diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/widget-snort/snort_alerts.inc | 20 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.inc.php | 92 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.js | 57 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.widget.php | 29 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts_helper.php | 20 | ||||
-rw-r--r-- | config/widget-snort/widget-snort.inc | 13 | ||||
-rw-r--r-- | config/widget-snort/widget-snort.xml | 26 |
7 files changed, 23 insertions, 234 deletions
diff --git a/config/widget-snort/snort_alerts.inc b/config/widget-snort/snort_alerts.inc deleted file mode 100644 index 159452dd..00000000 --- a/config/widget-snort/snort_alerts.inc +++ /dev/null @@ -1,20 +0,0 @@ -<?php - -require_once("globals.inc"); -require_once("includes/snort_alerts.inc.php"); - -$snort_alerts_title = "Snort Alerts"; -$snort_alerts_title_link = "snort/snort_alerts.php"; - -foreach (glob("{$g['varlog_path']}/snort/*/alert") as $alert) { - $snort_alerts_logfile = $alert; - $nentries = 10; - $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); - - /* AJAX related routines */ - handle_snort_ajax($snort_alerts_logfile, $nentries); -} -if($_GET['lastsawtime'] or $_POST['lastsawtime']) - exit; - -?> diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php deleted file mode 100644 index 46d2b9a7..00000000 --- a/config/widget-snort/snort_alerts.inc.php +++ /dev/null @@ -1,92 +0,0 @@ -<? -function get_snort_alerts($snort_alerts, $nentries, $tail = 20) { - global $config, $g; - $logarr = ""; - /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ - exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr); - - $snortalerts = array(); - - $counter = 0; - - foreach ($logarr as $logent) { - if($counter >= $nentries) - break; - - $alert = parse_snort_alert_line($logent); - if ($alert != "") { - $counter++; - $snortalerts[] = $alert; - } - - } - /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ - return isset($config['syslog']['reverse']) ? $snortalerts : array_reverse($snortalerts); -} - -function parse_snort_alert_line($line) { - $log_split = ""; - $datesplit = ""; - preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split); - - list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], - $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split; - - $usableline = true; - - if(trim($alert['src']) == "") - $usableline = false; - if(trim($alert['dst']) == "") - $usableline = false; - - if($usableline == true) { - preg_match("/^(\d+)\/(\d+)-(\d+\:\d+\:\d+).\d+$/U", $alert['time'], $datesplit); - $now_time = strtotime("now"); - $checkdate = $datesplit[1] . "/" . $datesplit[2] . "/" . date("Y"); - $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . date("Y"); - $logdate = $checkdate . " " . $datesplit[3]; - if ($now_time < strtotime($logdate)) { - $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . ((int)date("Y") - 1); - } - - $alert['dateonly'] = $fulldate; - $alert['timeonly'] = $datesplit[3]; - $alert['category'] = strtoupper( substr($alert["category"],0 , 1) ) . strtolower( substr($alert["category"],1 ) ); - return $alert; - } else { - if($g['debug']) { - log_error("There was a error parsing line: $line. Please report to mailing list or forum."); - } - return ""; - } -} - -/* AJAX specific handlers */ -function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) { - if($_GET['lastsawtime'] or $_POST['lastsawtime']) { - if($_GET['lastsawtime']) - $lastsawtime = $_GET['lastsawtime']; - if($_POST['lastsawtime']) - $lastsawtime = $_POST['lastsawtime']; - /* compare lastsawrule's time stamp to alert logs. - * afterwards return the newer records so that client - * can update AJAX interface screen. - */ - $new_rules = ""; - $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); - foreach($snort_alerts as $log_row) { - $time_regex = ""; - preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); - $logdate = $time_regex[1] . "/" . $time_regex[2] . "/" . date("Y") . " " . $time_regex[3]; - //preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $testsplit[1], $time_regex); - // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); - $row_time = strtotime($logdate); - $now_time = strtotime("now"); - if($row_time > $lastsawtime and $row_time <= $nowtime) { - $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||{$log_row['timeonly']}||{$log_row['dateonly']}" . "||\n"; - } - } - echo $new_rules; - } -} -?> diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js index 0cc76ab1..0c2d9ca6 100644 --- a/config/widget-snort/snort_alerts.js +++ b/config/widget-snort/snort_alerts.js @@ -1,63 +1,10 @@ -snortlastsawtime = '<?php echo time(); ?>'; var snortlines = Array(); var snorttimer; var snortupdateDelay = 25500; var snortisBusy = false; var snortisPaused = false; -<?php - if(isset($config['syslog']['reverse'])) - echo "var isReverse = true;\n"; - else - echo "var isReverse = false;\n"; -?> - -if (typeof getURL == 'undefined') { - getURL = function(url, callback) { - if (!url) - throw 'No URL for getURL'; - try { - if (typeof callback.operationComplete == 'function') - callback = callback.operationComplete; - } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; - var http_request = null; - if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { - try { - http_request = new ActiveXObject('Msxml2.XMLHTTP'); - } catch (e) { - try { - http_request = new ActiveXObject('Microsoft.XMLHTTP'); - } catch (e) {} - } - } - if (!http_request) - throw 'Both getURL and XMLHttpRequest are undefined'; - http_request.onreadystatechange = function() { - if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); - } - } - http_request.open('GET', url, true); - http_request.send(null); - } -} - -function snort_alerts_fetch_new_rules() { - if(snortisPaused) - return; - if(snortisBusy) - return; - snortisBusy = true; - getURL('widgets/helpers/snort_alerts_helper.php?lastsawtime=' + snortlastsawtime, snort_alerts_fetch_new_rules_callback); -} function snort_alerts_fetch_new_rules_callback(callback_data) { if(snortisPaused) return; @@ -75,8 +22,6 @@ function snort_alerts_fetch_new_rules_callback(callback_data) { line = '<td width="30%" class="listr" >' + row_split[6] + '<br>' + row_split[7]+ '</td>'; line += '<td width="40%" class="listr" >' + row_split[3] + '<br>' + row_split[4] + '</td>'; line += '<td width="40%" class="listr" >' + 'Pri : ' + row_split[1] + '<br>' + 'Cat : ' + row_split[2] + '</td>'; - snortlastsawtime = row_split[5]; - //alert(row_split[0]); new_data_to_add[new_data_to_add.length] = line; } snort_alerts_update_div_rows(new_data_to_add); @@ -131,7 +76,7 @@ function snort_alerts_update_div_rows(data) { } } /* rechedule AJAX interval */ - //snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); + snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); } function snort_alerts_toggle_pause() { if(snortisPaused) { diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php index ad7827b7..c579a35e 100644 --- a/config/widget-snort/snort_alerts.widget.php +++ b/config/widget-snort/snort_alerts.widget.php @@ -26,6 +26,8 @@ POSSIBILITY OF SUCH DAMAGE. */ global $config, $g; +$snort_alerts_title = "Snort Alerts"; +$snort_alerts_title_link = "snort/snort_alerts.php"; /* retrieve snort variables */ require_once("/usr/local/pkg/snort/snort.inc"); @@ -38,12 +40,14 @@ $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_alerts = array(); $tmpblocked = array_flip(snort_get_blocked_ips()); foreach ($a_instance as $instanceid => $instance) { - $snort_uuid = $a_instance[$instanceid]['uuid']; - $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); - $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}"; + if ($instance['enable'] != 'on') + continue; /* make sure alert file exists */ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { + $snort_uuid = $instance['uuid']; + $if_real = snort_get_real_interface($instance['interface']); + $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}"; if (isset($config['syslog']['reverse'])) exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert | sort -r > {$tmpfile}"); else @@ -58,7 +62,7 @@ foreach ($a_instance as $instanceid => $instance) { $fields = explode(",", $fileline); $snort_alert = array(); - $snort_alert[]['instanceid'] = snort_get_friendly_interface($a_instance[$instanceid]['interface']); + $snort_alert[]['instanceid'] = snort_get_friendly_interface($instance['interface']); $snort_alert[]['timestamp'] = $fields[0]; $snort_alert[]['timeonly'] = substr($fields[0], 6, -8); $snort_alert[]['dateonly'] = substr($fields[0], 0, -17); @@ -69,13 +73,21 @@ foreach ($a_instance as $instanceid => $instance) { $snort_alert[]['priority'] = $fields[12]; $snort_alert[]['category'] = $fields[11]; $snort_alerts[] = $snort_alert; - }; + } fclose($fd); @unlink($tmpfile); - }; - }; -}; + } + } +} + +if ($_GET['evalScripts']) { + /* AJAX specific handlers */ + $new_rules = ""; + foreach($snort_alerts as $log_row) + $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||{$log_row['timestamp']}||{$log_row['timeonly']}||{$log_row['dateonly']}\n"; + echo $new_rules; +} else { /* display the result */ ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> @@ -96,3 +108,4 @@ foreach ($snort_alerts as $counter => $alert) { ?> </tbody> </table> +<?php } ?> diff --git a/config/widget-snort/snort_alerts_helper.php b/config/widget-snort/snort_alerts_helper.php deleted file mode 100644 index 5df0da04..00000000 --- a/config/widget-snort/snort_alerts_helper.php +++ /dev/null @@ -1,20 +0,0 @@ -<?php -require_once("globals.inc"); -require_once("guiconfig.inc"); -require_once("includes/snort_alerts.inc.php"); - -foreach (glob("{$g['varlog_path']}/snort/*/alert") as $alert) { - $snort_alerts_logfile = $alert; - $nentries = 5; - $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); - - /* AJAX related routines */ - handle_snort_ajax($snort_alerts_logfile, $nentries); -} -if($_GET['lastsawtime'] or $_POST['lastsawtime']) - exit; - -?> -<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> -<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> -<script src="/widgets/javascript/snort_alerts.js" type="text/javascript"></script> diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc deleted file mode 100644 index 584e5f2d..00000000 --- a/config/widget-snort/widget-snort.inc +++ /dev/null @@ -1,13 +0,0 @@ -<?php - -function widget_snort_uninstall() { - - unlink("/usr/local/www/includes/snort_alerts.inc.php"); - unlink("/usr/local/www/widgets/helpers/snort_alerts_helper.php"); - unlink("/usr/local/www/widgets/include/snort_alerts.inc"); - unlink("/usr/local/www/widgets/javascript/snort_alerts.js"); - unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php"); - -} - -?>
\ No newline at end of file diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index 1644181c..785ac5b1 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -46,29 +46,8 @@ <requirements>Dashboard package and Snort</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>widget-snort</name> - <version>0.2</version> + <version>0.5</version> <title>Widget - Snort</title> - <include_file>/usr/local/pkg/widget-snort.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/includes/</prefix> - <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/widgets/helpers/</prefix> - <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts_helper.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc</item> - </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> @@ -79,7 +58,4 @@ <chmod>0644</chmod> <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item> </additional_files_needed> - <custom_php_deinstall_command> - widget_snort_uninstall(); - </custom_php_deinstall_command> </packagegui> |