aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_alerts.php30
-rw-r--r--config/snort/snort_blocked.php24
2 files changed, 35 insertions, 19 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index eb6190f5..804c6e8a 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -146,6 +146,9 @@ $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']);
$disablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_off']);
+// Grab pfSense version so we can refer to it later on this page
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+
$pconfig = array();
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
@@ -465,13 +468,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_ip_src = $fields[6];
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_src = str_replace(":", ":​", $alert_ip_src);
- /* Add Reverse DNS lookup icons */
- $alert_ip_src .= "<br/><a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
- $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "' style=\"cursor: pointer;\"></a>";
- $alert_ip_src .= "&nbsp;<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>";
+ /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */
+ $alert_ip_src .= "<br/>";
+ if ($pfs_version > 2.0) {
+ $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">";
+ $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ }
+ $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>";
$alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
$alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
@@ -495,11 +502,14 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_ip_dst = $fields[8];
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
- /* Add Reverse DNS lookup icons */
- $alert_ip_dst .= "<br/><a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "' style=\"cursor: pointer;\"></a>";
- $alert_ip_dst .= "&nbsp;<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>";
+ /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */
+ $alert_ip_dst .= "<br/>";
+ if ($pfs_version > 2.0) {
+ $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">";
+ $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ }
+ $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>";
$alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
$alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* Add icons for auto-adding to Suppress List if appropriate */
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index f190413c..4fc470d3 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -7,6 +7,7 @@
*
* Modified for the Pfsense snort package v. 1.8+
* Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2014 Bill Meeks
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -33,6 +34,9 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+// Grab pfSense version so we can refer to it later on this page
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+
if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
$config['installedpackages']['snortglobal']['alertsblocks'] = array();
@@ -261,23 +265,25 @@ if ($pconfig['brefresh'] == 'on')
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$tmp_ip = str_replace(":", ":&#8203;", $blocked_ip);
-
+ /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */
+ $rdns_link = "";
+ if ($pfs_version > 2.0) {
+ $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ }
+ $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* use one echo to do the magic*/
echo "<tr>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
- <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>
- <a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">
- <img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0'
- title='" . gettext("Resolve host via reverse DNS lookup") . "' style=\"cursor: pointer;\"></a>
- <a href='/diag_dns.php?host={$blocked_ip}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0'
- title='" . gettext("Resolve host via reverse DNS lookup") . "'></a></td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
<img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
</tr>\n";
}
-
}
?>
</tbody>