diff options
Diffstat (limited to 'config/widget-snort')
-rw-r--r-- | config/widget-snort/snort_alerts.widget.php | 94 | ||||
-rw-r--r-- | config/widget-snort/widget-snort.inc | 24 | ||||
-rw-r--r-- | config/widget-snort/widget-snort.xml | 25 |
3 files changed, 101 insertions, 42 deletions
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php index bb51a387..e488bc49 100644 --- a/config/widget-snort/snort_alerts.widget.php +++ b/config/widget-snort/snort_alerts.widget.php @@ -60,55 +60,61 @@ function sksort(&$array, $subkey="id", $sort_ascending=false) { /* check if firewall widget variable is set */ if (!isset($nentries)) $nentries = 5; -/* retrieve snort variables */ -require_once("/usr/local/pkg/snort/snort.inc"); -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); -$a_instance = &$config['installedpackages']['snortglobal']['rule']; +/* check if Snort include file exists before we use it */ +if (file_exists("/usr/local/pkg/snort/snort.inc")) { + require_once("/usr/local/pkg/snort/snort.inc"); -/* read log file(s) */ -$counter=0; -foreach ($a_instance as $instanceid => $instance) { - $snort_uuid = $a_instance[$instanceid]['uuid']; - $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); + /* retrieve snort variables */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); + $a_instance = &$config['installedpackages']['snortglobal']['rule']; + + /* read log file(s) */ + $counter=0; + foreach ($a_instance as $instanceid => $instance) { + $snort_uuid = $a_instance[$instanceid]['uuid']; + $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); - /* make sure alert file exists */ - if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); - if (file_exists("/tmp/alert_{$snort_uuid}")) { - $tmpblocked = array_flip(snort_get_blocked_ips()); + /* make sure alert file exists */ + if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { + exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); + if (file_exists("/tmp/alert_{$snort_uuid}")) { + $tmpblocked = array_flip(snort_get_blocked_ips()); - /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ - /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); - while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) - continue; + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ + /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ + $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); + while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { + if(count($fields) < 11) + continue; - $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface']; - $snort_alerts[$counter]['timestamp'] = $fields[0]; - $snort_alerts[$counter]['timeonly'] = substr($fields[0], 6, -8); - $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, -17); - $snort_alerts[$counter]['src'] = $fields[6]; - $snort_alerts[$counter]['srcport'] = $fields[7]; - $snort_alerts[$counter]['dst'] = $fields[8]; - $snort_alerts[$counter]['dstport'] = $fields[9]; - $snort_alerts[$counter]['priority'] = $fields[12]; - $snort_alerts[$counter]['category'] = $fields[11]; - $counter++; + $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface']; + $snort_alerts[$counter]['timestamp'] = $fields[0]; + $snort_alerts[$counter]['timeonly'] = substr($fields[0], strpos($fields[0], '-')+1, -8); + $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, strpos($fields[0], '-')); + $snort_alerts[$counter]['src'] = $fields[6]; + $snort_alerts[$counter]['srcport'] = $fields[7]; + $snort_alerts[$counter]['dst'] = $fields[8]; + $snort_alerts[$counter]['dstport'] = $fields[9]; + $snort_alerts[$counter]['priority'] = $fields[12]; + $snort_alerts[$counter]['category'] = $fields[11]; + $counter++; + }; + fclose($fd); + @unlink("/tmp/alert_{$snort_uuid}"); }; - fclose($fd); - @unlink("/tmp/alert_{$snort_uuid}"); }; }; -}; -/* sort the array */ -if (isset($config['syslog']['reverse'])) { - sksort($snort_alerts, 'timestamp', false); + /* sort the array */ + if (isset($config['syslog']['reverse'])) { + sksort($snort_alerts, 'timestamp', false); + } else { + sksort($snort_alerts, 'timestamp', true); + }; } else { - sksort($snort_alerts, 'timestamp', true); -}; + $msg = gettext("The Snort package is not installed."); +} /* display the result */ ?> @@ -131,7 +137,13 @@ if (is_array($snort_alerts)) { $counter++; if($counter >= $nentries) break; } -}; +} else { + if (!empty($msg)) { + echo (" <tr class=\"snort-alert-entry\"> + <td colspan=\"3\" align=\"center\"><br>{$msg}</br></td> + </tr>"); + } +} ?> </tbody> </table> diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc new file mode 100644 index 00000000..105dd1e7 --- /dev/null +++ b/config/widget-snort/widget-snort.inc @@ -0,0 +1,24 @@ +<?php +require_once("config.inc"); +function widget_snort_uninstall() { + + global $config; + + /* Remove the Snort widget from the Dashboard display list */ + $widgets = $config['widgets']['sequence']; + if (!empty($widgets)) { + $widgetlist = explode(",", $widgets); + foreach ($widgetlist as $key => $widget) { + if (strstr($widget, "snort_alerts-container")) + unset($widgetlist[$key]); + } + $config['widgets']['sequence'] = implode(",", $widgetlist); + write_config(); + } + + /* Remove our associated files */ + unlink("/usr/local/www/widgets/include/widget-snort.inc"); + unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php"); + unlink("/usr/local/www/widgets/javascript/snort_alerts.js"); +} +?> diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index 785ac5b1..b415bd12 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -46,8 +46,15 @@ <requirements>Dashboard package and Snort</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>widget-snort</name> - <version>0.5</version> + <version>0.3.4</version> <title>Widget - Snort</title> + <include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file> + <menu> + </menu> + <service> + </service> + <tabs> + </tabs> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> @@ -58,4 +65,20 @@ <chmod>0644</chmod> <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item> + </additional_files_needed> + <fields> + </fields> + <custom_add_php_command> + </custom_add_php_command> + <custom_php_resync_config_command> + </custom_php_resync_config_command> + <custom_php_install_command> + </custom_php_install_command> + <custom_php_deinstall_command> + widget_snort_uninstall(); + </custom_php_deinstall_command> </packagegui> |