diff options
Diffstat (limited to 'config/widget-snort/snort_alerts.widget.php')
| -rw-r--r-- | config/widget-snort/snort_alerts.widget.php | 180 |
1 files changed, 0 insertions, 180 deletions
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php deleted file mode 100644 index ddf8ac59..00000000 --- a/config/widget-snort/snort_alerts.widget.php +++ /dev/null @@ -1,180 +0,0 @@ -<?php -/* - snort_alerts.widget.php - Copyright (C) 2009 Jim Pingle - mod 24-07-2012 - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/www/widgets/include/widget-snort.inc"); - -global $config, $g; - -/* array sorting */ -function sksort(&$array, $subkey="id", $sort_ascending=false) { - /* an empty array causes sksort to fail - this test alleviates the error */ - if(empty($array)) - return false; - if (count($array)) { - $temp_array[key($array)] = array_shift($array); - }; - foreach ($array as $key => $val){ - $offset = 0; - $found = false; - foreach ($temp_array as $tmp_key => $tmp_val) { - if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) { - $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset)); - $found = true; - }; - $offset++; - }; - if (!$found) $temp_array = array_merge($temp_array, array($key => $val)); - }; - - if ($sort_ascending) { - $array = array_reverse($temp_array); - } else $array = $temp_array; - /* below is the complement for empty array test */ - return true; -}; - -/* check if firewall widget variable is set */ -$nentries = $config['widgets']['widget_snort_display_lines']; -if (!isset($nentries) || $nentries < 0) $nentries = 5; - -if(isset($_POST['widget_snort_display_lines'])) { - $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; - write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); - header("Location: ../../index.php"); -} - -/* check if Snort include file exists before we use it */ -if (file_exists("/usr/local/pkg/snort/snort.inc")) { - require_once("/usr/local/pkg/snort/snort.inc"); - - /* retrieve snort variables */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); - $a_instance = &$config['installedpackages']['snortglobal']['rule']; - - /* read log file(s) */ - $counter=0; - foreach ($a_instance as $instanceid => $instance) { - $snort_uuid = $a_instance[$instanceid]['uuid']; - $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); - - /* make sure alert file exists */ - if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); - if (file_exists("/tmp/alert_{$snort_uuid}")) { - $tmpblocked = array_flip(snort_get_blocked_ips()); - - /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ - /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); - while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) - continue; - - $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface']; - // fields[0] is the timestamp. Reverse its date order to YY/MM/DD for proper sorting - $tmp = substr($fields[0],6,2) . '/' . substr($fields[0],0,2) . '/' . substr($fields[0],3,2); - $snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0],0,8),$tmp,$fields[0]); - $snort_alerts[$counter]['timeonly'] = substr($fields[0], strpos($fields[0], '-')+1, -8); - $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, strpos($fields[0], '-')); - $snort_alerts[$counter]['src'] = $fields[6]; - $snort_alerts[$counter]['srcport'] = $fields[7]; - $snort_alerts[$counter]['dst'] = $fields[8]; - $snort_alerts[$counter]['dstport'] = $fields[9]; - $snort_alerts[$counter]['priority'] = $fields[12]; - $snort_alerts[$counter]['category'] = $fields[11]; - $counter++; - }; - fclose($fd); - @unlink("/tmp/alert_{$snort_uuid}"); - }; - }; - }; - - /* sort the array */ - if (isset($config['syslog']['reverse'])) { - sksort($snort_alerts, 'timestamp', false); - } else { - sksort($snort_alerts, 'timestamp', true); - }; -} else { - $msg = gettext("The Snort package is not installed."); -} - -/* display the result */ -?> - -<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" /> -<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;"> - <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd"> - Enter number of recent alerts to display (default is 5)<br/> - <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" /> - <input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" /> - </form> -</div> - -<table width="100%" border="0" cellspacing="0" cellpadding="0"> - <tbody> - <tr class="snort-alert-header"> - <td width="30%" class="widgetsubheader" >IF/Date</td> - <td width="40%" class="widgetsubheader">Src/Dst</td> - <td width="40%" class="widgetsubheader">Details</td> - </tr> -<?php -$counter=0; -if (is_array($snort_alerts)) { - foreach ($snort_alerts as $alert) { - echo(" <tr class='snort-alert-entry'" . $activerow . "> - <td width='30%' class='listr'>" . $alert['instanceid'] . "<br>" . $alert['timeonly'] . " " . $alert['dateonly'] . "</td> - <td width='40%' class='listr'>" . $alert['src'] . ":" . $alert['srcport'] . "<br>" . $alert['dst'] . ":" . $alert['dstport'] . "</td> - <td width='40%' class='listr'>Pri : " . $alert['priority'] . "<br>Cat : " . $alert['category'] . "</td> - </tr>"); - $counter++; - if($counter >= $nentries) break; - } -} else { - if (!empty($msg)) { - echo (" <tr class=\"snort-alert-entry\"> - <td colspan=\"3\" align=\"center\"><br>{$msg}</br></td> - </tr>"); - } -} -?> - </tbody> -</table> - -<!-- needed to display the widget settings menu --> -<script type="text/javascript"> -//<![CDATA[ - selectIntLink = "snort_alerts-configure"; - textlink = document.getElementById(selectIntLink); - textlink.style.display = "inline"; -//]]> -</script> - |