aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc29
-rwxr-xr-xconfig/snort/snort.xml4
-rwxr-xr-xconfig/snort/snort_alerts.php8
-rw-r--r--config/snort/snort_barnyard.php13
-rw-r--r--config/snort/snort_blocked.php2
-rw-r--r--config/snort/snort_check_cron_misc.inc4
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php5
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rw-r--r--config/snort/snort_edit_hat_data.php4
-rw-r--r--config/snort/snort_frag3_engine.php2
-rw-r--r--config/snort/snort_ftp_client_engine.php2
-rw-r--r--config/snort/snort_ftp_server_engine.php2
-rw-r--r--config/snort/snort_httpinspect_engine.php2
-rw-r--r--config/snort/snort_import_aliases.php2
-rwxr-xr-xconfig/snort/snort_interfaces.php2
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php2
-rw-r--r--config/snort/snort_interfaces_global.php2
-rw-r--r--config/snort/snort_interfaces_suppress.php2
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php12
-rw-r--r--config/snort/snort_ip_reputation.php58
-rw-r--r--config/snort/snort_migrate_config.php5
-rw-r--r--config/snort/snort_passlist.php2
-rw-r--r--config/snort/snort_passlist_edit.php2
-rw-r--r--config/snort/snort_post_install.php6
-rwxr-xr-xconfig/snort/snort_preprocessors.php16
-rwxr-xr-xconfig/snort/snort_rules.php16
-rw-r--r--config/snort/snort_rules_flowbits.php2
-rwxr-xr-xconfig/snort/snort_rulesets.php2
-rw-r--r--config/snort/snort_stream5_engine.php2
29 files changed, 130 insertions, 82 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 1c9c5cd6..f4fd93b9 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -53,9 +53,11 @@ $snort_version = $snortver[0];
if (empty($snort_version))
$snort_version = "2.9.6.0";
-/* package version */
-$pfSense_snort_version = "3.0.5";
-$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
+/* Used to indicate latest version of this include file has been loaded */
+$pfSense_snort_version = "3.0.7";
+
+/* get installed package version for display */
+$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}";
// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -648,7 +650,7 @@ function snort_post_delete_logs($snort_uuid = 0) {
/* Clean-up stats file if enabled */
if ($value['perform_stat'] == 'on')
- file_put_contents("{$snort_log_dir}/{$if_real}.stats", "");
+ @file_put_contents("{$snort_log_dir}/{$if_real}.stats", "");
}
}
}
@@ -1628,7 +1630,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) {
/* If the $rule_map array is empty, then exit. */
if (empty($rule_map)) {
- file_put_contents($rule_file, "");
+ @file_put_contents($rule_file, "");
return;
}
@@ -1984,10 +1986,13 @@ function snort_generate_barnyard2_conf($snortcfg, $if_real) {
if ($snortcfg['barnyard_mysql_enable'] == 'on') {
$by2_dbpwd = base64_decode($snortcfg['barnyard_dbpwd']);
$snortbarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: log, mysql, ";
- if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0)
- $snortbarnyardlog_output_plugins .= "sensor_name={$snortcfg['barnyard_sensor_name']}, ";
$snortbarnyardlog_output_plugins .= "user={$snortcfg['barnyard_dbuser']} password={$by2_dbpwd} ";
- $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}\n\n";
+ $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}";
+ if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0)
+ $snortbarnyardlog_output_plugins .= " sensor_name={$snortcfg['barnyard_sensor_name']}";
+ if ($snortcfg['barnyard_disable_sig_ref_tbl'] == 'on')
+ $snortbarnyardlog_output_plugins .= " disable_signature_reference_table";
+ $snortbarnyardlog_output_plugins .= "\n\n";
}
if ($snortcfg['barnyard_syslog_enable'] == 'on') {
$snortbarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\noutput alert_syslog_full: ";
@@ -2109,7 +2114,7 @@ function snort_deinstall() {
}
}
$config['widgets']['sequence'] = implode(",", $widgetlist);
- write_config();
+ write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall.");
}
/* See if we are to clear blocked hosts on uninstall */
@@ -2199,7 +2204,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$sd_tmp_new_file="";
foreach ($sd_tmp_file as $sd_tmp_line)
$sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
- file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
+ @file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
}
}
elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
@@ -3541,7 +3546,7 @@ EOD;
// Check for and configure Host Attribute Table if enabled
$host_attrib_config = "";
if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) {
- file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data']));
+ @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data']));
$host_attrib_config = "# Host Attribute Table #\n";
$host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n";
if (!empty($snortcfg['max_attribute_hosts']))
@@ -3778,7 +3783,7 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src
EOD;
// Write out snort.conf file
- file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
+ @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
conf_mount_ro();
unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
unset($home_net, $external_net, $ipvardef, $portvardef);
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index d391d397..9d52aa6c 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.6.0</version>
- <title>Services:2.9.6.0 pkg v3.0.5</title>
+ <title>Services:2.9.6.0 pkg v3.0.7</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -269,7 +269,7 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.5")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.7")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 998cd061..45443ec2 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -99,11 +99,13 @@ function snort_add_supplist_entry($suppress) {
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
$found_list = true;
+ $list_name = $s_list['name'];
} else {
/* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
$found_list = true;
+ $list_name = $alist['name'];
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
@@ -121,7 +123,7 @@ function snort_add_supplist_entry($suppress) {
/* If we created a new list or updated an existing one, save the change, */
/* tell Snort to load it, and return true; otherwise return false. */
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List {$list_name}.");
sync_snort_package_config();
snort_reload_config($a_instance[$instanceid]);
return true;
@@ -168,7 +170,7 @@ if ($_POST['save']) {
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
- write_config();
+ write_config("Snort pkg: updated ALERTS tab settings.");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
@@ -274,7 +276,7 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen
unset($a_instance[$instanceid]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid}");
/*************************************************/
/* Update the snort.conf file and rebuild the */
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 7acf95c3..902c1637 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -144,6 +144,7 @@ if ($_POST['save']) {
$natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
$natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
+ $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off';
$natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
$natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
@@ -163,7 +164,7 @@ if ($_POST['save']) {
if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified Barnyard2 settings.");
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
@@ -378,6 +379,14 @@ include_once("head.inc");
&nbsp;<?php echo gettext("Password for the MySQL database user"); ?>
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Snort instances."); ?>
+ </td>
+ </tr>
</tbody>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
@@ -539,6 +548,7 @@ function toggle_mySQL() {
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
if (endis)
document.getElementById("mysql_config_rows").style.display = "none";
@@ -608,6 +618,7 @@ function enable_change(enable_change) {
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
document.iform.barnyard_syslog_enable.disabled = endis;
document.iform.barnyard_syslog_local.disabled = endis;
document.iform.barnyard_syslog_opmode_default.disabled = endis;
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index b05384ae..76d5a9df 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -119,7 +119,7 @@ if ($_POST['save'])
$config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
- write_config();
+ write_config("Snort pkg: updated BLOCKED tab settings.");
header("Location: /snort/snort_blocked.php");
exit;
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index 7b0cfe34..a5b9e65e 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -58,7 +58,7 @@ function snort_check_dir_size_limit($snortloglimitsize) {
// Truncate the Rules Update Log file if it exists
if (file_exists(RULES_UPD_LOGFILE)) {
log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
- file_put_contents(RULES_UPD_LOGFILE, "");
+ @file_put_contents(RULES_UPD_LOGFILE, "");
}
// Clean-up the logs for each configured Snort instance
@@ -71,7 +71,7 @@ function snort_check_dir_size_limit($snortloglimitsize) {
// Truncate the alert log file if it exists
if (file_exists("{$snort_log_dir}/alert")) {
- file_put_contents("{$snort_log_dir}/alert", "");
+ @file_put_contents("{$snort_log_dir}/alert", "");
}
// This is needed if snort is run as snort user
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index f16e3310..667f4044 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -68,6 +68,7 @@ if (!defined("IPREP_PATH"))
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
+$snortiprepdir = IPREP_PATH;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
/* Save the state of $pkg_interface so we can restore it */
@@ -415,7 +416,7 @@ safe_mkdir("{$snortdir}/preproc_rules");
safe_mkdir("{$tmpfname}");
safe_mkdir("{$snortlibdir}/dynamicrules");
safe_mkdir("{$snortlogdir}");
-safe_mkdir(IPREP_PATH);
+safe_mkdir("{$snortiprepdir}");
/* See if we need to automatically clear the Update Log based on 1024K size limit */
if (file_exists($snort_rules_upd_log)) {
@@ -812,5 +813,5 @@ if ($update_errors)
else
$config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success");
$config['installedpackages']['snortglobal']['last_rule_upd_time'] = time();
-write_config();
+write_config("Snort pkg: updated status for updated rules package(s) check.");
?>
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index d210da2c..4d1b3c2e 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -134,7 +134,7 @@ if ($_POST['save']) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified settings for VARIABLES tab.");
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index cef6a894..a5ec0aad 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -66,7 +66,7 @@ else
if ($_POST['clear']) {
unset($a_nat[$id]['host_attribute_data']);
$a_nat[$id]['host_attribute_table'] = 'off';
- write_config();
+ write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
$pconfig['host_attribute_data'] = "";
@@ -78,7 +78,7 @@ if ($_POST['save']) {
$a_nat[$id]['host_attribute_table'] = 'on';
else
$a_nat[$id]['host_attribute_table'] = 'off';
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
$pconfig['host_attribute_data'] = $_POST['host_attribute_data'];
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index a4c8cb53..9489bf16 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -185,7 +185,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified frag3 engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row");
exit;
diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php
index 9058a06e..f462efa8 100644
--- a/config/snort/snort_ftp_client_engine.php
+++ b/config/snort/snort_ftp_client_engine.php
@@ -216,7 +216,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_client engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index 618c8d85..cb9abc9c 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -187,7 +187,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_server engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php
index 47495ebe..c7680892 100644
--- a/config/snort/snort_httpinspect_engine.php
+++ b/config/snort/snort_httpinspect_engine.php
@@ -296,7 +296,7 @@ if ($_POST['save']) {
}
// Now write the new engine array to conf
- write_config();
+ write_config("Snort pkg: modified http_inspect engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row");
exit;
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index 7edadea7..80b3bb1d 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -206,7 +206,7 @@ if ($_POST['save']) {
}
// Now write the new engine array to conf and return
- write_config();
+ write_config("Snort pkg: imported new host or network alias.");
header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}");
exit;
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 9f42ab2e..c82ec57e 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -65,7 +65,7 @@ if (isset($_POST['del_x'])) {
if (empty($a_nat))
unset($a_nat);
- write_config();
+ write_config("Snort pkg: deleted one or more Snort interfaces.");
sleep(2);
/* if there are no ifaces remaining do not create snort.sh */
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 1f3a3cbe..4c868844 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -273,7 +273,7 @@ if ($_POST["save"]) {
snort_stop($natent, $if_real);
/* Save configuration changes */
- write_config();
+ write_config("Snort pkg: modified interface configuration for {$natent['interface']}.");
/* Most changes don't require a rules rebuild, so default to "off" */
$rebuild_rules = false;
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 99c8313d..69a182bd 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -151,7 +151,7 @@ if (!$input_errors) {
/* create whitelist and homenet file then sync files */
sync_snort_package_config();
- write_config();
+ write_config("Snort pkg: modified global settings.");
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index 216b93c6..ecbd04a7 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -76,7 +76,7 @@ if ($_POST['del']) {
}
else {
unset($a_suppress[$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted a Suppress List.");
header("Location: /snort/snort_interfaces_suppress.php");
exit;
}
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 370fa017..986bfc38 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -109,7 +109,6 @@ if ($_POST['save']) {
}
}
-
if (!$input_errors) {
$s_list = array();
$s_list['name'] = $_POST['name'];
@@ -125,7 +124,7 @@ if ($_POST['save']) {
else
$a_suppress[] = $s_list;
- write_config();
+ write_config("Snort pkg: modified Suppress List {$s_list['name']}.");
sync_snort_package_config();
header("Location: /snort/snort_interfaces_suppress.php");
@@ -142,14 +141,14 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="/snort/snort_interfaces_suppress_edit.php" name="iform" id="iform" method="post">
+<input name="id" type="hidden" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -215,8 +214,7 @@ if ($savemsg)
<td colspan="2"><input id="save" name="save" type="submit"
class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
- onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?>
+ onclick="history.back();"/>
</td>
</tr>
</table>
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
index a59021db..3de8c661 100644
--- a/config/snort/snort_ip_reputation.php
+++ b/config/snort/snort_ip_reputation.php
@@ -75,13 +75,24 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) {
// Test the supplied IP List file to see if it exists
if (file_exists($_POST['iplist'])) {
- $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
- write_config();
- $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
- $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['blist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
}
else
$input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
@@ -89,19 +100,31 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
// Test the supplied IP List file to see if it exists
if (file_exists($_POST['iplist'])) {
- $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
- write_config();
- $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
- $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['wlist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
}
else
$input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
@@ -109,12 +132,13 @@ if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
}
-if ($_POST['save']) {
+if ($_POST['save'] || $_POST['apply']) {
$natent = array();
$natent = $pconfig;
@@ -134,7 +158,7 @@ if ($_POST['save']) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
// Update the snort conf file for this interface
$rebuild_rules = false;
@@ -143,6 +167,9 @@ if ($_POST['save']) {
// Soft-restart Snort to live-load new variables
snort_reload_config($a_nat[$id]);
$pconfig = $natent;
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('snort_iprep');
}
else
$pconfig = $_POST;
@@ -169,6 +196,11 @@ if ($savemsg)
<input type="hidden" id="mode" name="mode" value="" />
<input name="iplist" id="iplist" type="hidden" value="" />
<input name="list_id" id="list_id" type="hidden" value="" />
+
+<?php if (is_subsystem_dirty('snort_iprep')): ?><p>
+<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?>
+<?php endif; ?>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -379,7 +411,6 @@ if ($savemsg)
</td>
</tr>
</table>
-</form>
<script type="text/javascript">
Event.observe(
@@ -469,6 +500,7 @@ function wlistComplete(req) {
</script>
+</form>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index d7a20726..b3152d5d 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -339,7 +339,6 @@ foreach ($rule as &$r) {
$pconfig['barnyard_dbpwd'] = base64_encode($matches[2][$k]);
}
$pconfig['barnyard_mysql_enable'] = 'on';
- $pconfig['barnyard_enable'] = 'on';
unset($pconfig['barnyard_mysql']);
}
// Since Barnyard2 was enabled, configure the new archived log settings
@@ -366,9 +365,9 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.7";
log_error("[Snort] Saving configuration settings in new format...");
- write_config();
+ write_config("Snort pkg: migrate existing settings to new format as part of package upgrade.");
log_error("[Snort] Settings successfully migrated to new configuration format...");
}
else
diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php
index 4eea356a..2cac9cd4 100644
--- a/config/snort/snort_passlist.php
+++ b/config/snort/snort_passlist.php
@@ -85,7 +85,7 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) {
}
if (!$input_errors) {
unset($a_passlist[$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted PASS LIST.");
sync_snort_package_config();
header("Location: /snort/snort_passlist.php");
exit;
diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php
index e486a076..3be776f4 100644
--- a/config/snort/snort_passlist_edit.php
+++ b/config/snort/snort_passlist_edit.php
@@ -156,7 +156,7 @@ if ($_POST['save']) {
else
$a_passlist[] = $w_list;
- write_config();
+ write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
/* create pass list and homenet file, then sync files */
sync_snort_package_config();
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index c2b46cd5..dbac41ef 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -1423,7 +1423,7 @@ if ($pkgid >= 0) {
log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package."));
unset($config['installedpackages']['package'][$pkgid]);
unlink_if_exists("/usr/local/pkg/widget-snort.xml");
- write_config();
+ write_config("Snort pkg: removed legacy Snort Dashboard Widget.");
}
/* Define a default Dashboard Widget Container for Snort */
@@ -1494,8 +1494,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
$config['widgets']['sequence'] .= ",{$snort_widget_container}";
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5";
-write_config();
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.7";
+write_config("Snort pkg: post-install configuration saved.");
/* Done with post-install, so clear flag */
unset($g['snort_postinstall']);
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 6c3dc90f..5cee95df 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -199,7 +199,7 @@ if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalu
if ($_POST['del_http_inspect']) {
if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) {
unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#httpinspect_row");
exit;
}
@@ -207,7 +207,7 @@ if ($_POST['del_http_inspect']) {
elseif ($_POST['del_frag3']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#frag3_row");
exit;
}
@@ -215,7 +215,7 @@ elseif ($_POST['del_frag3']) {
elseif ($_POST['del_stream5_tcp']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#stream5_row");
exit;
}
@@ -223,7 +223,7 @@ elseif ($_POST['del_stream5_tcp']) {
elseif ($_POST['del_ftp_client']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
exit;
}
@@ -231,7 +231,7 @@ elseif ($_POST['del_ftp_client']) {
elseif ($_POST['del_ftp_server']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
exit;
}
@@ -377,7 +377,7 @@ if ($_POST['save']) {
if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}.");
}
/*************************************************/
@@ -427,7 +427,7 @@ if ($_POST['btn_import']) {
$pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}.");
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -449,7 +449,7 @@ if ($_POST['btn_edit_hat']) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
header("Location: snort_edit_hat_data.php?id=$id");
exit;
}
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 158999f9..e69152c3 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -196,7 +196,7 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) &
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}.");
$anchor = "rule_{$gid}_{$sid}";
}
@@ -236,7 +236,7 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
+ write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
elseif ($_POST['enable_all'] && !empty($rules_map)) {
@@ -273,7 +273,7 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
+ write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
elseif ($_POST['resetcategory'] && !empty($rules_map)) {
@@ -312,7 +312,7 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
+ write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
}
elseif ($_POST['resetall'] && !empty($rules_map)) {
@@ -321,14 +321,14 @@ elseif ($_POST['resetall'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
}
else if ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
@@ -340,7 +340,7 @@ elseif ($_POST['save']) {
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
else
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
@@ -364,7 +364,7 @@ elseif ($_POST['save']) {
}
else if ($_POST['apply']) {
/* Save new configuration */
- write_config();
+ write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index de5bdc6b..daf1c4ef 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -125,7 +125,7 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid
}
}
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
sync_snort_package_config();
snort_reload_config($a_nat[$id]);
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 46a67913..79365f5f 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -153,7 +153,7 @@ if ($_POST["save"]) {
@unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
- write_config();
+ write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index 9a91e0d6..89b0bc02 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -328,7 +328,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: save modified stream5 engine.");
header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row");
exit;