aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort_barnyard.php23
-rw-r--r--config/snort/snort_blocked.php2
-rwxr-xr-xconfig/snort/snort_define_servers.php2
-rwxr-xr-xconfig/snort/snort_interfaces.php6
-rw-r--r--config/snort/snort_interfaces_suppress.php8
-rw-r--r--config/snort/snort_list_view.php6
-rw-r--r--config/snort/snort_rules_flowbits.php38
-rwxr-xr-xconfig/snort/snort_rulesets.php7
8 files changed, 53 insertions, 39 deletions
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 2773fe95..a5c1ffec 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -89,7 +89,7 @@ if ($_POST) {
write_config();
/* No need to rebuild rules if just toggling Barnyard2 on or off */
- $rebuild_rules = "off";
+ $rebuild_rules = false;
sync_snort_package_config();
/* after click go to this page */
@@ -108,16 +108,11 @@ $pgtitle = "Snort: Interface: {$if_friendly} Barnyard2 Edit";
include_once("head.inc");
?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include_once("fbegin.inc");
-?>
<script language="JavaScript">
<!--
@@ -184,7 +179,7 @@ function enable_change(enable_change) {
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td>
<td width="78%" class="vtable">
<input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)">
- <strong><?php echo gettext("Enable Barnyard2"); ?></strong><br>
+ <strong><?php echo gettext("Enable Barnyard2"); ?></strong><br/>
<?php echo gettext("This will enable barnyard2 for this interface. You will also have to set the database credentials."); ?></td>
</tr>
<tr>
@@ -194,9 +189,9 @@ function enable_change(enable_change) {
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log to a MySQL Database"); ?></td>
<td width="78%" class="vtable"><input name="barnyard_mysql"
type="text" class="formfld" id="barnyard_mysql" style="width:95%;" size="85"
- value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br>
+ value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br/>
<span class="vexpl"><?php echo gettext("Example: output database: alert, mysql, " .
- "dbname=snort user=snort host=localhost password=xyz"); ?><br>
+ "dbname=snort user=snort host=localhost password=xyz"); ?><br/>
<?php echo gettext("Example: output database: log, mysql, dbname=snort user=snort " .
"host=localhost password=xyz"); ?></span></td>
</tr>
@@ -204,11 +199,11 @@ function enable_change(enable_change) {
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"<?php echo gettext("Advanced configuration " .
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration " .
"pass through"); ?></td>
<td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;"
cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
- <br>
+ <br/>
<?php echo gettext("Arguments here will be automatically inserted into the running " .
"barnyard2 configuration."); ?></td>
</tr>
@@ -220,8 +215,8 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
- <br>
+ <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span></span>
+ <br/>
<?php echo gettext("Please save your settings before you click start."); ?> </td>
</tr>
</table>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 43b351ab..56edfbc5 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -191,10 +191,12 @@ if ($pconfig['brefresh'] == 'on')
<col width="10%" align="center">
</colgroup>
<thead>
+ <tr>
<th class="listhdrr" axis="number">#</th>
<th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th>
<th class="listhdrr"><?php echo gettext("Remove"); ?></th>
+ </tr>
</thead>
<tbody>
<?php
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 8c19325b..371bbecd 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -127,7 +127,7 @@ if ($_POST) {
write_config();
/* Update the snort conf file for this interface. */
- $rebuild_rules = "off";
+ $rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
/* after click go to this page */
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 390b83eb..84273167 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -145,9 +145,9 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})...");
/* set flag to rebuild interface rules before starting Snort */
- $rebuild_rules = "on";
+ $rebuild_rules = true;
sync_snort_package_config();
- $rebuild_rules = "off";
+ $rebuild_rules = false;
snort_start($snortcfg, $if_real);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -364,7 +364,7 @@ if ($pfsense_stable == 'yes')
</td>
<td class="listbg"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
- <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;
+ <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;</font>
</td>
<td valign="middle" class="list" nowrap>
<table border="0" cellspacing="0" cellpadding="0">
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index 8095ff37..780a6e92 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -98,7 +98,7 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<?=htmlspecialchars($list['name']);?></td>
<td class="listbg"
ondblclick="document.location='snort_interfaces_suppress_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;</font>
</td>
<td valign="middle" nowrap class="list">
@@ -130,17 +130,17 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
</tr>
</table>
- </div>
</td>
</tr>
</table>
+</div>
</td></tr>
<tr>
<td colspan="3" width="100%"><br/><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
- <p><span class="vexpl"><?php echo gettext("Here you can create event filtering and " .
+ <p><?php echo gettext("Here you can create event filtering and " .
"suppression for your snort package rules."); ?><br/><br/>
<?php echo gettext("Please note that you must restart a running Interface so that changes can " .
- "take effect."); ?></span></p></td>
+ "take effect."); ?></p></span></td>
</tr>
</table>
</form>
diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php
index b7de064b..856367ef 100644
--- a/config/snort/snort_list_view.php
+++ b/config/snort/snort_list_view.php
@@ -47,10 +47,14 @@ $type = $_GET['type'];
if (isset($id) && isset($wlist)) {
$a_rule = $config['installedpackages']['snortglobal']['rule'][$id];
- if ($type == "whitelist") {
+ if ($type == "homenet") {
$list = snort_build_list($a_rule, $wlist);
$contents = implode("\n", $list);
}
+ elseif ($type == "whitelist") {
+ $list = snort_build_list($a_rule, $wlist, true);
+ $contents = implode("\n", $list);
+ }
elseif ($type == "suppress") {
$list = snort_find_list($wlist, $type);
$contents = str_replace("\r", "", base64_decode($list['suppresspassthru']));
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 215399c6..7a653af8 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -38,9 +38,10 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $flowbit_rules_file, $rebuild_rules;
+global $g, $rebuild_rules;
$snortdir = SNORTDIR;
+$flowbit_rules_file = FLOWBITS_FILENAME;
$rules_map = array();
$supplist = array();
@@ -67,10 +68,10 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') {
$rules_map = snort_load_rules_map("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
else
- $savemsg = "There are no flowbit-required rules necessary for the current enforcing rule set.";
+ $savemsg = gettext("There are no flowbit-required rules necessary for the current enforcing rule set.");
}
else
- $input_errors[] = "Auto-Flowbit rule generation is disabled for this interface!";
+ $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
$descr = snort_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']);
@@ -83,6 +84,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
+ $found_list = false;
if (empty($a_nat[$id]['suppresslistname']) || $a_nat[$id]['suppresslistname'] == 'default') {
$s_list = array();
@@ -92,9 +94,11 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
$s_list['suppresspassthru'] = base64_encode($suppress);
$a_suppress[] = $s_list;
$a_nat[$id]['suppresslistname'] = $s_list['name'];
+ $found_list = true;
} else {
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_nat[$id]['suppresslistname']) {
+ $found_list = true;
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
@@ -104,10 +108,16 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
}
- write_config();
- $rebuild_rules = "off";
- sync_snort_package_config();
- $savemsg = "Wrote suppress rule for gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']} to the {$a_nat[$id]['suppresslistname']} Suppression List.";
+ if ($found_list) {
+ write_config();
+ $rebuild_rules = false;
+ sync_snort_package_config();
+ $savemsg = gettext("Wrote suppress rule for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' to the '{$a_nat[$id]['suppresslistname']}' Suppression List.");
+ }
+ else {
+ /* We did not find the defined list, so notify the user with an error */
+ $input_errors[] = gettext("Suppress List '{$a_nat[$id]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ }
}
function truncate($string, $length) {
@@ -165,11 +175,11 @@ if ($savemsg)
</tr>
<tr>
<td width="78%" class="vncell">
- <table width="100%" border="0 cellspacing="2" cellpadding="0">
+ <table width="100%" border="0" cellspacing="2" cellpadding="0">
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus.gif" width='12' height='12' border='0'/></td>
<td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td>
- <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="history.back()" <?php
+ <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/></td>
</tr>
<tr>
@@ -197,12 +207,14 @@ if ($savemsg)
<col axis="string">
</colgroup>
<thead>
+ <tr>
<th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th>
- <td class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Flowbits"); ?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Message"); ?></th>
+ </tr>
<thead>
<tbody>
<?php
@@ -228,12 +240,12 @@ if ($savemsg)
else {
if (!isset($supplist[$gid][$sid])) {
$supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">";
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"";
+ $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
$supplink .= gettext("Click to add to Suppress List") . "'/></a>";
}
else {
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\"";
+ $supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
$supplink .= gettext("Alert has been suppressed") . "'/>";
}
@@ -260,7 +272,7 @@ if ($savemsg)
<?php if ($count > 20): ?>
<tr>
<td align="center" valign="middle">
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="history.back()" <?php
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
<input name="id" type="hidden" value="<?=$id;?>" />
</td>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index fa3efc1b..7ec0edbd 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -32,9 +32,10 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $flowbit_rules_file, $rebuild_rules;
+global $g, $rebuild_rules;
$snortdir = SNORTDIR;
+$flowbit_rules_file = FLOWBITS_FILENAME;
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();
@@ -143,9 +144,9 @@ if ($_POST["Submit"]) {
/* Update the snort conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
- $rebuild_rules = "on";
+ $rebuild_rules = true;
snort_generate_conf($a_nat[$id]);
- $rebuild_rules = "off";
+ $rebuild_rules = false;
header("Location: /snort/snort_rulesets.php?id=$id");
exit;