aboutsummaryrefslogtreecommitdiffstats
path: root/config/widget-snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/widget-snort')
-rw-r--r--config/widget-snort/snort_alerts.widget.php94
-rw-r--r--config/widget-snort/widget-snort.inc24
-rw-r--r--config/widget-snort/widget-snort.xml25
3 files changed, 101 insertions, 42 deletions
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index bb51a387..e488bc49 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -60,55 +60,61 @@ function sksort(&$array, $subkey="id", $sort_ascending=false) {
/* check if firewall widget variable is set */
if (!isset($nentries)) $nentries = 5;
-/* retrieve snort variables */
-require_once("/usr/local/pkg/snort/snort.inc");
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+/* check if Snort include file exists before we use it */
+if (file_exists("/usr/local/pkg/snort/snort.inc")) {
+ require_once("/usr/local/pkg/snort/snort.inc");
-/* read log file(s) */
-$counter=0;
-foreach ($a_instance as $instanceid => $instance) {
- $snort_uuid = $a_instance[$instanceid]['uuid'];
- $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+ /* retrieve snort variables */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+ $a_instance = &$config['installedpackages']['snortglobal']['rule'];
+
+ /* read log file(s) */
+ $counter=0;
+ foreach ($a_instance as $instanceid => $instance) {
+ $snort_uuid = $a_instance[$instanceid]['uuid'];
+ $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
- /* make sure alert file exists */
- if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
- if (file_exists("/tmp/alert_{$snort_uuid}")) {
- $tmpblocked = array_flip(snort_get_blocked_ips());
+ /* make sure alert file exists */
+ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
+ if (file_exists("/tmp/alert_{$snort_uuid}")) {
+ $tmpblocked = array_flip(snort_get_blocked_ips());
- /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
- /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
- $fd = fopen("/tmp/alert_{$snort_uuid}", "r");
- while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
- continue;
+ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
+ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
+ $fd = fopen("/tmp/alert_{$snort_uuid}", "r");
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 11)
+ continue;
- $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface'];
- $snort_alerts[$counter]['timestamp'] = $fields[0];
- $snort_alerts[$counter]['timeonly'] = substr($fields[0], 6, -8);
- $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, -17);
- $snort_alerts[$counter]['src'] = $fields[6];
- $snort_alerts[$counter]['srcport'] = $fields[7];
- $snort_alerts[$counter]['dst'] = $fields[8];
- $snort_alerts[$counter]['dstport'] = $fields[9];
- $snort_alerts[$counter]['priority'] = $fields[12];
- $snort_alerts[$counter]['category'] = $fields[11];
- $counter++;
+ $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface'];
+ $snort_alerts[$counter]['timestamp'] = $fields[0];
+ $snort_alerts[$counter]['timeonly'] = substr($fields[0], strpos($fields[0], '-')+1, -8);
+ $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, strpos($fields[0], '-'));
+ $snort_alerts[$counter]['src'] = $fields[6];
+ $snort_alerts[$counter]['srcport'] = $fields[7];
+ $snort_alerts[$counter]['dst'] = $fields[8];
+ $snort_alerts[$counter]['dstport'] = $fields[9];
+ $snort_alerts[$counter]['priority'] = $fields[12];
+ $snort_alerts[$counter]['category'] = $fields[11];
+ $counter++;
+ };
+ fclose($fd);
+ @unlink("/tmp/alert_{$snort_uuid}");
};
- fclose($fd);
- @unlink("/tmp/alert_{$snort_uuid}");
};
};
-};
-/* sort the array */
-if (isset($config['syslog']['reverse'])) {
- sksort($snort_alerts, 'timestamp', false);
+ /* sort the array */
+ if (isset($config['syslog']['reverse'])) {
+ sksort($snort_alerts, 'timestamp', false);
+ } else {
+ sksort($snort_alerts, 'timestamp', true);
+ };
} else {
- sksort($snort_alerts, 'timestamp', true);
-};
+ $msg = gettext("The Snort package is not installed.");
+}
/* display the result */
?>
@@ -131,7 +137,13 @@ if (is_array($snort_alerts)) {
$counter++;
if($counter >= $nentries) break;
}
-};
+} else {
+ if (!empty($msg)) {
+ echo (" <tr class=\"snort-alert-entry\">
+ <td colspan=\"3\" align=\"center\"><br>{$msg}</br></td>
+ </tr>");
+ }
+}
?>
</tbody>
</table>
diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc
new file mode 100644
index 00000000..105dd1e7
--- /dev/null
+++ b/config/widget-snort/widget-snort.inc
@@ -0,0 +1,24 @@
+<?php
+require_once("config.inc");
+function widget_snort_uninstall() {
+
+ global $config;
+
+ /* Remove the Snort widget from the Dashboard display list */
+ $widgets = $config['widgets']['sequence'];
+ if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "snort_alerts-container"))
+ unset($widgetlist[$key]);
+ }
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config();
+ }
+
+ /* Remove our associated files */
+ unlink("/usr/local/www/widgets/include/widget-snort.inc");
+ unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php");
+ unlink("/usr/local/www/widgets/javascript/snort_alerts.js");
+}
+?>
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
index 785ac5b1..b415bd12 100644
--- a/config/widget-snort/widget-snort.xml
+++ b/config/widget-snort/widget-snort.xml
@@ -46,8 +46,15 @@
<requirements>Dashboard package and Snort</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>widget-snort</name>
- <version>0.5</version>
+ <version>0.3.4</version>
<title>Widget - Snort</title>
+ <include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file>
+ <menu>
+ </menu>
+ <service>
+ </service>
+ <tabs>
+ </tabs>
<additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
@@ -58,4 +65,20 @@
<chmod>0644</chmod>
<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item>
+ </additional_files_needed>
+ <fields>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ widget_snort_uninstall();
+ </custom_php_deinstall_command>
</packagegui>