diff options
Diffstat (limited to 'config/suricata/suricata_app_parsers.php')
-rw-r--r-- | config/suricata/suricata_app_parsers.php | 340 |
1 files changed, 340 insertions, 0 deletions
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php new file mode 100644 index 00000000..def78f94 --- /dev/null +++ b/config/suricata/suricata_app_parsers.php @@ -0,0 +1,340 @@ +<?php +/* + * suricata_app_parsers.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); + +// Initialize HTTP libhtp engine arrays if necessary +if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'])) + $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array(); + +$a_nat = &$config['installedpackages']['suricata']['rule']; + +$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']); + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + /* Get current values from config for page form fields */ + $pconfig = $a_nat[$id]; + + // See if Host-OS policy engine array is configured and use + // it; otherwise create a default engine configuration. + if (empty($pconfig['libhtp_policy']['item'])) { + $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", + "request-body-limit" => 4096, "response-body-limit" => 4096, + "double-decode-path" => "no", "double-decode-query" => "no" ); + $pconfig['libhtp_policy']['item'] = array(); + $pconfig['libhtp_policy']['item'][] = $default; + if (!is_array($a_nat[$id]['libhtp_policy']['item'])) + $a_nat[$id]['libhtp_policy']['item'] = array(); + $a_nat[$id]['libhtp_policy']['item'][] = $default; + write_config(); + $libhtp_engine_next_id++; + } + else + $pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { + $pconfig[$_GET['varname']] = $_GET['varvalue']; +} + +if ($_GET['act'] && isset($_GET['eng_id'])) { + + $natent = array(); + $natent = $pconfig; + + if ($_GET['act'] == "del_libhtp_policy") + unset($natent['libhtp_policy']['item'][$_GET['eng_id']]); + + if (isset($id) && $a_nat[$id]) { + $a_nat[$id] = $natent; + write_config(); + } + + header("Location: /suricata/suricata_app_parsers.php?id=$id"); + exit; +} + +if ($_POST['ResetAll']) { + + /* Reset all the settings to defaults */ + $pconfig['asn1_max_frames'] = "256"; + + /* Log a message at the top of the page to inform the user */ + $savemsg = gettext("All flow and stream settings have been reset to their defaults."); +} +elseif ($_POST['Submit']) { + $natent = array(); + $natent = $pconfig; + + // TODO: validate input values + if (!is_numeric($_POST['asn1_max_frames'] ) || $_POST['asn1_max_frames'] < 1) + $input_errors[] = gettext("The value for 'ASN1 Max Frames' must be all numbers and greater than 0."); + + /* if no errors write to conf */ + if (!$input_errors) { + if ($_POST['asn1_max_frames'] != "") { $natent['asn1_max_frames'] = $_POST['asn1_max_frames']; }else{ $natent['asn1_max_frames'] = "256"; } + + /**************************************************/ + /* If we have a valid rule ID, save configuration */ + /* then update the suricata.conf file and rebuild */ + /* the rules for this interface. */ + /**************************************************/ + if (isset($id) && $a_nat[$id]) { + $a_nat[$id] = $natent; + write_config(); + $rebuild_rules = true; + suricata_generate_yaml($natent); + $rebuild_rules = false; + } + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: suricata_app_parsers.php?id=$id"); + exit; + } +} + +$if_friendly = suricata_get_friendly_interface($pconfig['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Layer 7 Application Parsers"); +include_once("head.inc"); +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + + + /* Display Alert message */ + + if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks + } + + if ($savemsg) { + print_info_box($savemsg); + } + +?> + +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> + +<form action="suricata_app_parsers.php" method="post" + enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + display_top_tabs($tab_array); + echo '</td></tr>'; + echo '<tr><td>'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr><td><div id="mainarea"> +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Abstract Syntax One Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Asn1 Max Frames"); ?></td> + <td width="78%" class="vtable"> + <input name="asn1_max_frames" type="text" class="formfld unknown" id="asn1_max_frames" size="9" + value="<?=htmlspecialchars($pconfig['asn1_max_frames']);?>"> + <?php echo gettext("Limit for max number of asn1 frames to decode. Default is ") . + "<strong>" . gettext("256") . "</strong>" . gettext(" frames."); ?><br/><br/> + <?php echo gettext("To protect itself, Suricata will inspect only the maximum asn1 frames specified. ") . + gettext("Application layer protocols such as X.400 electronic mail, X.500 and LDAP directory services, ") . + gettext("H.323 (VoIP), and SNMP, use ASN.1 to describe the protocol data units (PDUs) they exchange."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific HTTP Server Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Server Configuration"); ?></td> + <td width="78%" class="vtable"> + <table width="95%" align="left" id="libhtpEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0"> + <colgroup> + <col width="45%" align="left"> + <col width="45%" align="center"> + <col width="10%" align="right"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="string"><?php echo gettext("Name");?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th> + <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=libhtp_policy"> + <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a> + <a href="suricata_libhtp_policy_engine.php?id=<?=$id?>&eng_id=<?=$libhtp_engine_next_id?>"> + <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></a></th> + </tr> + </thead> + <?php foreach ($pconfig['libhtp_policy']['item'] as $f => $v): ?> + <tr> + <td class="listlr" align="left"><?=gettext($v['name']);?></td> + <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td> + <td class="listt" align="right"><a href="suricata_libhtp_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a> + <?php if ($v['bind_to'] <> "all") : ?> + <a href="suricata_app_parsers.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_libhtp_policy" onclick="return confirm('Are you sure you want to delete this entry?');"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" + title="<?=gettext("Delete this server configuration");?>"></a> + <?php else : ?> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" + title="<?=gettext("Default server configuration cannot be deleted");?>"> + <?php endif ?> + </td> + </tr> + <?php endforeach; ?> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo + gettext("Save flow and stream settings"); ?>"> + <input name="id" type="hidden" value="<?=$id;?>"> + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo + gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . + gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") . + "');\""; ?>></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: "); ?></strong></span></span> + <?php echo gettext("Please save your settings before you exit. Changes will rebuild the rules file. This "); ?> + <?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td> + </tr> +</table> +</div> +</td></tr></table> +</form> +<script type="text/javascript"> +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $portisfirst = 0; + $aliasesaddr = ""; + $aliasesports = ""; + if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { + // Skip any Aliases that resolve to an empty string + if (trim(filter_expand_alias($alias_name['name'])) == "") + continue; + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + } else if ($alias_name['type'] == "port") { + if($portisfirst == 1) $aliasesports .= ","; + $aliasesports .= "'" . $alias_name['name'] . "'"; + $portisfirst = 1; + } + } +?> + + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + var portsarray=new Array(<?php echo $aliasesports; ?>); + +function createAutoSuggest() { +<?php + echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n"; + echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n"; + echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n"; +?> +} + +setTimeout("createAutoSuggest();", 500); + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. + w += 32; + h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + +</script> +<?php include("fend.inc"); ?> +</body> +</html> |