diff options
Diffstat (limited to 'config/widget-snort')
| -rw-r--r-- | config/widget-snort/snort_alerts.js | 90 | ||||
| -rw-r--r-- | config/widget-snort/snort_alerts.widget.php | 180 | ||||
| -rw-r--r-- | config/widget-snort/widget-snort.inc | 29 | ||||
| -rw-r--r-- | config/widget-snort/widget-snort.xml | 70 |
4 files changed, 0 insertions, 369 deletions
diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js deleted file mode 100644 index c5c743df..00000000 --- a/config/widget-snort/snort_alerts.js +++ /dev/null @@ -1,90 +0,0 @@ - -var snortlines = Array(); -var snorttimer; -var snortupdateDelay = 22000; -var snortisBusy = false; -var snortisPaused = false; - -function snort_alerts_fetch_new_rules_callback(callback_data) { - if(snortisPaused) - return; - - var data_split; - var new_data_to_add = Array(); - var data = callback_data.content; - - data_split = data.split("\n"); - - for(var x=0; x<data_split.length-1; x++) { - /* loop through rows */ - row_split = data_split[x].split("||"); - var line = ''; - line = '<td width="30%" class="listr" >' + row_split[6] + '<br>' + row_split[7]+ '</td>'; - line += '<td width="40%" class="listr" >' + row_split[3] + '<br>' + row_split[4] + '</td>'; - line += '<td width="40%" class="listr" >' + 'Pri : ' + row_split[1] + '<br>' + 'Cat : ' + row_split[2] + '</td>'; - new_data_to_add[new_data_to_add.length] = line; - } - snort_alerts_update_div_rows(new_data_to_add); - snortisBusy = false; -} -function snort_alerts_update_div_rows(data) { - if(snortisPaused) - return; - - var isIE = navigator.appName.indexOf('Microsoft') != -1; - var isSafari = navigator.userAgent.indexOf('Safari') != -1; - var isOpera = navigator.userAgent.indexOf('Opera') != -1; - var rulestable = document.getElementById('snort_alerts'); - var rows = rulestable.getElementsByTagName('tr'); - var showanim = 1; - if (isIE) { - showanim = 0; - } - //alert(data.length); - for(var x=0; x<data.length; x++) { - var numrows = rows.length; - /* if reverse logging is enabled we need to show the - * records in a reverse order with new items appearing - * on the top - */ - if(isReverse == false) { - for (var i = 1; i < numrows; i++) { - nextrecord = i + 1; - if(nextrecord < numrows) - rows[i].innerHTML = rows[nextrecord].innerHTML; - } - } else { - for (var i = numrows; i > 0; i--) { - nextrecord = i + 1; - if(nextrecord < numrows) - rows[nextrecord].innerHTML = rows[i].innerHTML; - } - } - var item = document.getElementById('snort-firstrow'); - if(x == data.length-1) { - /* nothing */ - showanim = false; - } else { - showanim = false; - } - if (showanim) { - item.style.display = 'none'; - item.innerHTML = data[x]; - new Effect.Appear(item); - } else { - item.innerHTML = data[x]; - } - } - /* rechedule AJAX interval */ - snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); -} -function snort_alerts_toggle_pause() { - if(snortisPaused) { - snortisPaused = false; - snort_alerts_fetch_new_rules(); - } else { - snortisPaused = true; - } -} -/* start local AJAX engine */ -snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php deleted file mode 100644 index ddf8ac59..00000000 --- a/config/widget-snort/snort_alerts.widget.php +++ /dev/null @@ -1,180 +0,0 @@ -<?php -/* - snort_alerts.widget.php - Copyright (C) 2009 Jim Pingle - mod 24-07-2012 - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/www/widgets/include/widget-snort.inc"); - -global $config, $g; - -/* array sorting */ -function sksort(&$array, $subkey="id", $sort_ascending=false) { - /* an empty array causes sksort to fail - this test alleviates the error */ - if(empty($array)) - return false; - if (count($array)) { - $temp_array[key($array)] = array_shift($array); - }; - foreach ($array as $key => $val){ - $offset = 0; - $found = false; - foreach ($temp_array as $tmp_key => $tmp_val) { - if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) { - $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset)); - $found = true; - }; - $offset++; - }; - if (!$found) $temp_array = array_merge($temp_array, array($key => $val)); - }; - - if ($sort_ascending) { - $array = array_reverse($temp_array); - } else $array = $temp_array; - /* below is the complement for empty array test */ - return true; -}; - -/* check if firewall widget variable is set */ -$nentries = $config['widgets']['widget_snort_display_lines']; -if (!isset($nentries) || $nentries < 0) $nentries = 5; - -if(isset($_POST['widget_snort_display_lines'])) { - $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; - write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); - header("Location: ../../index.php"); -} - -/* check if Snort include file exists before we use it */ -if (file_exists("/usr/local/pkg/snort/snort.inc")) { - require_once("/usr/local/pkg/snort/snort.inc"); - - /* retrieve snort variables */ - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); - $a_instance = &$config['installedpackages']['snortglobal']['rule']; - - /* read log file(s) */ - $counter=0; - foreach ($a_instance as $instanceid => $instance) { - $snort_uuid = $a_instance[$instanceid]['uuid']; - $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); - - /* make sure alert file exists */ - if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); - if (file_exists("/tmp/alert_{$snort_uuid}")) { - $tmpblocked = array_flip(snort_get_blocked_ips()); - - /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ - /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); - while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) - continue; - - $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface']; - // fields[0] is the timestamp. Reverse its date order to YY/MM/DD for proper sorting - $tmp = substr($fields[0],6,2) . '/' . substr($fields[0],0,2) . '/' . substr($fields[0],3,2); - $snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0],0,8),$tmp,$fields[0]); - $snort_alerts[$counter]['timeonly'] = substr($fields[0], strpos($fields[0], '-')+1, -8); - $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, strpos($fields[0], '-')); - $snort_alerts[$counter]['src'] = $fields[6]; - $snort_alerts[$counter]['srcport'] = $fields[7]; - $snort_alerts[$counter]['dst'] = $fields[8]; - $snort_alerts[$counter]['dstport'] = $fields[9]; - $snort_alerts[$counter]['priority'] = $fields[12]; - $snort_alerts[$counter]['category'] = $fields[11]; - $counter++; - }; - fclose($fd); - @unlink("/tmp/alert_{$snort_uuid}"); - }; - }; - }; - - /* sort the array */ - if (isset($config['syslog']['reverse'])) { - sksort($snort_alerts, 'timestamp', false); - } else { - sksort($snort_alerts, 'timestamp', true); - }; -} else { - $msg = gettext("The Snort package is not installed."); -} - -/* display the result */ -?> - -<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" /> -<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;"> - <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd"> - Enter number of recent alerts to display (default is 5)<br/> - <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" /> - <input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" /> - </form> -</div> - -<table width="100%" border="0" cellspacing="0" cellpadding="0"> - <tbody> - <tr class="snort-alert-header"> - <td width="30%" class="widgetsubheader" >IF/Date</td> - <td width="40%" class="widgetsubheader">Src/Dst</td> - <td width="40%" class="widgetsubheader">Details</td> - </tr> -<?php -$counter=0; -if (is_array($snort_alerts)) { - foreach ($snort_alerts as $alert) { - echo(" <tr class='snort-alert-entry'" . $activerow . "> - <td width='30%' class='listr'>" . $alert['instanceid'] . "<br>" . $alert['timeonly'] . " " . $alert['dateonly'] . "</td> - <td width='40%' class='listr'>" . $alert['src'] . ":" . $alert['srcport'] . "<br>" . $alert['dst'] . ":" . $alert['dstport'] . "</td> - <td width='40%' class='listr'>Pri : " . $alert['priority'] . "<br>Cat : " . $alert['category'] . "</td> - </tr>"); - $counter++; - if($counter >= $nentries) break; - } -} else { - if (!empty($msg)) { - echo (" <tr class=\"snort-alert-entry\"> - <td colspan=\"3\" align=\"center\"><br>{$msg}</br></td> - </tr>"); - } -} -?> - </tbody> -</table> - -<!-- needed to display the widget settings menu --> -<script type="text/javascript"> -//<![CDATA[ - selectIntLink = "snort_alerts-configure"; - textlink = document.getElementById(selectIntLink); - textlink.style.display = "inline"; -//]]> -</script> - diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc deleted file mode 100644 index b9cfbeac..00000000 --- a/config/widget-snort/widget-snort.inc +++ /dev/null @@ -1,29 +0,0 @@ -<?php -require_once("config.inc"); - -//set variable for custom title -$snort_alerts_title = "Snort Alerts"; -$snort_alerts_title_link = "snort/snort_alerts.php"; - -function widget_snort_uninstall() { - - global $config; - - /* Remove the Snort widget from the Dashboard display list */ - $widgets = $config['widgets']['sequence']; - if (!empty($widgets)) { - $widgetlist = explode(",", $widgets); - foreach ($widgetlist as $key => $widget) { - if (strstr($widget, "snort_alerts-container")) - unset($widgetlist[$key]); - } - $config['widgets']['sequence'] = implode(",", $widgetlist); - write_config(); - } - - /* Remove our associated files */ - unlink("/usr/local/www/widgets/include/widget-snort.inc"); - unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php"); - unlink("/usr/local/www/widgets/javascript/snort_alerts.js"); -} -?> diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml deleted file mode 100644 index 959f9529..00000000 --- a/config/widget-snort/widget-snort.xml +++ /dev/null @@ -1,70 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - widget-snort.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2009 Jim Pingle - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Snort widget add-on for Dashboard package</description> - <requirements>Dashboard package and Snort</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>widget-snort</name> - <version>0.3.6</version> - <title>Widget - Snort</title> - <include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/www/widgets/javascript/</prefix> - <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/widget-snort/snort_alerts.js</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/widget-snort/snort_alerts.widget.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/widget-snort/widget-snort.inc</item> - </additional_files_needed> - <custom_php_deinstall_command> - widget_snort_uninstall(); - </custom_php_deinstall_command> -</packagegui> |