diff options
Diffstat (limited to 'config/snort')
| -rwxr-xr-x | config/snort/snort.inc | 12 | ||||
| -rwxr-xr-x | config/snort/snort.xml | 123 | ||||
| -rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 17 | ||||
| -rw-r--r-- | config/snort/snort_defs.inc | 9 | ||||
| -rw-r--r-- | config/snort/snort_migrate_config.php | 4 | ||||
| -rw-r--r-- | config/snort/snort_passlist.php | 3 | ||||
| -rw-r--r-- | config/snort/snort_passlist_edit.php | 17 | ||||
| -rw-r--r-- | config/snort/snort_post_install.php | 4 | ||||
| -rwxr-xr-x | config/snort/snort_sync.xml | 74 |
9 files changed, 95 insertions, 168 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 0e4881aa..7b068f01 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -45,11 +45,6 @@ ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes global $g, $config, $rebuild_rules; -// Grab the Snort binary version programmatically, but if that fails use a safe default -$snortver = array(); -$snortbindir = SNORT_PBI_BINDIR; -exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); - /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; @@ -292,7 +287,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (empty($list)) return $list; $localnet = $list['localnets']; - $wanip = $list['wanips']; +// $wanip = $list['wanips']; + $wanip = 'yes'; $wangw = $list['wangateips']; $wandns = $list['wandnsips']; $vips = $list['vips']; @@ -471,7 +467,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern /* iterate all vips and add to whitelist */ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) { - if ($vip['subnet'] && $vip['mode'] != 'proxyarp') { + if ($vip['subnet']) { if (!in_array("{$vip['subnet']}/{$vip['subnet_bits']}", $home_net)) $home_net[] = "{$vip['subnet']}/{$vip['subnet_bits']}"; } @@ -3454,7 +3450,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Build a new sid-msg.map file from the enabled */ /* rules and copy it to the interface directory. */ - log_error(gettext("[Snort] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); + log_error(gettext("[Snort] Building new sid-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map"); } diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 6c70b39e..b8444009 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -3,51 +3,50 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (https://www.pfsense.org) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + snort.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2010 Robert Zelaya + Copyright (C) 2011-2012 Ermal Luçi + Copyright (C) 2013-2015 Bill Meeks + Copyright (C) 2015 Electric Sheep Fencing LP + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> </copyright> <description>Snort IDS/IPS Package</description> - <requirements>None</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.9.7.3</version> - <title>Services:2.9.7.3 pkg v3.2.6</title> + <version>3.2.7</version> + <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -65,258 +64,206 @@ </tabs> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_check_cron_misc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_conf_template.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_migrate_config.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_post_install.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/deprecated_rules</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_barnyard.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_blocked.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_define_servers.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_download_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_download_updates.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_defs.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_global.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_rules_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_rulesets.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_preprocessors.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_passlist.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_passlist_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_suppress.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_suppress_edit.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_list_view.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_rules_flowbits.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_edit_hat_data.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_frag3_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_stream5_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_httpinspect_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_ftp_client_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_ftp_server_engine.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_import_aliases.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_select_alias.php</item> </additional_files_needed> <additional_files_needed> <prefix>/etc/inc/priv/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort.priv.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_ip_reputation.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_ip_list_mgmt.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_iprep_list_browser.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interface_logs.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_log_mgmt.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_sid_mgmt.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_generate_conf.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.widget.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/widget-snort.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/var/db/snort/sidmods/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/disablesid-sample.conf</item> </additional_files_needed> <additional_files_needed> <prefix>/var/db/snort/sidmods/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/enablesid-sample.conf</item> </additional_files_needed> <additional_files_needed> <prefix>/var/db/snort/sidmods/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/modifysid-sample.conf</item> </additional_files_needed> <fields> </fields> - <custom_add_php_command> - </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ sync_snort_package_config(); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 0c4543cd..123661e4 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -64,19 +64,14 @@ $openappid_detectors = $config['installedpackages']['snortglobal']['openappid_de /* Working directory for downloaded rules tarballs and extraction */ $tmpfname = "{$g['tmp_path']}/snort_rules_up"; -/* Grab the Snort binary version programmatically and use it to construct */ -/* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */ -/* default in the event we fail. */ -$snortver = array(); -exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -// Save the version with decimal delimiters for use in extracting the rules -$snort_version = $snortver[0]; -if (empty($snort_version)) - $snort_version = SNORT_BIN_VERSION; +/* Use the Snort binary version to construct the proper Snort VRT */ +/* rules tarball and md5 filenames. Save the version with decimal */ +/* delimiters for use in extracting the rules. */ +$snort_version = SNORT_BIN_VERSION; // Create a collapsed version string for use in the tarball filename -$snortver[0] = str_replace(".", "", $snortver[0]); -$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz"; +$snortver = str_replace(".", "", SNORT_BIN_VERSION); +$snort_filename = "snortrules-snapshot-{$snortver}.tar.gz"; $snort_filename_md5 = "{$snort_filename}.md5"; $snort_rule_url = VRT_DNLD_URL; diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index 3f5c82e5..ac09db44 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -49,13 +49,12 @@ if (!defined("SNORTLOGDIR")) define("SNORTLOGDIR", "{$g['varlog_path']}/snort"); if (!defined("SNORT_BIN_VERSION")) { // Grab the Snort binary version programmatically - $snortver = array(); $snortbindir = SNORT_PBI_BINDIR; - mwexec("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); - if (!empty($snortver[0])) - define("SNORT_BIN_VERSION", $snortver[0]); + $snortver = exec_command("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26"); + if (!empty($snortver)) + define("SNORT_BIN_VERSION", $snortver); else - define("SNORT_BIN_VERSION", "2.9.7.3"); + define("SNORT_BIN_VERSION", "2.9.7.5"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index ae1daf6a..edcbb2d5 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -541,10 +541,10 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } -else +else { log_error("[Snort] Configuration version is current..."); +} ?> diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 965f22d7..1b377a1f 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -197,7 +197,8 @@ if ($savemsg) { <p><?php echo gettext("1. Here you can create Pass List files for your Snort package rules. Hosts on a Pass List are never blocked by Snort."); ?><br/> <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Snort block decisions."); ?><br/> <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> - <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> + <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?><br/> + <?php echo gettext("5. To use a custom Pass List on an interface, you must manually assign the list using the drop-down control on the Interface Settings tab."); ?></p></span></td> </tr> <tr> <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td> diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 75724344..25ebcc82 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -3,7 +3,7 @@ * snort_passlist_edit.php * Copyright (C) 2004 Scott Ullrich * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2014 Bill Meeks + * Copyright (C) 2015 Bill Meeks * All rights reserved. * * originially part of m0n0wall (http://m0n0.ch/wall) @@ -71,7 +71,7 @@ if (isset($id) && isset($a_passlist[$id])) { $pconfig['address'] = $a_passlist[$id]['address']; $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; +// $pconfig['wanips'] = $a_passlist[$id]['wanips']; $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; $pconfig['vips'] = $a_passlist[$id]['vips']; @@ -87,7 +87,7 @@ if ($_GET['act'] == "import") { $pconfig['address'] = htmlspecialchars($_GET['address']); $pconfig['descr'] = htmlspecialchars($_GET['descr']); $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; - $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; +// $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; @@ -168,7 +168,7 @@ if ($_POST['save']) { $p_list['name'] = $_POST['name']; $p_list['uuid'] = $passlist_uuid; $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; +// $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; @@ -255,7 +255,6 @@ if ($savemsg) <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td> </tr> - <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td> <td width="78%" class="vtable"><input name="localnets" type="checkbox" @@ -263,14 +262,6 @@ if ($savemsg) <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> /> <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td> </tr> - - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td> - <td width="78%" class="vtable"><input name="wanips" type="checkbox" - id="wanips" size="40" value="yes" - <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td> - </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td> <td width="78%" class="vtable"><input name="wangateips" diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 280f0efe..bbb2642c 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -265,8 +265,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; -write_config("Snort pkg v3.2.6: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = $config['installedpackages']['package'][get_pkg_id("snort")]['version']; +write_config("Snort pkg v{$config['installedpackages']['package'][get_pkg_id("snort")]['version']}: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml index f3db2ce9..46922822 100755 --- a/config/snort/snort_sync.xml +++ b/config/snort/snort_sync.xml @@ -1,52 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> -<![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -snortsync.xml -part of pfSense (http://www.pfSense.com) -Copyright (C) 2013 Marcello Coutinho -based on pfblocker_sync.xml -All rights reserved. - -Based on m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. -All rights reserved. + snort.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2014-2015 Bill Meeks + Copyright (C) 2015 Electric Sheep Fencing LP + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -1. Redistributions of source code MUST retain the above copyright notice, -this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -2. Redistributions in binary form MUST reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ -]]></copyright> - <description><![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> +/* ====================================================================================== */ + ]]> + </copyright> + <description>Snort: XMLRPC Sync</description> <name>snortsync</name> - <version>1.0</version> + <version>3.2.6</version> <title>Snort: XMLRPC Sync</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <tabs> |