aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_alerts.php8
-rw-r--r--config/snort/snort_barnyard.php2
-rw-r--r--config/snort/snort_blocked.php2
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rw-r--r--config/snort/snort_edit_hat_data.php4
-rw-r--r--config/snort/snort_frag3_engine.php2
-rw-r--r--config/snort/snort_ftp_client_engine.php2
-rw-r--r--config/snort/snort_ftp_server_engine.php2
-rw-r--r--config/snort/snort_httpinspect_engine.php2
-rw-r--r--config/snort/snort_import_aliases.php2
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php2
-rw-r--r--config/snort/snort_interfaces_global.php2
-rw-r--r--config/snort/snort_interfaces_suppress.php2
-rw-r--r--config/snort/snort_passlist.php2
-rw-r--r--config/snort/snort_passlist_edit.php2
-rwxr-xr-xconfig/snort/snort_preprocessors.php16
-rwxr-xr-xconfig/snort/snort_rules.php16
-rwxr-xr-xconfig/snort/snort_rulesets.php2
-rw-r--r--config/snort/snort_stream5_engine.php2
19 files changed, 38 insertions, 36 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 998cd061..45443ec2 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -99,11 +99,13 @@ function snort_add_supplist_entry($suppress) {
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
$found_list = true;
+ $list_name = $s_list['name'];
} else {
/* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
$found_list = true;
+ $list_name = $alist['name'];
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
@@ -121,7 +123,7 @@ function snort_add_supplist_entry($suppress) {
/* If we created a new list or updated an existing one, save the change, */
/* tell Snort to load it, and return true; otherwise return false. */
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List {$list_name}.");
sync_snort_package_config();
snort_reload_config($a_instance[$instanceid]);
return true;
@@ -168,7 +170,7 @@ if ($_POST['save']) {
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
- write_config();
+ write_config("Snort pkg: updated ALERTS tab settings.");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
@@ -274,7 +276,7 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen
unset($a_instance[$instanceid]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid}");
/*************************************************/
/* Update the snort.conf file and rebuild the */
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 7acf95c3..52e0a13b 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -163,7 +163,7 @@ if ($_POST['save']) {
if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified Barnyard2 settings.");
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index b05384ae..76d5a9df 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -119,7 +119,7 @@ if ($_POST['save'])
$config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
- write_config();
+ write_config("Snort pkg: updated BLOCKED tab settings.");
header("Location: /snort/snort_blocked.php");
exit;
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index d210da2c..4d1b3c2e 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -134,7 +134,7 @@ if ($_POST['save']) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified settings for VARIABLES tab.");
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index cef6a894..e067dc11 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -66,7 +66,7 @@ else
if ($_POST['clear']) {
unset($a_nat[$id]['host_attribute_data']);
$a_nat[$id]['host_attribute_table'] = 'off';
- write_config();
+ write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface'}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
$pconfig['host_attribute_data'] = "";
@@ -78,7 +78,7 @@ if ($_POST['save']) {
$a_nat[$id]['host_attribute_table'] = 'on';
else
$a_nat[$id]['host_attribute_table'] = 'off';
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface'}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
$pconfig['host_attribute_data'] = $_POST['host_attribute_data'];
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index a4c8cb53..9489bf16 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -185,7 +185,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified frag3 engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row");
exit;
diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php
index 9058a06e..f462efa8 100644
--- a/config/snort/snort_ftp_client_engine.php
+++ b/config/snort/snort_ftp_client_engine.php
@@ -216,7 +216,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_client engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index 618c8d85..cb9abc9c 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -187,7 +187,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_server engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php
index 47495ebe..c7680892 100644
--- a/config/snort/snort_httpinspect_engine.php
+++ b/config/snort/snort_httpinspect_engine.php
@@ -296,7 +296,7 @@ if ($_POST['save']) {
}
// Now write the new engine array to conf
- write_config();
+ write_config("Snort pkg: modified http_inspect engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row");
exit;
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index 7edadea7..80b3bb1d 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -206,7 +206,7 @@ if ($_POST['save']) {
}
// Now write the new engine array to conf and return
- write_config();
+ write_config("Snort pkg: imported new host or network alias.");
header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}");
exit;
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 1f3a3cbe..4c868844 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -273,7 +273,7 @@ if ($_POST["save"]) {
snort_stop($natent, $if_real);
/* Save configuration changes */
- write_config();
+ write_config("Snort pkg: modified interface configuration for {$natent['interface']}.");
/* Most changes don't require a rules rebuild, so default to "off" */
$rebuild_rules = false;
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 99c8313d..69a182bd 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -151,7 +151,7 @@ if (!$input_errors) {
/* create whitelist and homenet file then sync files */
sync_snort_package_config();
- write_config();
+ write_config("Snort pkg: modified global settings.");
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index 216b93c6..ecbd04a7 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -76,7 +76,7 @@ if ($_POST['del']) {
}
else {
unset($a_suppress[$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted a Suppress List.");
header("Location: /snort/snort_interfaces_suppress.php");
exit;
}
diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php
index 4eea356a..2cac9cd4 100644
--- a/config/snort/snort_passlist.php
+++ b/config/snort/snort_passlist.php
@@ -85,7 +85,7 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) {
}
if (!$input_errors) {
unset($a_passlist[$_POST['list_id']]);
- write_config();
+ write_config("Snort pkg: deleted PASS LIST.");
sync_snort_package_config();
header("Location: /snort/snort_passlist.php");
exit;
diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php
index e486a076..3be776f4 100644
--- a/config/snort/snort_passlist_edit.php
+++ b/config/snort/snort_passlist_edit.php
@@ -156,7 +156,7 @@ if ($_POST['save']) {
else
$a_passlist[] = $w_list;
- write_config();
+ write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
/* create pass list and homenet file, then sync files */
sync_snort_package_config();
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 6c3dc90f..5cee95df 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -199,7 +199,7 @@ if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalu
if ($_POST['del_http_inspect']) {
if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) {
unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#httpinspect_row");
exit;
}
@@ -207,7 +207,7 @@ if ($_POST['del_http_inspect']) {
elseif ($_POST['del_frag3']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#frag3_row");
exit;
}
@@ -215,7 +215,7 @@ elseif ($_POST['del_frag3']) {
elseif ($_POST['del_stream5_tcp']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#stream5_row");
exit;
}
@@ -223,7 +223,7 @@ elseif ($_POST['del_stream5_tcp']) {
elseif ($_POST['del_ftp_client']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
exit;
}
@@ -231,7 +231,7 @@ elseif ($_POST['del_ftp_client']) {
elseif ($_POST['del_ftp_server']) {
if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]);
- write_config();
+ write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}.");
header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
exit;
}
@@ -377,7 +377,7 @@ if ($_POST['save']) {
if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}.");
}
/*************************************************/
@@ -427,7 +427,7 @@ if ($_POST['btn_import']) {
$pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}.");
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -449,7 +449,7 @@ if ($_POST['btn_edit_hat']) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
header("Location: snort_edit_hat_data.php?id=$id");
exit;
}
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 158999f9..e69152c3 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -196,7 +196,7 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) &
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}.");
$anchor = "rule_{$gid}_{$sid}";
}
@@ -236,7 +236,7 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
+ write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
elseif ($_POST['enable_all'] && !empty($rules_map)) {
@@ -273,7 +273,7 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
+ write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
elseif ($_POST['resetcategory'] && !empty($rules_map)) {
@@ -312,7 +312,7 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
+ write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
}
elseif ($_POST['resetall'] && !empty($rules_map)) {
@@ -321,14 +321,14 @@ elseif ($_POST['resetall'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
}
else if ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
@@ -340,7 +340,7 @@ elseif ($_POST['save']) {
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
else
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
@@ -364,7 +364,7 @@ elseif ($_POST['save']) {
}
else if ($_POST['apply']) {
/* Save new configuration */
- write_config();
+ write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 46a67913..79365f5f 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -153,7 +153,7 @@ if ($_POST["save"]) {
@unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
- write_config();
+ write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index 9a91e0d6..89b0bc02 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -328,7 +328,7 @@ if ($_POST['save']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: save modified stream5 engine.");
header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row");
exit;