;">
+ <col style="width: 15%;">
+ <col style="width: 10%;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("IP List File Name"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th>
+ <th class="listhdrr"><?php echo gettext("File Size"); ?></th>
+ <th class="list" align="left"><img style="cursor:pointer;" name="iplist_new" id="iplist_new"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Create a new IP List');?>"
+ onClick="document.getElementById('iplist_data').value=''; document.getElementById('iplist_name').value=''; document.getElementById('iplist_editor').style.display='table-row-group'; document.getElementById('iplist_name').focus();" />
+ <img style="cursor:pointer;" name="iplist_import" id="iplist_import"
+ onClick="document.getElementById('uploader').style.display='table-row-group';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Import/Upload an IP List');?>"/></th>
+ </tr>
+ </thead>
+ <?php foreach ($ipfiles as $file): ?>
+ <tr>
+ <td class="listr"><?php echo gettext($file); ?></td>
+ <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td>
+ <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td>
+ <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]"
+ onClick="document.getElementById('iplist_fname').value='<?=$file;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/>
+ <input type="image" name="iplist_delete[]" id="iplist_delete[]"
+ onClick="document.getElementById('iplist_fname').value='<?=$file;?>';
+ return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tbody id="iplist_editor" style="<?=$iplist_edit_style;?>">
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="iplist_name" name="iplist_name" value="<?=$iplist_name;?>" />
+ &nbsp;&nbsp;<input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" />
+ &nbsp;&nbsp;<input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('iplist_editor').style.display='none';"
+ title="<?=gettext("Abandon changes and quit editor");?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="iplist_data" id="iplist_data"
+ style="width:95%; height:100%;"><?=$iplist_data;?></textarea>
+ </td>
+ </tr>
+ </tbody>
+
+ <tr>
+ <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <br/><?php echo gettext("1. IP Lists are used by the IP Reputation Preprocessor and are text files formatted " .
+ "with one IP address (or CIDR network) per line."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl" style="height: 20px; vertical-align: middle;"><?php echo gettext("2. IP Lists are stored as local files on the firewall and their contents are " .
+ "not saved as part of the firewall configuration file."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("IP List Controls:"); ?></strong><br/><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the editor window to create a new IP List. You must provide a valid filename before saving.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the file upload control for uploading a new IP List from your local machine.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the IP List in a text edit control for viewing or editing its contents.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Deletes the IP List from the file system after confirmation.");?></td>
+ <td class="list"></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
new file mode 100644
index 00000000..3de8c661
--- /dev/null
+++ b/config/snort/snort_ip_reputation.php
@@ -0,0 +1,506 @@
+<?php
+/*
+ * snort_ip_reputation.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g, $rebuild_rules;
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'])) {
+ $config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'] = array();
+}
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'])) {
+ $config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'] = array();
+}
+
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$pconfig = $a_nat[$id];
+$iprep_path = IPREP_PATH;
+$if_real = get_real_interface($a_nat[$id]['interface']);
+$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+// Set sensible defaults for any empty parameters
+if (empty($pconfig['iprep_memcap']))
+ $pconfig['iprep_memcap'] = '500';
+if (empty($pconfig['iprep_priority']))
+ $pconfig['iprep_priority'] = 'whitelist';
+if (empty($pconfig['iprep_nested_ip']))
+ $pconfig['iprep_nested_ip'] = 'inner';
+if (empty($pconfig['iprep_white']))
+ $pconfig['iprep_white'] = 'unblack';
+
+if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) {
+ $pconfig = $_POST;
+
+ // Test the supplied IP List file to see if it exists
+ if (file_exists($_POST['iplist'])) {
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['blist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
+ }
+ else
+ $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
+ $pconfig = $_POST;
+
+ // Test the supplied IP List file to see if it exists
+ if (file_exists($_POST['iplist'])) {
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['wlist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
+ }
+ else
+ $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
+ $pconfig = $_POST;
+ unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]);
+ write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) {
+ $pconfig = $_POST;
+ unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]);
+ write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+}
+
+if ($_POST['save'] || $_POST['apply']) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ if (!is_numericint($_POST['iprep_memcap']) || strval($_POST['iprep_memcap']) < 1 || strval($_POST['iprep_memcap']) > 4095)
+ $input_errors[] = gettext("The value for Memory Cap must be an integer between 1 and 4095.");
+
+ // if no errors write to conf
+ if (!$input_errors) {
+
+ $natent['reputation_preproc'] = $_POST['reputation_preproc'] ? 'on' : 'off';
+ $natent['iprep_scan_local'] = $_POST['iprep_scan_local'] ? 'on' : 'off';
+ $natent['iprep_memcap'] = $_POST['iprep_memcap'];
+ $natent['iprep_priority'] = $_POST['iprep_priority'];
+ $natent['iprep_nested_ip'] = $_POST['iprep_nested_ip'];
+ $natent['iprep_white'] = $_POST['iprep_white'];
+
+ $a_nat[$id] = $natent;
+
+ write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
+
+ // Update the snort conf file for this interface
+ $rebuild_rules = false;
+ snort_generate_conf($a_nat[$id]);
+
+ // Soft-restart Snort to live-load new variables
+ snort_reload_config($a_nat[$id]);
+ $pconfig = $natent;
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('snort_iprep');
+ }
+ else
+ $pconfig = $_POST;
+}
+
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
+$pgtitle = gettext("Snort: Interface {$if_friendly} IP Reputation Preprocessor");
+include_once("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+/* Display Alert message */
+if ($input_errors)
+ print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="snort_ip_reputation.php" method="post" name="iform" id="iform" >
+<input name="id" type="hidden" value="<?=$id;?>" />
+<input type="hidden" id="mode" name="mode" value="" />
+<input name="iplist" id="iplist" type="hidden" value="" />
+<input name="list_id" id="list_id" type="hidden" value="" />
+
+<?php if (is_subsystem_dirty('snort_iprep')): ?><p>
+<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
+ echo '</td></tr>';
+ echo '<tr><td class="tabnavtbl">';
+ $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Preprocessor Configuration"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Enable"); ?>
+ </td>
+ <td width="78%" class="vtable"><input name="reputation_preproc" type="checkbox" value="on" <?php if ($pconfig['reputation_preproc'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Use IP Reputation Lists on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+ <td class="vtable"><input name="iprep_memcap" type="text" class="formfld unknown"
+ id="http_inspect_memcap" size="9"
+ value="<?=htmlspecialchars($pconfig['iprep_memcap']);?>">&nbsp;
+ <?php echo gettext("Maximum memory in megabytes (MB) supported for IP Reputation Lists. Default is ") . "<strong>" .
+ gettext("500.") . "</strong><br/>" . gettext("The Minimum value is ") .
+ "<strong>" . gettext("1 MB") . "</strong>" . gettext(" and the Maximum is ") . "<strong>" .
+ gettext("4095 MB.") . "</strong>&nbsp;" . gettext("Enter an integer value between 1 and 4095."); ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Scan Local"); ?>
+ </td>
+ <td width="78%" class="vtable"><input name="iprep_scan_local" type="checkbox" value="on" <?php if ($pconfig['iprep_scan_local'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Scan RFC 1918 addresses on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?><br/>
+ <?php echo gettext("When checked, Snort will inspect addresses in the 10/8, 172.16/12 and 192.168/16 ranges defined in RFC 1918.");?><br/><br/>
+ <span class="red"><strong><?=gettext("Hint: ");?></strong></span><?=gettext("if these address ranges are used in your internal network, and this instance ") .
+ gettext("is on an internal interface, this option should usually be enabled (checked).");?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Nested IP"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_inner"
+ value="inner" <?php if ($pconfig['iprep_nested_ip'] == 'inner') echo "checked";?>/>
+ <?php echo gettext("Inner"); ?>&nbsp;<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_outer"
+ value="outer" <?php if ($pconfig['iprep_nested_ip'] == 'outer') echo "checked";?>/>
+ <?php echo gettext("Outer"); ?>&nbsp;<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_both"
+ value="both" <?php if ($pconfig['iprep_nested_ip'] == 'both') echo "checked";?>/>
+ <?php echo gettext("Both"); ?><br/>
+ <?php echo gettext("Specify which IP address to use for whitelist/blacklist matching when there is IP encapsulation. Default is ") . "<strong>" . gettext("Inner") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="iprep_priority" type="radio" id="iprep_priority_blacklist"
+ value="blacklist" <?php if ($pconfig['iprep_priority'] == 'blacklist') echo "checked";?>/>
+ <?php echo gettext("Blacklist"); ?>&nbsp;<input name="iprep_priority" type="radio" id="iprep_priority"
+ value="whitelist" <?php if ($pconfig['iprep_priority'] == 'whitelist') echo "checked";?>/>
+ <?php echo gettext("Whitelist"); ?><br/>
+ <?php echo gettext("Specify which list has priority when source/destination is on blacklist while destination/source is on whitelist.") .
+ "<br/>" . gettext("Default is ") . "<strong>" . gettext("Whitelist") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist Meaning"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="iprep_white" type="radio" id="iprep_white_unblack"
+ value="unblack" <?php if ($pconfig['iprep_white'] == 'unblack') echo "checked";?>/>
+ <?php echo gettext("Unblack"); ?>&nbsp;<input name="iprep_white" type="radio" id="iprep_white_trust"
+ value="trust" <?php if ($pconfig['iprep_white'] == 'trust') echo "checked";?>/>
+ <?php echo gettext("Trust"); ?><br/>
+ <?php echo gettext("Specify the meaning of whitelist. \"Unblack\" unblacks blacklisted IP addresses and routes them for further inspection. \"Trust\" means the packet bypasses all further Snort detection. ") .
+ gettext("Default is ") . "<strong>" . gettext("Unblack") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IP Reputation configuration");?>" />
+ &nbsp;&nbsp;<?=gettext("Click to save configuration settings and live-reload the running Snort configuration.");?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign Blacklists/Whitelists to IP Reputation Preprocessor"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Blacklist Files"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <!-- blist_chooser -->
+ <div id="blistChooser" name="blistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col style="text-align:left;">
+ <col style="width: 30%; text-align:left;">
+ <col style="width: 17px;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("Blacklist Filename"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+ <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="blist_add" id="blist_add"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Assign a blacklist file');?>"/></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach($pconfig['blist_files']['item'] as $k => $f):
+ $class = "listr";
+ if (!file_exists("{$iprep_path}{$f}")) {
+ $filedate = gettext("Unknown -- file missing");
+ $class .= " red";
+ }
+ else
+ $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}"));
+ ?>
+ <tr>
+ <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+ <td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+ <td class="list"><input type="image" name="blist_del[]" id="blist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Remove this blacklist file');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+ <?=gettext("changes to blacklist assignments are immediately saved.");?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Whitelist Files"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <!-- wlist_chooser -->
+ <div id="wlistChooser" name="wlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+ <colgroup>
+ <col style="text-align:left;">
+ <col style="width: 30%; text-align:left;">
+ <col style="width: 17px;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("Whitelist Filename"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+ <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="wlist_add" id="wlist_add"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Assign a whitelist file');?>"/></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach($pconfig['wlist_files']['item'] as $k => $f):
+ $class = "listr";
+ if (!file_exists("{$iprep_path}{$f}")) {
+ $filedate = gettext("Unknown -- file missing");
+ $class .= " red";
+ }
+ else
+ $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}"));
+ ?>
+ <tr>
+ <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+ <td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+ <td class="list"><input type="image" name="wlist_del[]" id="wlist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Remove this whitelist file');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+ <?=gettext("changes to whitelist assignments are immediately saved.");?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+Event.observe(
+ window, "load",
+ function() {
+ Event.observe(
+ "blist_add", "click",
+ function() {
+ Effect.Appear("blistChooser", { duration: 0.25 });
+ blistChoose();
+ }
+ );
+
+ Event.observe(
+ "wlist_add", "click",
+ function() {
+ Effect.Appear("wlistChooser", { duration: 0.25 });
+ wlistChoose();
+ }
+ );
+ }
+);
+
+function blistChoose() {
+ Effect.Appear("blistChooser", { duration: 0.25 });
+ if($("fbCurrentDir"))
+ $("fbCurrentDir").innerHTML = "Loading ...";
+
+ new Ajax.Request(
+ "/snort/snort_iprep_list_browser.php?container=blistChooser&target=iplist&val=" + new Date().getTime(),
+ { method: "get", onComplete: blistComplete }
+ );
+}
+
+function wlistChoose() {
+ Effect.Appear("wlistChooser", { duration: 0.25 });
+ if($("fbCurrentDir"))
+ $("fbCurrentDir").innerHTML = "Loading ...";
+
+ new Ajax.Request(
+ "/snort/snort_iprep_list_browser.php?container=wlistChooser&target=iplist&val=" + new Date().getTime(),
+ { method: "get", onComplete: wlistComplete }
+ );
+}
+
+function blistComplete(req) {
+ $("blistChooser").innerHTML = req.responseText;
+
+ var actions = {
+ fbClose: function() { $("blistChooser").hide(); },
+ fbFile: function() { $("iplist").value = this.id;
+ $("mode").value = 'blist_add';
+ document.getElementById('iform').submit();
+ }
+ }
+
+ for(var type in actions) {
+ var elem = $("blistChooser");
+ var list = elem.getElementsByClassName(type);
+ for (var i=0; i<list.length; i++) {
+ Event.observe(list[i], "click", actions[type]);
+ list[i].style.cursor = "pointer";
+ }
+ }
+}
+
+function wlistComplete(req) {
+ $("wlistChooser").innerHTML = req.responseText;
+
+ var actions = {
+ fbClose: function() { $("wlistChooser").hide(); },
+ fbFile: function() { $("iplist").value = this.id;
+ $("mode").value = 'wlist_add';
+ document.getElementById('iform').submit();
+ }
+ }
+
+ for(var type in actions) {
+ var elem = $("wlistChooser");
+ var list = elem.getElementsByClassName(type);
+ for (var i=0; i<list.length; i++) {
+ Event.observe(list[i], "click", actions[type]);
+ list[i].style.cursor = "pointer";
+ }
+ }
+}
+
+</script>
+
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php
new file mode 100644
index 00000000..3e4d6b6a
--- /dev/null
+++ b/config/snort/snort_iprep_list_browser.php
@@ -0,0 +1,99 @@
+<?php
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+// Fetch a list of files inside a given directory
+function get_content($dir) {
+ $files = array();
+
+ clearstatcache();
+ $fd = @opendir($dir);
+ while($entry = @readdir($fd)) {
+ if($entry == ".") continue;
+ if($entry == "..") continue;
+
+ if(is_dir("{$dir}/{$entry}"))
+ continue;
+ else
+ array_push($files, $entry);
+ }
+ @closedir($fd);
+ natsort($files);
+ return $files;
+}
+
+$path = IPREP_PATH;
+$container = htmlspecialchars($_GET['container']);
+$target = htmlspecialchars($_GET['target']);
+
+// ----- header -----
+?>
+<table width="100%">
+ <tr>
+ <td width="25px" align="left">
+ <img src="/filebrowser/images/icon_home.gif" alt="Home" title="Home" />
+ </td>
+ <td><b><?=$path;?></b></td>
+ <td class="fbClose" align="right">
+ <img onClick="$('<?=$container;?>').hide();" border="0" src="/filebrowser/images/icon_cancel.gif" alt="Close" title="Close" />
+ </td>
+ </tr>
+ <tr>
+ <td id="fbCurrentDir" colspan="3" class="vexpl" align="left">
+ </td>
+ </tr>
+<?php
+$files = get_content($path);
+
+// ----- files -----
+foreach($files as $file):
+ $ext = strrchr($file, ".");
+
+ if($ext == ".css" ) $type = "code";
+ elseif($ext == ".html") $type = "code";
+ elseif($ext == ".xml" ) $type = "code";
+ elseif($ext == ".rrd" ) $type = "database";
+ elseif($ext == ".gif" ) $type = "image";
+ elseif($ext == ".jpg" ) $type = "image";
+ elseif($ext == ".png" ) $type = "image";
+ elseif($ext == ".js" ) $type = "js";
+ elseif($ext == ".pdf" ) $type = "pdf";
+ elseif($ext == ".inc" ) $type = "php";
+ elseif($ext == ".php" ) $type = "php";
+ elseif($ext == ".conf") $type = "system";
+ elseif($ext == ".pid" ) $type = "system";
+ elseif($ext == ".sh" ) $type = "system";
+ elseif($ext == ".bz2" ) $type = "zip";
+ elseif($ext == ".gz" ) $type = "zip";
+ elseif($ext == ".tgz" ) $type = "zip";
+ elseif($ext == ".zip" ) $type = "zip";
+ else $type = "generic";
+
+ $fqpn = "{$path}/{$file}";
+
+ if(is_file($fqpn)) {
+ $fqpn = realpath($fqpn);
+ $size = sprintf("%.2f KiB", filesize($fqpn) / 1024);
+ }
+ else
+ $size = "";
+?>
+ <tr>
+ <td></td>
+ <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left">
+ <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?>
+ <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();">
+ <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title="">
+ &nbsp;<?=$file;?>
+ </div>
+ </td>
+ <td align="right" class="vexpl">
+ <?=$size;?>
+ </td>
+ </tr>
+<?php
+endforeach;
+?>
+</table>
+
diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php
index 856367ef..8c3d0134 100644
--- a/config/snort/snort_list_view.php
+++ b/config/snort/snort_list_view.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2004, 2005 Scott Ullrich
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
@@ -41,23 +42,29 @@ global $g, $config;
$contents = '';
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
+$title = "List";
if (isset($id) && isset($wlist)) {
$a_rule = $config['installedpackages']['snortglobal']['rule'][$id];
if ($type == "homenet") {
$list = snort_build_list($a_rule, $wlist);
$contents = implode("\n", $list);
+ $title = "HOME_NET";
}
- elseif ($type == "whitelist") {
+ elseif ($type == "passlist") {
$list = snort_build_list($a_rule, $wlist, true);
$contents = implode("\n", $list);
+ $title = "Pass List";
}
elseif ($type == "suppress") {
$list = snort_find_list($wlist, $type);
$contents = str_replace("\r", "", base64_decode($list['suppresspassthru']));
+ $title = "Suppress List";
}
else
$contents = gettext("\n\nERROR -- Requested List Type entity is not valid!");
@@ -65,35 +72,32 @@ if (isset($id) && isset($wlist)) {
else
$contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!");
-$pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer"));
+$pgtitle = array(gettext("Snort"), gettext($title . " Viewer"));
?>
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-<form action="snort_whitelist_view.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
- <td class="pgtitle" colspan="2">Snort: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td>
+ <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td>
</tr>
<tr>
<td align="left" width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext(ucfirst($type) . ": ") . '</b>&nbsp;' . $_GET['wlist']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext($title . ": ") . '</b>&nbsp;' . htmlspecialchars($_GET['wlist']); ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
<td colspan="2" valign="top" class="label">
<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
</div>
</td>
</tr>
@@ -101,7 +105,5 @@ $pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer"));
</td>
</tr>
</table>
-</form>
-<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php
deleted file mode 100644
index beec1aa7..00000000
--- a/config/snort/snort_log_view.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php
-/*
- * snort_log_view.php
- *
- * Copyright (C) 2004, 2005 Scott Ullrich
- * Copyright (C) 2011 Ermal Luci
- * All rights reserved.
- *
- * Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
- * Copyright (C) 2006-2009 Volker Theile
- *
- * Adapted for Pfsense Snort package by Robert Zelaya
- * Copyright (C) 2008-2009 Robert Zelaya
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$contents = '';
-
-// Read the contents of the argument passed to us.
-// Is it a fully qualified path and file?
-$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401);
-if (file_exists($logfile))
- if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!");
- else
- $contents = file_get_contents($logfile);
-// It is not something we can display, so print an error.
-else
- $contents = gettext("\n\nERROR -- File: {$logfile} not found!");
-
-$pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
-?>
-
-<?php include("head.inc");?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-
-<form action="snort_log_view.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td class="tabcont">
- <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
- <tr>
- <td class="pgtitle" colspan="2">Snort: Log File Viewer</td>
- </tr>
- <tr>
- <td align="left" width="20%">
- <input type="button" class="formbtn" value="Return" onclick="window.close()">
- </td>
- <td align="right">
- <b><?php echo gettext("Log File: ") . '</b>&nbsp;' . $logfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="label">
- <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php // include("fend.inc");?>
-</body>
-</html>
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 218237ab..d483ba47 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -322,6 +322,41 @@ foreach ($rule as &$r) {
}
}
+ // Migrate any Barnyard2 settings to the new advanced fields.
+ // Parse the old DB connect string and find the "host", "user",
+ // "dbname" and "password" values and save them in the new
+ // MySQL field names in the config file.
+ if (!empty($pconfig['barnyard_mysql'])) {
+ if (preg_match_all('/(dbname|host|user|password)\s*\=\s*([^\s]*)/i', $pconfig['barnyard_mysql'], $matches)) {
+ foreach ($matches[1] as $k => $p) {
+ if (strcasecmp($p, 'dbname') == 0)
+ $pconfig['barnyard_dbname'] = $matches[2][$k];
+ elseif (strcasecmp($p, 'host') == 0)
+ $pconfig['barnyard_dbhost'] = $matches[2][$k];
+ elseif (strcasecmp($p, 'user') == 0)
+ $pconfig['barnyard_dbuser'] = $matches[2][$k];
+ elseif (strcasecmp($p, 'password') == 0)
+ $pconfig['barnyard_dbpwd'] = base64_encode($matches[2][$k]);
+ }
+ $pconfig['barnyard_mysql_enable'] = 'on';
+ unset($pconfig['barnyard_mysql']);
+ }
+ // Since Barnyard2 was enabled, configure the new archived log settings
+ $pconfig['u2_archived_log_retention'] = '168';
+ $pconfig['barnyard_archive_enable'] = 'on';
+ $pconfig['unified2_log_limit'] = '32';
+ $updated_cfg = true;
+ }
+
+ // This setting is deprecated and replaced
+ // by 'barnyard_enable' since any Barnyard2
+ // chaining requires unified2 logging.
+ if (isset($pconfig['snortunifiedlog'])) {
+ unset($pconfig['snortunifiedlog']);
+ $pconfig['barnyard_enable'] = 'on';
+ $updated_cfg = true;
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
@@ -330,9 +365,9 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8";
log_error("[Snort] Saving configuration settings in new format...");
- write_config();
+ write_config("Snort pkg: migrate existing settings to new format as part of package upgrade.");
log_error("[Snort] Settings successfully migrated to new configuration format...");
}
else
diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php
new file mode 100644
index 00000000..2cac9cd4
--- /dev/null
+++ b/config/snort/snort_passlist.php
@@ -0,0 +1,205 @@
+<?php
+/*
+ * snort_passlist.php
+ *
+ * Copyright (C) 2004 Scott Ullrich
+ * Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * originially part of m0n0wall (http://m0n0.ch/wall)
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * modified for the pfsense snort package
+ * Copyright (C) 2009-2010 Robert Zelaya.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
+ $config['installedpackages']['snortglobal']['whitelist'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+$a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+// Calculate the next Pass List index ID
+if (isset($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+else
+ $id_gen = '0';
+
+function snort_is_passlist_used($list) {
+
+ /**********************************************
+ * This function tests the provided Pass List *
+ * to determine if it is assigned to an *
+ * interface. *
+ * *
+ * On Entry: $list -> Pass List name to test *
+ * *
+ * Returns: TRUE if Pass List is in use or *
+ * FALSE if not in use *
+ **********************************************/
+
+ global $config;
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return FALSE;
+
+ foreach($config['installedpackages']['snortglobal']['rule'] as $v) {
+ if (isset($v['whitelistname']) && $v['whitelistname'] == $list)
+ return TRUE;
+ }
+ return FALSE;
+}
+
+if ($_POST['del'] && is_numericint($_POST['list_id'])) {
+ if ($a_passlist[$_POST['list_id']]) {
+ /* make sure list is not being referenced by any interface */
+ if (snort_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("This Pass List is currently assigned to a Snort interface and cannot be deleted. Unassign it from all Snort interfaces first.");
+ }
+ if (!$input_errors) {
+ unset($a_passlist[$_POST['list_id']]);
+ write_config("Snort pkg: deleted PASS LIST.");
+ sync_snort_package_config();
+ header("Location: /snort/snort_passlist.php");
+ exit;
+ }
+ }
+}
+
+$pgtitle = gettext("Snort: Pass Lists");
+include_once("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
+
+<form action="/snort/snort_passlist.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
+?>
+ </td>
+</tr>
+<tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">List Name</td>
+ <td width="30%" class="listhdrr">Assigned Alias</td>
+ <td class="listhdr">Description</td>
+ <td width="40px" class="list"></td>
+ </tr>
+ <?php foreach ($a_passlist as $i => $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';"
+ title="<?=filter_expand_alias($list['address']);?>">
+ <?php echo gettext($list['address']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="snort_passlist_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a>
+ </td>
+ <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a href="snort_passlist_edit.php?id=<?php echo $id_gen;?> ">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<br>
+<table width="100%" border="0" cellpadding="1"
+ cellspacing="1">
+ <tr>
+ <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <p><?php echo gettext("1. Here you can create Pass List files for your Snort package rules. Hosts on a Pass List are never blocked by Snort."); ?><br/>
+ <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Snort block decisions."); ?><br/>
+ <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/>
+ <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td>
+ </tr>
+ <tr>
+ <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td>
+ </tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_passlist_edit.php
index 882c2b6f..3be776f4 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_passlist_edit.php
@@ -1,8 +1,9 @@
<?php
/*
- * snort_interfaces_whitelist_edit.php
+ * snort_passlist_edit.php
* Copyright (C) 2004 Scott Ullrich
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* originially part of m0n0wall (http://m0n0.ch/wall)
@@ -39,7 +40,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
if ($_POST['cancel']) {
- header("Location: /snort/snort_interfaces_whitelist.php");
+ header("Location: /snort/snort_passlist.php");
exit;
}
@@ -47,27 +48,32 @@ if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
$config['installedpackages']['snortglobal']['whitelist'] = array();
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+$a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
if (is_null($id)) {
header("Location: /snort/snort_interfaces_whitelist.php");
exit;
}
-if (empty($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'])) {
- $whitelist_uuid = 0;
- while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
- $whitelist_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $whitelist_uuid;
+/* If no entry for this passlist, then create a UUID and treat it like a new list */
+if (!isset($a_passlist[$id]['uuid'])) {
+ $passlist_uuid = 0;
+ while ($passlist_uuid > 65535 || $passlist_uuid == 0) {
+ $passlist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $passlist_uuid;
+ $pconfig['name'] = "passlist_{$passlist_uuid}";
}
} else
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
+ $passlist_uuid = $a_passlist[$id]['uuid'];
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
+/* returns true if $name is a valid name for a pass list file name or ip */
+function is_validpasslistname($name) {
if (!is_string($name))
return false;
@@ -77,29 +83,29 @@ function is_validwhitelistname($name) {
return false;
}
-if (isset($id) && $a_whitelist[$id]) {
+if (isset($id) && $a_passlist[$id]) {
/* old settings */
$pconfig = array();
- $pconfig['name'] = $a_whitelist[$id]['name'];
- $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
- $pconfig['detail'] = $a_whitelist[$id]['detail'];
- $pconfig['address'] = $a_whitelist[$id]['address'];
- $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
- $pconfig['localnets'] = $a_whitelist[$id]['localnets'];
- $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
- $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
- $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
- $pconfig['vips'] = $a_whitelist[$id]['vips'];
- $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+ $pconfig['name'] = $a_passlist[$id]['name'];
+ $pconfig['uuid'] = $a_passlist[$id]['uuid'];
+ $pconfig['detail'] = $a_passlist[$id]['detail'];
+ $pconfig['address'] = $a_passlist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']);
+ $pconfig['localnets'] = $a_passlist[$id]['localnets'];
+ $pconfig['wanips'] = $a_passlist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_passlist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_passlist[$id]['vips'];
+ $pconfig['vpnips'] = $a_passlist[$id]['vpnips'];
}
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "address" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ if ($_GET['varname'] == "address" && isset($_GET['varvalue']))
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -108,19 +114,19 @@ if ($_POST['submit']) {
$reqdfieldsn = explode(",", "Name");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = gettext("Whitelist file names may not be named defaultwhitelist.");
+ if(strtolower($_POST['name']) == "defaultpasslist")
+ $input_errors[] = gettext("Pass List file names may not be named defaultpasslist.");
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = gettext("Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
+ if (is_validpasslistname($_POST['name']) == false)
+ $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
/* check for name conflicts */
- foreach ($a_whitelist as $w_list) {
- if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
+ foreach ($a_passlist as $w_list) {
+ if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list))
continue;
if ($w_list['name'] == $_POST['name']) {
- $input_errors[] = gettext("A whitelist file name with this name already exists.");
+ $input_errors[] = gettext("A Pass List file name with this name already exists.");
break;
}
}
@@ -133,7 +139,7 @@ if ($_POST['submit']) {
$w_list = array();
/* post user input */
$w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $whitelist_uuid;
+ $w_list['uuid'] = $passlist_uuid;
$w_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
$w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
$w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
@@ -145,22 +151,22 @@ if ($_POST['submit']) {
$w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
$w_list['detail'] = $final_address_details;
- if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
+ if (isset($id) && $a_passlist[$id])
+ $a_passlist[$id] = $w_list;
else
- $a_whitelist[] = $w_list;
+ $a_passlist[] = $w_list;
- write_config();
+ write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
- /* create whitelist and homenet file then sync files */
+ /* create pass list and homenet file, then sync files */
sync_snort_package_config();
- header("Location: /snort/snort_interfaces_whitelist.php");
+ header("Location: /snort/snort_passlist.php");
exit;
}
}
-$pgtitle = gettext("Snort: Whitelist Edit - {$a_whitelist[$id]['name']}");
+$pgtitle = gettext("Snort: Pass List Edit - {$pconfig['name']}");
include_once("head.inc");
?>
@@ -168,8 +174,8 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
@@ -177,7 +183,8 @@ if ($savemsg)
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
+<form action="snort_passlist_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>" />
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -187,10 +194,11 @@ if ($savemsg)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array,true);
?>
</td>
</tr>
@@ -266,12 +274,12 @@ if ($savemsg)
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncellreq">
- <div id="addressnetworkport"><?php echo gettext("Alias Name:"); ?></div>
+ <td width="22%" valign="top" class="vncell">
+ <?php echo gettext("Assigned Aliases:"); ?>
</td>
<td width="78%" class="vtable">
<input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
- title="<?=trim(filter_expand_alias($pconfig['address']));?>" />
+ title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>
&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/>
</td>
@@ -279,9 +287,8 @@ if ($savemsg)
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="save" name="save" type="submit" class="formbtn" value="Save" />
<input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" />
- <input name="id" type="hidden" value="<?=$id;?>" />
</td>
</tr>
</table>
@@ -299,15 +306,11 @@ if ($savemsg)
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
continue;
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
}
?>
-
var addressarray=new Array(<?php echo $aliasesaddr; ?>);
function createAutoSuggest() {
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 945ddd04..8d3c427d 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -96,13 +96,15 @@ function snort_build_new_conf($snortcfg) {
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
+ conf_mount_rw();
+
/* See if we should protect and not modify the preprocessor rules files */
if (!empty($snortcfg['protect_preproc_rules']))
$protect_preproc_rules = $snortcfg['protect_preproc_rules'];
else
$protect_preproc_rules = "off";
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
$snort_uuid = $snortcfg['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
@@ -162,8 +164,18 @@ function snort_build_new_conf($snortcfg) {
/* define snortunifiedlog */
$snortunifiedlog_type = "";
- if ($snortcfg['snortunifiedlog'] == "on")
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ if ($snortcfg['barnyard_enable'] == "on") {
+ if (isset($snortcfg['unified2_log_limit']))
+ $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}";
+ else
+ $u2_log_limit = "limit 128";
+
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}";
+ if ($snortcfg['barnyard_log_vlan_events'] == 'on')
+ $snortunifiedlog_type .= ", vlan_event_types";
+ if ($snortcfg['barnyard_log_mpls_events'] == 'on')
+ $snortunifiedlog_type .= ", mpls_event_types";
+ }
/* define spoink */
$spoink_type = "";
@@ -721,6 +733,49 @@ preprocessor sensitive_data: \
EOD;
+ /* define IP Reputation preprocessor */
+ if (is_array($snortcfg['blist_files']['item'])) {
+ $blist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['blist_files']['item'] as $blist) {
+ if ($bIsFirst) {
+ $blist_files .= "blacklist " . IPREP_PATH . $blist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist;
+ }
+ }
+ if (is_array($snortcfg['wlist_files']['item'])) {
+ $wlist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['wlist_files']['item'] as $wlist) {
+ if ($bIsFirst) {
+ $wlist_files .= "whitelist " . IPREP_PATH . $wlist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist;
+ }
+ }
+ if (!empty($blist_files))
+ $ip_lists = $blist_files;
+ if (!empty($wlist_files))
+ $ip_lists .= ", \\ \n" . $wlist_files;
+ if ($snortcfg['iprep_scan_local'] == 'on')
+ $ip_lists .= ", \\ \n\tscan_local";
+
+ $reputation_preproc = <<<EOD
+# IP Reputation preprocessor #
+preprocessor reputation: \
+ memcap {$snortcfg['iprep_memcap']}, \
+ priority {$snortcfg['iprep_priority']}, \
+ nested_ip {$snortcfg['iprep_nested_ip']}, \
+ white {$snortcfg['iprep_white']}, \
+ {$ip_lists}
+
+EOD;
+
/* define servers as IP variables */
$snort_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -751,11 +806,11 @@ EOD;
"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
);
$snort_preproc = array (
- "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc"
+ "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan",
+ "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc"
);
$default_disabled_preprocs = array(
- "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc"
+ "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
@@ -1213,7 +1268,7 @@ EOD;
ipvar HOME_NET [{$home_net}]
ipvar EXTERNAL_NET [{$external_net}]
-# Define Rule Paths #
+# Define Rule Path #
var RULE_PATH {$snortcfgdir}/rules
# Define Servers #
@@ -1305,13 +1360,8 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src
EOD;
// Write out snort.conf file
- $conf = fopen("{$snortcfgdir}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open {$snortcfgdir}/snort.conf for writing.");
- return -1;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
+ file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
+ conf_mount_ro();
unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
unset($home_net, $external_net, $ipvardef, $portvardef);
}
@@ -1326,14 +1376,14 @@ if(is_process_running("snort")) {
exec("/usr/bin/killall -z snort");
sleep(2);
// Delete any leftover snort PID files in /var/run
- array_map('@unlink', glob("/var/run/snort_*.pid"));
+ unlink_if_exists("/var/run/snort_*.pid");
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
exec("/usr/bin/killall -z barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
}
/* Set flag for post-install in progress */
@@ -1362,46 +1412,68 @@ foreach ($preproc_rules as $file) {
@unlink("{$rcdir}/snort.sh");
@unlink("{$rcdir}/barnyard2");
+/* Create required log and db directories in /var */
+safe_mkdir(SNORTLOGDIR);
+safe_mkdir(IPREP_PATH);
+
+/* If installed, absorb the Snort Dashboard Widget into this package */
+/* by removing it as a separately installed package. */
+$pkgid = get_pkg_id("Dashboard Widget: Snort");
+if ($pkgid >= 0) {
+ log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package."));
+ unset($config['installedpackages']['package'][$pkgid]);
+ unlink_if_exists("/usr/local/pkg/widget-snort.xml");
+ write_config("Snort pkg: removed legacy Snort Dashboard Widget.");
+}
+
+/* Define a default Dashboard Widget Container for Snort */
+$snort_widget_container = "snort_alerts-container:col2:close";
+
/* remake saved settings */
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
/* Do one-time settings migration for new multi-engine configurations */
- update_output_window(gettext("Please wait... migrating settings to new multi-engine configuration..."));
- include('/usr/local/pkg/snort/snort_migrate_config.php');
+ update_output_window(gettext("Please wait... migrating settings to new configuration..."));
+ include('/usr/local/www/snort/snort_migrate_config.php');
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
log_error(gettext("[Snort] Downloading and updating configured rule types..."));
update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
if ($pkg_interface <> "console")
$snort_gui_include = true;
- include('/usr/local/pkg/snort/snort_check_for_rule_updates.php');
+ include('/usr/local/www/snort/snort_check_for_rule_updates.php');
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = true;
/* Create the snort.conf files for each enabled interface */
$snortconf = $config['installedpackages']['snortglobal']['rule'];
foreach ($snortconf as $value) {
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
/* create a snort.conf file for interface */
snort_build_new_conf($value);
/* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
- snort_create_barnyard2_conf($value, $if_real);
+ snort_generate_barnyard2_conf($value, $if_real);
}
/* create snort bootup file snort.sh */
snort_create_rc();
/* Set Log Limit, Block Hosts Time and Rules Update Time */
- snort_snortloglimit_install_cron($config['installedpackages']['snortglobal']['snortloglimit'] == 'on' ? true : false);
+ snort_snortloglimit_install_cron(true);
snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false);
snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false);
/* Add the recurring jobs created above to crontab */
configure_cron();
+ /* Restore the last Snort Dashboard Widget setting if none is set */
+ if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) &&
+ stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
+ $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget'];
+
$rebuild_rules = false;
update_output_window(gettext("Finished rebuilding Snort configuration files..."));
log_error(gettext("[Snort] Finished rebuilding installation from saved settings..."));
@@ -1416,9 +1488,14 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
}
}
+/* If an existing Snort Dashboard Widget container is not found, */
+/* then insert our default Widget Dashboard container. */
+if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
+ $config['widgets']['sequence'] .= ",{$snort_widget_container}";
+
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
-write_config();
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8";
+write_config("Snort pkg: post-install configuration saved.");
/* Done with post-install, so clear flag */
unset($g['snort_postinstall']);
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 26b37e81..5cee95df 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -6,7 +6,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -38,9 +38,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortlogdir = SNORTLOGDIR;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -66,6 +68,8 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_clie
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
+
+// Calculate the "next engine ID" to use for the multi-config engine arrays
$frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']);
$stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']);
$http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']);
@@ -73,170 +77,9 @@ $ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']);
$ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']);
$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
+if (isset($id) && isset($a_nat[$id])) {
$pconfig = $a_nat[$id];
- /* Get current values from config for page form fields */
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table'];
- $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
- $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts'];
- $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host'];
- $pconfig['max_paf'] = $a_nat[$id]['max_paf'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type'];
- $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted'];
- $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted'];
- $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize'];
- $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies'];
- $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol'];
- $pconfig['pscan_type'] = $a_nat[$id]['pscan_type'];
- $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level'];
- $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap'];
- $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
- $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
- $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type'];
- $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold'];
- $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output'];
- $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
- $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
- $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
- $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc'];
- $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc'];
- $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc'];
- $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc'];
- $pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc'];
- $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable'];
- $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules'];
-
- // Frag3 global settings
- $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection'];
- $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags'];
- $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap'];
-
- // See if new Frag3 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['frag3_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd",
- "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on",
- "overlap_limit" => 0, "min_frag_len" => 0 );
- $pconfig['frag3_engine']['item'] = array();
- $pconfig['frag3_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['frag3_engine']['item']))
- $a_nat[$id]['frag3_engine']['item'] = array();
- $a_nat[$id]['frag3_engine']['item'][] = $default;
- write_config();
- $frag3_engine_next_id++;
- }
- else
- $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine'];
-
- // Stream5 global settings
- $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
- $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert'];
- $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max'];
- $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
- $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
- $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp'];
- $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
- $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp'];
- $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
- $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
- $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp'];
- $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
-
- // See if new Stream5 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['stream5_tcp_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30,
- "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0,
- "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0,
- "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off",
- "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default",
- "ports_both" => "default", "ports_server" => "none" );
- $pconfig['stream5_tcp_engine']['item'] = array();
- $pconfig['stream5_tcp_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['stream5_tcp_engine']['item']))
- $a_nat[$id]['stream5_tcp_engine']['item'] = array();
- $a_nat[$id]['stream5_tcp_engine']['item'][] = $default;
- write_config();
- $stream5_tcp_engine_next_id++;
- }
- else
- $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine'];
-
- // HTTP_INSPECT global settings
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
- $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert'];
- $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem'];
-
- // See if new HTTP_INSPECT engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['http_inspect_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off",
- "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on",
- "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off",
- "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on",
- "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on",
- "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200,
- "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" );
- $pconfig['http_inspect_engine']['item'] = array();
- $pconfig['http_inspect_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['http_inspect_engine']['item']))
- $a_nat[$id]['http_inspect_engine']['item'] = array();
- $a_nat[$id]['http_inspect_engine']['item'][] = $default;
- write_config();
- $http_inspect_engine_next_id++;
- }
- else
- $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine'];
-
- // See if new FTP client engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_client_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256,
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" );
- $pconfig['ftp_client_engine']['item'] = array();
- $pconfig['ftp_client_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_client_engine']['item']))
- $a_nat[$id]['ftp_client_engine']['item'] = array();
- $a_nat[$id]['ftp_client_engine']['item'][] = $default;
- write_config();
- $ftp_client_engine_next_id++;
- }
- else
- $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine'];
-
- // See if new FTP server engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_server_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "ports" => "default",
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "ignore_data_chan" => "no", "def_max_param_len" => 100 );
- $pconfig['ftp_server_engine']['item'] = array();
- $pconfig['ftp_server_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_server_engine']['item']))
- $a_nat[$id]['ftp_server_engine']['item'] = array();
- $a_nat[$id]['ftp_server_engine']['item'][] = $default;
- write_config();
- $ftp_server_engine_next_id++;
- }
- else
- $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine'];
-
- /* If not using the Snort VRT rules, then disable */
- /* the Sensitive Data (sdf) preprocessor. */
- if ($vrt_enabled == "off")
- $pconfig['sensitive_data'] = "off";
-
/************************************************************/
/* To keep new users from shooting themselves in the foot */
/* enable the most common required preprocessors by default */
@@ -264,12 +107,14 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+
if (empty($pconfig['sdf_alert_data_type']))
$pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
$pconfig['sdf_mask_output'] = 'off';
+
if (empty($pconfig['smtp_preprocessor']))
$pconfig['smtp_preprocessor'] = 'on';
if (empty($pconfig['dce_rpc_2']))
@@ -340,36 +185,56 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['pscan_sense_level'] = 'medium';
}
-/* Define the "disabled_preproc_rules.log" file for this interface */
-$iface = snort_get_friendly_interface($pconfig['interface']);
-$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
-if ($_GET['act'] && isset($_GET['eng_id'])) {
+/* Define the "disabled_preproc_rules.log" file for this interface */
+$disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log";
- $natent = array();
- $natent = $pconfig;
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
- if ($_GET['act'] == "del_frag3")
- unset($natent['frag3_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_stream5_tcp")
- unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_http_inspect")
- unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_ftp_server")
- unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]);
-
- if (isset($id) && $a_nat[$id]) {
- $a_nat[$id] = $natent;
- write_config();
+// Handle deleting of any of the multiple configuration engines
+if ($_POST['del_http_inspect']) {
+ if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) {
+ unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#httpinspect_row");
+ exit;
}
-
- header("Location: snort_preprocessors.php?id=$id");
- exit;
}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+elseif ($_POST['del_frag3']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#frag3_row");
+ exit;
+ }
+}
+elseif ($_POST['del_stream5_tcp']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#stream5_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_client']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_server']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
}
if ($_POST['ResetAll']) {
@@ -434,7 +299,8 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All preprocessor settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -509,9 +375,9 @@ elseif ($_POST['Submit']) {
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}.");
}
/*************************************************/
@@ -524,7 +390,7 @@ elseif ($_POST['Submit']) {
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off')
- @unlink("{$disabled_rules_log}");
+ unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
@@ -543,20 +409,25 @@ elseif ($_POST['Submit']) {
header("Location: snort_preprocessors.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-elseif ($_POST['btn_import']) {
+
+if ($_POST['btn_import']) {
if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) {
$data = file_get_contents($_FILES['host_attribute_file']['tmp_name']);
- if ($data === false)
+ if ($data === false) {
$input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!");
+ $pconfig = $_POST;
+ }
else {
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['host_attribute_data'] = base64_encode($data);
$pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}.");
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -567,15 +438,18 @@ elseif ($_POST['btn_import']) {
exit;
}
}
- else
+ else {
$input_errors[] = gettext("No filename specified for import!");
+ $pconfig = $_POST;
+ }
}
-elseif ($_POST['btn_edit_hat']) {
- if (isset($id) && $a_nat[$id]) {
+
+if ($_POST['btn_edit_hat']) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
header("Location: snort_edit_hat_data.php?id=$id");
exit;
}
@@ -586,26 +460,21 @@ elseif ($_POST['btn_edit_hat']) {
if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data']))
$input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file.");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
+<?php include("fbegin.inc");
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<script type="text/javascript" src="/javascript/autosuggest.js">
@@ -613,8 +482,9 @@ include_once("head.inc");
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<form action="snort_preprocessors.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input name="eng_id" id="eng_id" type="hidden" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -622,23 +492,25 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -694,7 +566,7 @@ include_once("head.inc");
"disabled preprocessors, but can substantially compromise the level of protection by " .
"automatically disabling detection rules."); ?></td>
</tr>
- <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?>
+ <?php if (file_exists("{$snortlogdir}/{$disabled_rules_log}") && filesize("{$snortlogdir}/{$disabled_rules_log}") > 0): ?>
<tr>
<td width="3%">&nbsp;</td>
<td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);">
@@ -718,8 +590,8 @@ include_once("head.inc");
<tr id="host_attrib_table_data_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td>
<td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/>
- <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40">&nbsp;&nbsp;
- <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/>
+ <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"/>&nbsp;&nbsp;
+ <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"/><br/>
<?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/>
<span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span>
<?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank">
@@ -744,7 +616,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") .
"<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("524288") . "</strong>"; ?>.</td>
@@ -761,7 +633,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") .
"<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("65535") . "</strong>"; ?>.</td>
@@ -868,10 +740,10 @@ include_once("head.inc");
<td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
- <?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <input type="image" name="del_http_inspect[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -937,9 +809,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this engine configuration");?>"></a>
+ <input type="image" name="del_frag3[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1094,9 +966,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this TCP engine configuration");?>"></a>
+ <input type="image" name="del_stream5_tcp[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this TCP engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1329,9 +1201,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP client configuration");?>"></a>
+ <input type="image" name="del_ftp_client[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP client configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default client configuration cannot be deleted");?>">
@@ -1371,9 +1243,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP server configuration");?>"></a>
+ <input type="image" name="del_ftp_server[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -1399,7 +1271,7 @@ include_once("head.inc");
<?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?>
<br/>
<span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") .
- "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
+ "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\">" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
</td>
</tr>
<tr id="sdf_alert_data_row">
@@ -1533,9 +1405,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save preprocessor settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -1582,8 +1454,6 @@ include_once("head.inc");
function createAutoSuggest() {
<?php
echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
?>
}
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index afc764fc..e69152c3 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -37,38 +37,28 @@ global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$rules_map = array();
+$categories = array();
$pconfig = array();
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_rule = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
-if (isset($id) && $a_rule[$id]) {
+if (isset($id) && isset($a_rule[$id])) {
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 2)) . "...";
- return $string;
-}
-
function add_title_attribute($tag, $title) {
/********************************
@@ -102,15 +92,19 @@ function add_title_attribute($tag, $title) {
}
/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
$etprodownload = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$categories = explode("||", $pconfig['rulesets']);
-// add the standard rules files to the categories list
+// Add any previously saved rules files to the categories array
+if (!empty($pconfig['rulesets']))
+ $categories = explode("||", $pconfig['rulesets']);
+
+// add the standard rules files to the categories array
$categories[] = "custom.rules";
$categories[] = "decoder.rules";
$categories[] = "preprocessor.rules";
@@ -121,20 +115,19 @@ if ($a_rule[$id]['autoflowbitrules'] == 'on')
$categories[] = "Auto-Flowbit Rules";
natcasesort($categories);
-if ($_GET['openruleset'])
- $currentruleset = $_GET['openruleset'];
-else if ($_POST['openruleset'])
+if (isset($_POST['openruleset']))
$currentruleset = $_POST['openruleset'];
+elseif (isset($_GET['openruleset']))
+ $currentruleset = htmlspecialchars($_GET['openruleset']);
else
- $currentruleset = $categories[0];
+ $currentruleset = $categories[key($categories)];
/* One last sanity check -- if the rules directory is empty, default to loading custom rules */
$tmp = glob("{$snortdir}/rules/*.rules");
if (empty($tmp))
$currentruleset = "custom.rules";
-$ruledir = "{$snortdir}/rules";
-$rulefile = "{$ruledir}/{$currentruleset}";
+$rulefile = "{$snortdir}/rules/{$currentruleset}";
if ($currentruleset != 'custom.rules') {
// Read the current rules file into our rules map array.
// If it is the auto-flowbits file, set the full path.
@@ -157,13 +150,11 @@ if ($currentruleset != 'custom.rules') {
$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
-if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
-
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gid'];
+if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['ids'];
+ // Get the GID:SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gid'];
+ $sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
@@ -205,13 +196,11 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}.");
- $_GET['openruleset'] = $currentruleset;
$anchor = "rule_{$gid}_{$sid}";
}
-
-if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
+elseif ($_POST['disable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
@@ -247,14 +236,9 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
-
-if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
+elseif ($_POST['enable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
@@ -289,14 +273,9 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
-
-if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
+elseif ($_POST['resetcategory'] && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
@@ -333,43 +312,35 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
}
-
-if ($_GET['act'] == "resetall" && !empty($rules_map)) {
+elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
}
-
-if ($_POST['clear']) {
+else if ($_POST['cancel']) {
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+}
+elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ $pconfig['customrules'] = '';
}
-
-if ($_POST['submit']) {
+elseif ($_POST['save']) {
+ $pconfig['customrules'] = $_POST['customrules'];
if ($_POST['customrules'])
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
else
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
@@ -385,14 +356,15 @@ if ($_POST['submit']) {
$input_errors[] = "Custom rules have errors:\n {$error}";
}
else {
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_rule[$id]);
+ $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. ");
+ $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules.");
}
}
-
else if ($_POST['apply']) {
/* Save new configuration */
- write_config();
+ write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
@@ -404,29 +376,18 @@ else if ($_POST['apply']) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
-
- /* Return to this same page */
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
-}
-else if ($_POST['cancel']) {
-
- /* Return to this same page */
- header("Location: /snort/snort_rules.php?id={$id}");
- exit;
}
require_once("guiconfig.inc");
include_once("head.inc");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -440,6 +401,10 @@ if ($savemsg) {
?>
<form action="/snort/snort_rules.php" method="post" name="iform" id="iform">
+<input type='hidden' name='id' id='id' value='<?=$id;?>'/>
+<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
+<input type='hidden' name='sid' id='sid' value=''/>
+<input type='hidden' name='gid' id='gid' value=''/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -447,12 +412,13 @@ if ($savemsg) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array,true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -461,9 +427,10 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -471,20 +438,21 @@ if ($savemsg) {
<tr>
<td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td>
</tr>
-
<tr>
<td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
<?php
foreach ($categories as $value) {
- if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_")
+ if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
+ continue;
+ if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
continue;
- if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging")
+ if ($etprodownload != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
continue;
- if ($etprodownload != 'on' && substr($value, 0, 6) == "etpro-")
+ if ($snortcommunitydownload != 'on' && substr($value, 0, mb_strlen(GPL_FILE_PREFIX)) == GPL_FILE_PREFIX)
continue;
if (empty($value))
continue;
- echo "<option value='?id={$id}&openruleset={$value}' ";
+ echo "<option value='{$value}' ";
if ($value == $currentruleset)
echo "selected";
echo ">{$value}</option>\n";
@@ -493,21 +461,18 @@ if ($savemsg) {
</select>&nbsp;&nbsp;&nbsp;<?php echo gettext("Select the rule category to view"); ?>
</td>
</tr>
-
<?php if ($currentruleset == 'custom.rules'): ?>
<tr>
<td class="listtopic"><?php echo gettext("Defined Custom Rules"); ?></td>
</tr>
<tr>
<td valign="top" class="vtable">
- <input type='hidden' name='openruleset' value='custom.rules'>
- <input type='hidden' name='id' value='<?=$id;?>'>
<textarea wrap="soft" cols="90" rows="40" name="customrules"><?=base64_decode($a_rule[$id]['customrules']);?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
<input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
@@ -520,43 +485,50 @@ if ($savemsg) {
<td class="vncell">
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td rowspan="4" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/>
- <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
+ <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
- gettext("Snort must be restarted to activate any rule enable/disable changes made on this tab."); ?></span></td>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ gettext("When finished, click APPLY to save and send any SID enable/disable changes made on this tab to Snort."); ?></span></td>
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?>
+ title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?>
+ title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Disable all rules in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0'
- title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
+ <tr>
+ <td class="vexpl" valign="middle"><a href="javascript: void(0)"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" width="15" height="15" <?php
+ echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
+ onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
+ title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a>
+ &nbsp;&nbsp;<?php echo gettext("View full file contents for the current Category"); ?></td>
+ </tr>
<?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
<tr>
<td colspan="3">&nbsp;</td>
@@ -564,14 +536,13 @@ if ($savemsg) {
<tr>
<td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" .
gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") .
- "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
+ "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
gettext("clicking here") . ".</a>";?></td>
</tr>
<?php endif;?>
</table>
</td>
</tr>
-
<tr>
<td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td>
</tr>
@@ -579,18 +550,18 @@ if ($savemsg) {
<td>
<?php if ($currentruleset != 'decoder.rules' && $currentruleset != 'preprocessor.rules'): ?>
+
<table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="15" align="left" valign="middle">
+ <col width="14" align="left" valign="middle">
<col width="6%" align="center" axis="number">
- <col width="8%" align="center" axis="number">
- <col width="54" align="center" axis="string">
+ <col width="9%" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="14%" align="center" axis="string">
- <col width="11%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col width="14%" align="center" axis="string">
- <col width="11%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col axis="string">
- <col width="22" align="right" valign="middle">
</colgroup>
<thead>
<tr>
@@ -599,20 +570,13 @@ if ($savemsg) {
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr"><?php echo gettext("Source"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("SPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Destination"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
- <th class="list"><a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
- echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
- onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
- title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
</tr>
</thead>
<tbody>
-
<?php
$counter = $enable_cnt = $disable_cnt = 0;
foreach ($rules_map as $k1 => $rulem) {
@@ -660,51 +624,47 @@ if ($savemsg) {
$dstspan = add_title_attribute($textss, $rule_content[5]);
$dstprtspan = add_title_attribute($textss, $rule_content[6]);
- $protocol = $rule_content[1]; //protocol field
- $source = truncate($rule_content[2], 14); //source field
- $source_port = truncate($rule_content[3], 10); //source port field
- $destination = truncate($rule_content[5], 14); //destination field
- $destination_port = truncate($rule_content[6], 10); //destination port field
- $message = snort_get_msg($v['rule']);
-
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$gid}_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&gid={$gid}&ids={$sid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}'></a>
- $textse
+ $protocol = $rule_content[1]; //protocol field
+ $source = $rule_content[2]; //source field
+ $source_port = $rule_content[3]; //source port field
+ $destination = $rule_content[5]; //destination field
+ $destination_port = $rule_content[6]; //destination port field
+ $message = snort_get_msg($v['rule']); // description field
+ $sid_tooltip = gettext("View the raw text for this rule");
+
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/></a>{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
- {$textss}{$sid}{$textse}
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ <a href=\"javascript: void(0)\"
+ onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
+ title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$protocol}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcspan}{$source}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcprtspan}{$source_port}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstspan}{$destination}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstprtspan}{$destination_port}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
- {$textss}{$message}{$textse}</font>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ {$textss}{$message}{$textse}
</td>";
?>
- <td align="right" valign="middle" nowrap class="listt">
- <a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
- title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
- </td>
</tr>
<?php
$counter++;
@@ -725,7 +685,6 @@ if ($savemsg) {
<col width="22%" align="center" axis="string">
<col width="15%" align="center" axis="string">
<col align="left" axis="string">
- <col width="22" align="right" valign="middle">
</colgroup>
<thead>
<tr>
@@ -735,12 +694,6 @@ if ($savemsg) {
<th class="listhdrr"><?php echo gettext("Classification"); ?></th>
<th class="listhdrr"><?php echo gettext("IPS Policy"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
- <th class="list"><a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
- echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
- onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
- title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
</tr>
</thead>
<tbody>
@@ -788,35 +741,30 @@ if ($savemsg) {
else
$policy = "none";
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}&gid={$gid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}'></a>
- $textse
- </td>
- <td class=\"listlr\" align=\"center\">
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/>{$textse}
+ </td>
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
- {$textss}{$sid}{$textse}
- </td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ <a href=\"javascript: void(0)\"
+ onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
+ title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
+ </td>
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$classtype}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$policy}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
- {$textss}{$message}{$textse}</font>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ {$textss}{$message}{$textse}
</td>";
?>
- <td align="right" valign="middle" nowrap class="listt">
- <a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
- title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
- </td>
</tr>
<?php
$counter++;
@@ -826,7 +774,9 @@ if ($savemsg) {
?>
</tbody>
</table>
+
<?php endif;?>
+
</td>
</tr>
<tr>
@@ -875,10 +825,11 @@ if ($savemsg) {
<script language="javascript" type="text/javascript">
function go()
{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
+ var box = document.getElementById("selectbox");
+ var ruleset = box.options[box.selectedIndex].value;
+ if (ruleset)
+ document.getElementById("openruleset").value = ruleset;
+ document.getElementById("iform").submit();
}
function wopen(url, name, w, h)
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 61a9574a..49423440 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -41,28 +41,30 @@ require_once("/usr/local/pkg/snort/snort.inc");
$flowbit_rules_file = FLOWBITS_FILENAME;
$snortdir = SNORTDIR;
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_rule = &$config['installedpackages']['snortglobal']['rule'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-$id = $_GET['id'];
+// If we were not passed a valid index ID, close the pop-up and exit
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
+ echo '<html><body link="#000000" vlink="#000000" alink="#000000">';
+ echo '<script language="javascript" type="text/javascript">';
+ echo 'window.close();</script>';
+ echo '</body></html>';
exit;
}
-if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
- $pconfig['interface'] = $a_rule[$id]['interface'];
- $pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
}
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$a_rule = &$config['installedpackages']['snortglobal']['rule'];
+
+$if_real = get_real_interface($a_rule[$id]['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
-$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
-$file = $_GET['openruleset'];
+$snortlogdir = SNORTLOGDIR;
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/";
+
+$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
$contents = '';
$wrap_flag = "off";
@@ -77,13 +79,13 @@ else
// a standard rules file, or a complete file name.
// Test for the special case of an IPS Policy file.
if (substr($file, 0, 10) == "IPS Policy") {
- $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
- if (isset($_GET['ids'])) {
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $rules_map = snort_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1))));
+ if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
else {
- $contents = "# Snort IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n";
+ $contents = "# Snort IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n";
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
$contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n";
@@ -94,7 +96,7 @@ if (substr($file, 0, 10) == "IPS Policy") {
unset($rules_map);
}
// Is it a SID to load the rule text from?
-elseif (isset($_GET['ids'])) {
+elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
@@ -102,7 +104,7 @@ elseif (isset($_GET['ids'])) {
$rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}");
else
$rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
// Is it our special flowbit rules file?
@@ -114,16 +116,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}"))
// Is it a rules file in the ../preproc_rules/ directory?
elseif (file_exists("{$snortdir}/preproc_rules/{$file}"))
$contents = file_get_contents("{$snortdir}/preproc_rules/{$file}");
-// Is it a fully qualified path and file?
-elseif (file_exists($file)) {
- if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
- else
- $contents = file_get_contents($file);
-}
+// Is it a disabled preprocessor auto-rules-disable file?
+elseif (file_exists("{$snortlogdir}/{$file}"))
+ $contents = file_get_contents("{$snortlogdir}/{$file}");
// It is not something we can display, so exit.
else
- $input_errors[] = gettext("Unable to open file: {$displayfile}");
+ $contents = gettext("Unable to open file: {$displayfile}");
$pgtitle = array(gettext("Snort"), gettext("File Viewer"));
?>
@@ -131,10 +129,8 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
<?php // include("fbegin.inc");?>
-<form action="snort_rules_edit.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
@@ -161,7 +157,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
</td>
</tr>
</table>
-</form>
<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 325276ee..daf1c4ef 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_rules_flowbits.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -41,40 +41,34 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-// Set who called us so we can return to the correct page with
-// the RETURN button. Save the original referrer and the query
-// string in session variables.
-session_start();
-if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) {
- $_SESSION['org_referrer'] = urldecode($_GET['returl']);
- $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING'];
-}
-$referrer = $_SESSION['org_referrer'];
-$querystr = $_SESSION['org_querystr'];
-session_write_close();
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-if ($_POST['cancel']) {
- session_start();
- unset($_SESSION['org_referrer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
- header("Location: {$referrer}?{$querystr}");
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
exit;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- session_start();
- unset($_SESSION['org_referrer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
- header("Location: /snort/snort_interfaces.php");
+// Set who called us so we can return to the correct page with
+// the RETURN ('cancel') button.
+if ($_POST['referrer'])
+ $referrer = $_POST['referrer'];
+else
+ $referrer = $_SERVER['HTTP_REFERER'];
+
+// Make sure a rule index ID is appended to the return URL
+if (strpos($referrer, "?id={$id}") === FALSE)
+ $referrer .= "?id={$id}";
+
+// If RETURN button clicked, exit to original calling page
+if ($_POST['cancel']) {
+ header("Location: {$referrer}");
exit;
}
-$if_real = snort_get_real_interface($a_nat[$id]['interface']);
+$if_real = get_real_interface($a_nat[$id]['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */
@@ -89,12 +83,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') {
else
$input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- $descr = snort_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']);
+if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) {
+ $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']);
+ $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n");
if (empty($descr))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
else
- $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
+ $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
if (!is_array($config['installedpackages']['snortglobal']['suppress']))
$config['installedpackages']['snortglobal']['suppress'] = array();
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
@@ -130,11 +125,11 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
sync_snort_package_config();
snort_reload_config($a_nat[$id]);
- $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
+ $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
else {
/* We did not find the defined list, so notify the user with an error */
@@ -142,23 +137,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 3)) . "...";
- return $string;
-}
-
/* Load up an array with the current Suppression List GID,SID values */
$supplist = snort_load_suppress_sigs($a_nat[$id]);
-$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Flowbit Rules");
include_once("head.inc");
@@ -168,12 +150,16 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="snort_rules_flowbits.php" method="post" name="iform" id="iform">
+<input type="hidden" name="id" value="<?=$id;?>"/>
+<input type="hidden" name="referrer" value="<?=$referrer;?>"/>
+<input type="hidden" name="sid" id="sid" value=""/>
+<input type="hidden" name="gid" id="gid" value=""/>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -203,7 +189,7 @@ if ($savemsg)
<td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td>
<td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" /></td>
+ </td>
</tr>
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td>
@@ -220,13 +206,13 @@ if ($savemsg)
</tr>
<tr>
<td>
- <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="11%" axis="number">
- <col width="10%" axis="string">
+ <col width="54" axis="string">
<col width="14%" axis="string">
<col width="14%" axis="string">
- <col width="20%" axis="string">
+ <col width="24%" axis="string">
<col axis="string">
</colgroup>
<thead>
@@ -253,19 +239,20 @@ if ($savemsg)
$tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp));
$rule_content = preg_split('/[\s]+/', $tmp);
- $protocol = $rule_content[1]; //protocol
- $source = truncate($rule_content[2], 14); //source
- $destination = truncate($rule_content[5], 14); //destination
- $message = snort_get_msg($v['rule']);
+ $protocol = $rule_content[1]; //protocol
+ $source = $rule_content[2]; //source
+ $destination = $rule_content[5]; //destination
+ $message = snort_get_msg($v['rule']); // description
$flowbits = implode("; ", snort_get_flowbits($v['rule']));
if (strstr($flowbits, "noalert"))
$supplink = "";
else {
if (!isset($supplist[$gid][$sid])) {
- $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">";
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
+ $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';";
+ $supplink .= "document.getElementById('gid').value='{$gid}';\" ";
+ $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
- $supplink .= gettext("Click to add to Suppress List") . "'/></a>";
+ $supplink .= gettext("Click to add to Suppress List") . "'/>";
}
else {
$supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" ";
@@ -276,12 +263,12 @@ if ($savemsg)
// Use "echo" to write the table HTML row-by-row.
echo "<tr>" .
- "<td class=\"listr\">{$sid}&nbsp;{$supplink}</td>" .
- "<td class=\"listr\">{$protocol}</td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
+ "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
+ "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" .
+ "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
+ "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
"<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" .
- "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
+ "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
"</tr>";
$count++;
}
@@ -297,7 +284,6 @@ if ($savemsg)
<td align="center" valign="middle">
<input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" />
</td>
</tr>
<?php endif; ?>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 9c14392d..79365f5f 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -5,6 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,12 +43,14 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
if (isset($id) && $a_nat[$id]) {
@@ -59,12 +62,12 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ips_policy'] = $a_nat[$id]['ips_policy'];
}
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
-$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off';
+$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off';
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off';
+$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
$no_emerging_files = false;
$no_snort_files = false;
@@ -118,7 +121,12 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-if ($_POST["Submit"]) {
+if (!empty($a_nat[$id]['rulesets']))
+ $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
+else
+ $enabled_rulesets_array = array();
+
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -145,7 +153,7 @@ if ($_POST["Submit"]) {
@unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
- write_config();
+ write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
@@ -158,8 +166,10 @@ if ($_POST["Submit"]) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_nat[$id]);
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
+ $pconfig = $_POST;
+ $enabled_rulesets_array = explode("||", $enabled_items);
+ if (snort_is_running($snort_uuid, $if_real))
+ $savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
if ($_POST['unselectall']) {
@@ -174,61 +184,47 @@ if ($_POST['unselectall']) {
unset($a_nat[$id]['ips_policy']);
}
- write_config();
- sync_snort_package_config();
+ $pconfig['autoflowbits'] = $_POST['autoflowbits'];
+ $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable'];
+ $pconfig['ips_policy'] = $_POST['ips_policy'];
+ $enabled_rulesets_array = array();
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
+ $savemsg = gettext("All rule categories have been de-selected. ");
+ if ($a_nat[$id]['ips_policy_enable'] = 'on')
+ $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used.");
+ else
+ $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!");
}
if ($_POST['selectall']) {
- $rulesets = array();
-
- if ($_POST['ips_policy_enable'] == "on") {
- $a_nat[$id]['ips_policy_enable'] = 'on';
- $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
- }
- else {
- $a_nat[$id]['ips_policy_enable'] = 'off';
- unset($a_nat[$id]['ips_policy']);
- }
+ $enabled_rulesets_array = array();
if ($emergingdownload == 'on') {
$files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
elseif ($etpro == 'on') {
$files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
if ($snortcommunitydownload == 'on') {
$files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
/* Include the Snort VRT rules only if enabled and no IPS policy is set */
if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') {
$files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
-
- $a_nat[$id]['rulesets'] = implode("||", $rulesets);
-
- write_config();
- sync_snort_package_config();
-
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
}
-$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
-
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Categories");
include_once("head.inc");
?>
@@ -237,11 +233,10 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -259,12 +254,13 @@ if ($savemsg) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -273,9 +269,10 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -392,9 +389,9 @@ if ($savemsg) {
<td colspan="6">
<table width=90% align="center" border="0" cellpadding="2" cellspacing="0">
<tr height="45px">
- <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
- <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all categories to enforcing rules"); ?>"/></td>
+ <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove categories all from enforcing rules"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -426,14 +423,14 @@ if ($savemsg) {
<?php endif; ?>
<?php endif; ?>
- <?php if ($no_emerging_files)
- $msg_emerging = "downloaded.";
+ <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on'))
+ $msg_emerging = "have not been downloaded.";
else
- $msg_emerging = "enabled.";
- if ($no_snort_files)
- $msg_snort = "downloaded.";
+ $msg_emerging = "are not enabled.";
+ if ($no_snort_files && $snortdownload == 'on')
+ $msg_snort = "have not been downloaded.";
else
- $msg_snort = "enabled.";
+ $msg_snort = "are not enabled.";
?>
<tr id="frheader">
<?php if ($emergingdownload == 'on' && !$no_emerging_files): ?>
@@ -443,7 +440,7 @@ if ($savemsg) {
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td>
<?php else: ?>
- <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules not {$msg_emerging}"); ?></td>
+ <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td>
<?php endif; ?>
<?php if ($snortdownload == 'on' && !$no_snort_files): ?>
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
@@ -451,7 +448,7 @@ if ($savemsg) {
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Snort SO Rules');?></td>
<?php else: ?>
- <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules have not been {$msg_snort}"); ?></td>
+ <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td>
<?php endif; ?>
</tr>
<?php
@@ -561,7 +558,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="6" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title="<?php echo gettext("Click to Save changes and rebuild rules");?>"/></td>
</tr>
<?php endif; ?>
</table>
diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php
index c5c6347e..c632b388 100644
--- a/config/snort/snort_select_alias.php
+++ b/config/snort/snort_select_alias.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
snort_select_alias.php
- Copyright (C) 2013 Bill Meeks
+ Copyright (C) 2013, 2014 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -42,22 +42,29 @@ require_once("/usr/local/pkg/snort/snort.inc");
// overwrite it on subsequent POST-BACKs to this page.
if (!isset($_POST['org_querystr']))
$querystr = $_SERVER['QUERY_STRING'];
+else
+ $querystr = $_POST['org_querystr'];
// Retrieve any passed QUERY STRING or POST variables
-$type = $_GET['type'];
-$varname = $_GET['varname'];
-$multi_ip = $_GET['multi_ip'];
-$referrer = urldecode($_GET['returl']);
if (isset($_POST['type']))
$type = $_POST['type'];
+elseif (isset($_GET['type']))
+ $type = htmlspecialchars($_GET['type']);
+
if (isset($_POST['varname']))
$varname = $_POST['varname'];
+elseif (isset($_GET['varname']))
+ $varname = htmlspecialchars($_GET['varname']);
+
if (isset($_POST['multi_ip']))
$multi_ip = $_POST['multi_ip'];
+elseif (isset($_GET['multi_ip']))
+ $multi_ip = htmlspecialchars($_GET['multi_ip']);
+
if (isset($_POST['returl']))
$referrer = urldecode($_POST['returl']);
-if (isset($_POST['org_querystr']))
- $querystr = $_POST['org_querystr'];
+elseif (isset($_GET['returl']))
+ $referrer = urldecode($_GET['returl']);
// Make sure we have a valid VARIABLE name
// and ALIAS TYPE, or else bail out.
@@ -122,11 +129,11 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="snort_select_alias.php" method="post">
-<input type="hidden" name="varname" value="<?=$varname;?>">
-<input type="hidden" name="type" value="<?=$type;?>">
-<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>">
-<input type="hidden" name="returl" value="<?=$referrer;?>">
-<input type="hidden" name="org_querystr" value="<?=$querystr;?>">
+<input type="hidden" name="varname" value="<?=$varname;?>"/>
+<input type="hidden" name="type" value="<?=$type;?>"/>
+<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/>
+<input type="hidden" name="returl" value="<?=$referrer;?>"/>
+<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index b3d81f37..89b0bc02 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_stream5_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -36,14 +36,16 @@ $snortdir = SNORTDIR;
/* Retrieve required array index values from QUERY string if available. */
/* 'id' is the [rule] array index, and 'eng_id' is the index for the */
/* stream5_tcp_engine's [item] array. */
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-
/* See if values are in our form's POST content */
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
/* If we don't have a [rule] index specified, exit */
if (is_null($id)) {
@@ -131,7 +133,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['stream5_client_import']))
$_SESSION['stream5_client_import'] = array();
@@ -165,7 +167,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
unset($_SESSION['org_referer']);
@@ -326,14 +328,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: save modified stream5 engine.");
header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine");
include_once("head.inc");
@@ -586,7 +588,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml
index 14a13321..2b9594ea 100755
--- a/config/snort/snort_sync.xml
+++ b/config/snort/snort_sync.xml
@@ -47,7 +47,7 @@ POSSIBILITY OF SUCH DAMAGE.
<faq>Currently there are no FAQ items provided.</faq>
<name>snortsync</name>
<version>1.0</version>
- <title>Snort: XMLRPC Sync (EXPERIMENTAL)</title>
+ <title>Snort: XMLRPC Sync</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<tabs>
<tab>
@@ -71,14 +71,18 @@ POSSIBILITY OF SUCH DAMAGE.
<url>/snort/snort_blocked.php</url>
</tab>
<tab>
- <text>Whitelists</text>
- <url>/snort/snort_interfaces_whitelist.php</url>
+ <text>Pass Lists</text>
+ <url>/snort/snort_passlist.php</url>
</tab>
<tab>
<text>Suppress</text>
<url>/snort/snort_interfaces_suppress.php</url>
</tab>
<tab>
+ <text>IP Lists</text>
+ <url>/snort/snort_ip_list_mgmt.php</url>
+ </tab>
+ <tab>
<text>Sync</text>
<url>/pkg_edit.php?xml=snort/snort_sync.xml</url>
<active/>
@@ -180,10 +184,6 @@ POSSIBILITY OF SUCH DAMAGE.
</rowhelperfield>
</rowhelper>
</field>
- <field>
- <name>WARNING: This feature is considered experimental and not recommended for production use</name>
- <type>listtopic</type>
- </field>
</fields>
<custom_delete_php_command>
</custom_delete_php_command>
diff --git a/config/snort/widget-snort.inc b/config/snort/widget-snort.inc
new file mode 100644
index 00000000..3c4d9718
--- /dev/null
+++ b/config/snort/widget-snort.inc
@@ -0,0 +1,24 @@
+<?php
+require_once("config.inc");
+
+//set variables for custom title and link
+$snort_alerts_title = "Snort Alerts";
+$snort_alerts_title_link = "snort/snort_alerts.php";
+
+function widget_snort_uninstall() {
+
+ global $config;
+
+ /* Remove the Snort widget from the Dashboard display list */
+ $widgets = $config['widgets']['sequence'];
+ if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "snort_alerts-container"))
+ unset($widgetlist[$key]);
+ }
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config();
+ }
+}
+?>