aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/snort/snort.inc7
-rw-r--r--config/snort/snort_alerts.php89
-rw-r--r--config/snort/snort_check_cron_misc.inc2
-rw-r--r--config/snort/snort_interfaces_edit.php20
-rw-r--r--config/snort/snort_interfaces_global.php12
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php2
-rw-r--r--config/snort/snort_rules.php2
7 files changed, 50 insertions, 84 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 149b6abb..677f0bca 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -353,7 +353,7 @@ function snort_get_real_interface($interface) {
by touch and rm, snort will lose sync and not log.
*/
-function post_delete_logs()
+function snort_post_delete_logs($snort_uuid = 0)
{
global $config, $g;
@@ -362,11 +362,12 @@ function post_delete_logs()
return;
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ if ($value['uuid'] != $snort_uuid)
+ continue;
$if_real = snort_get_real_interface($value['interface']);
- $snort_uuid = $value['uuid'];
$snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}";
- if ($if_real != '' && $snort_uuid != '') {
+ if ($if_real != '') {
$filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*");
unset($filelist[count($filelist) - 1]);
foreach ($filelist as $file)
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index c1336350..ae441131 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -44,15 +44,18 @@ $snort_load_mootools = 'yes';
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
+if ($_GET['instance'])
+ $instanceid = $_GET['instance'];
+if ($_POST['instance'])
+ $instanceid = $_POST['instance'];
+if (empty($instanceid))
+ $instanceid = 0;
+
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
-$snort_uuid = $a_instance[0]['uuid'];
-$if_real = snort_get_real_interface($a_instance[0]['interface']);
-if ($_POST['instance']) {
- $snort_uuid = $a_instance[$_POST['instance']]['uuid'];
- $if_real = snort_get_real_interface($a_instance[$_POST['instance']]['interface']);
-}
+$snort_uuid = $a_instance[$instanceid]['uuid'];
+$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
@@ -73,22 +76,22 @@ if ($_POST['save'])
write_config();
- header("Location: /snort/snort_alerts.php");
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
if ($_GET['action'] == "clear" || $_POST['clear']) {
if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
conf_mount_rw();
+ snort_post_delete_logs($snort_uuid);
@file_put_contents("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "");
- post_delete_logs();
/* XXX: This is needed is snort is run as snort user */
//mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
mwexec('/bin/chmod 660 /var/log/snort/*', true);
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
conf_mount_ro();
}
- header("Location: /snort/snort_alerts.php");
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
@@ -110,7 +113,7 @@ if ($_POST['download']) {
exec("/bin/rm /tmp/{$file_name}");
}
- header("Location: /snort/snort_alerts.php");
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
@@ -249,9 +252,7 @@ include_once("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
-
include_once("fbegin.inc");
-echo $snort_general_css;
/* refresh every 60 secs */
if ($pconfig['arefresh'] == 'on')
@@ -259,7 +260,6 @@ if ($pconfig['arefresh'] == 'on')
?>
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -286,10 +286,13 @@ if ($pconfig['arefresh'] == 'on')
<tr>
<td width="22%" class="vncell">Instance to inspect</td>
<td width="78%" class="vtable">
- <br/> <select name="instance" id="instance" class="formfld unkown" onChange="document.getElementById('formalert').submit()">
+ <br/> <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
- echo "<option value='{$id}'> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ $selected = "";
+ if ($id == $instanceid)
+ $selected = "selected";
+ echo "<option value='{$id}' {$selected}> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
}
?>
</select><br/> Choose which instance alerts you want to inspect.
@@ -364,53 +367,37 @@ if ($pconfig['arefresh'] == 'on')
if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert"))
@touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert");
- $logent = $anentries;
-
/* detect the alert file type */
if ($snortalertlogt == 'full')
$alerts_array = array_reverse(explode("\n\n", file_get_contents("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")));
else
$alerts_array = array_reverse(explode("\n", file_get_contents("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")));
-
-
if (is_array($alerts_array)) {
-
- $counter = 0;
- foreach($alerts_array as $fileline)
- {
-
- if($logent <= $counter)
- continue;
-
- $counter++;
+ foreach($alerts_array as $counter => $fileline) {
+ if (empty($fileline))
+ continue;
+ if ($counter > $anentries)
+ break;
/* Date */
$alert_date_str = get_snort_alert_date($fileline);
-
if($alert_date_str != '')
- {
$alert_date = $alert_date_str;
- }else{
+ else
$alert_date = 'empty';
- }
/* Discription */
$alert_disc_str = get_snort_alert_disc($fileline);
-
- if($alert_disc_str != '')
- {
- $alert_disc = $alert_disc_str;
- }else{
+ if(empty($alert_disc_str))
$alert_disc = 'empty';
- }
+ else
+ $alert_disc = $alert_disc_str;
/* Classification */
$alert_class_str = get_snort_alert_class($fileline);
-
if($alert_class_str != '')
{
-
$alert_class_match = array('[Classification:',']');
$alert_class = str_replace($alert_class_match, '', "$alert_class_str");
}else{
@@ -419,7 +406,6 @@ if ($pconfig['arefresh'] == 'on')
/* Priority */
$alert_priority_str = get_snort_alert_priority($fileline);
-
if($alert_priority_str != '')
{
$alert_priority_match = array('Priority: ',']');
@@ -447,7 +433,6 @@ if ($pconfig['arefresh'] == 'on')
/* IP SRC */
$alert_ip_src_str = get_snort_alert_ip_src($fileline);
-
if($alert_ip_src_str != '')
{
$alert_ip_src = $alert_ip_src_str;
@@ -457,7 +442,6 @@ if ($pconfig['arefresh'] == 'on')
/* IP SRC Port */
$alert_src_p_str = get_snort_alert_src_p($fileline);
-
if($alert_src_p_str != '')
{
$alert_src_p_match = array(' -',':');
@@ -468,7 +452,6 @@ if ($pconfig['arefresh'] == 'on')
/* Flow */
$alert_flow_str = get_snort_alert_flow($fileline);
-
if($alert_flow_str != '')
{
$alert_flow = $alert_flow_str;
@@ -478,7 +461,6 @@ if ($pconfig['arefresh'] == 'on')
/* IP Destination */
$alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
-
if($alert_ip_dst_str != '')
{
$alert_ip_dst = $alert_ip_dst_str;
@@ -516,8 +498,6 @@ if ($pconfig['arefresh'] == 'on')
}
/* NOTE: using one echo improves performance by 2x */
- if ($alert_disc != 'empty')
- {
echo "<tr id=\"{$counter}\">
<td class=\"centerAlign\">{$counter}</td>
<td class=\"centerAlign\">{$alert_priority}</td>
@@ -532,31 +512,16 @@ if ($pconfig['arefresh'] == 'on')
<td class=\"centerAlign\">{$alert_sid}</td>
<td>{$alert_date}</td>
</tr>\n";
- }
-
- // <script type="text/javascript">
- // var myTable = {};
- // window.addEvent('domready', function(){
- // myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
- // });
- // </script>
-
}
}
-
?>
</tbody>
</table>
</td>
</table>
-
</div>
-
<?php
include("fend.inc");
-
-echo $snort_custom_rnd_box;
-
?>
</body>
</html>
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index 84f62a0d..ccdaa758 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -70,7 +70,7 @@ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
conf_mount_rw();
if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB)
@file_put_contents("{$snort_log_dir}/alert", "");
- post_delete_logs();
+ snort_post_delete_logs($snort_uuid);
conf_mount_ro();
}
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 182d0e76..12cb9b00 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -466,7 +466,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top" class="vncellreq2">Interface</td>
<td width="78%" class="vtable">
- <select name="interface" class="formfld">
+ <select name="interface" class="formselect">
<?php
if (function_exists('get_configured_interface_with_descr'))
$interfaces = get_configured_interface_with_descr();
@@ -495,8 +495,8 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell2">Memory Performance</td>
- <td width="78%" class="vtable"><select name="performance"
- class="formfld" id="performance">
+ <td width="78%" class="vtable">
+ <select name="performance" class="formselect" id="performance">
<?php
$interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS');
foreach ($interfaces2 as $iface2 => $ifacename2): ?>
@@ -518,8 +518,8 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell2">Home net</td>
- <td width="78%" class="vtable"><select name="homelistname"
- class="formfld" id="homelistname">
+ <td width="78%" class="vtable">
+ <select name="homelistname" class="formselect" id="homelistname">
<?php
echo "<option value='default' >default</option>";
/* find whitelist names and filter by type */
@@ -545,8 +545,8 @@ function enable_change(enable_change) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell2">External net</td>
- <td width="78%" class="vtable"><select name="externallistname"
- class="formfld" id="externallistname">
+ <td width="78%" class="vtable">
+ <select name="externallistname" class="formselect" id="externallistname">
<?php
echo "<option value='default' >default</option>";
/* find whitelist names and filter by type */
@@ -589,7 +589,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top" class="vncell2">Which ip to block</td>
<td width="78%" class="vtable">
- <select name="blockoffendersip" class="formfld" id="blockoffendersip">
+ <select name="blockoffendersip" class="formselect" id="blockoffendersip">
<?php
foreach (array("src", "dst", "both") as $btype) {
if ($btype == $pconfig['blockoffendersip'])
@@ -606,7 +606,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top" class="vncell2">Whitelist</td>
<td width="78%" class="vtable">
- <select name="whitelistname" class="formfld" id="whitelistname">
+ <select name="whitelistname" class="formselect" id="whitelistname">
<?php
/* find whitelist names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
@@ -633,7 +633,7 @@ function enable_change(enable_change) {
<td width="22%" valign="top" class="vncell2">Suppression and
filtering</td>
<td width="78%" class="vtable">
- <select name="suppresslistname" class="formfld" id="suppresslistname">
+ <select name="suppresslistname" class="formselect" id="suppresslistname">
<?php
echo "<option value='default' >default</option>\n";
if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index c49390a1..acfcfde9 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -297,8 +297,8 @@ enable JavaScript to view this content
<tr>
<td width="22%" valign="top" class="vncell2">Update rules
automatically</td>
- <td width="78%" class="vtable"><select name="autorulesupdate7"
- class="formfld" id="autorulesupdate7">
+ <td width="78%" class="vtable">
+ <select name="autorulesupdate7" class="formselect" id="autorulesupdate7">
<?php
$interfaces3 = array('never_up' => 'NEVER', '6h_up' => '6 HOURS', '12h_up' => '12 HOURS', '1d_up' => '1 DAY', '4d_up' => '4 DAYS', '7d_up' => '7 DAYS', '28d_up' => '28 DAYS');
foreach ($interfaces3 as $iface3 => $ifacename3): ?>
@@ -361,8 +361,8 @@ enable JavaScript to view this content
<tr>
<td width="22%" valign="top" class="vncell2">Remove blocked hosts
every</td>
- <td width="78%" class="vtable"><select name="rm_blocked"
- class="formfld" id="rm_blocked">
+ <td width="78%" class="vtable">
+ <select name="rm_blocked" class="formselect" id="rm_blocked">
<?php
$interfaces3 = array('never_b' => 'NEVER', '1h_b' => '1 HOUR', '3h_b' => '3 HOURS', '6h_b' => '6 HOURS', '12h_b' => '12 HOURS', '1d_b' => '1 DAY', '4d_b' => '4 DAYS', '7d_b' => '7 DAYS', '28d_b' => '28 DAYS');
foreach ($interfaces3 as $iface3 => $ifacename3): ?>
@@ -378,8 +378,8 @@ enable JavaScript to view this content
<tr>
<td width="22%" valign="top" class="vncell2">Alerts file description
type</td>
- <td width="78%" class="vtable"><select name="snortalertlogtype"
- class="formfld" id="snortalertlogtype">
+ <td width="78%" class="vtable">
+ <select name="snortalertlogtype" class="formselect" id="snortalertlogtype">
<?php
$interfaces4 = array('full' => 'FULL', 'fast' => 'SHORT');
foreach ($interfaces4 as $iface4 => $ifacename4): ?>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index fe3c54a5..a546c642 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -272,7 +272,7 @@ echo $snort_general_css;
<strong>NETLIST:</strong>&nbsp;&nbsp;&nbsp;This list is for defining
addresses as $HOME_NET or $EXTERNAL_NET in the snort.conf file.</div>
- <select name="snortlisttype" class="formfld" id="snortlisttype">
+ <select name="snortlisttype" class="formselect" id="snortlisttype">
<?php
$interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
foreach ($interfaces4 as $iface4 => $ifacename4): ?>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index d04e1b41..56c68980 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -282,7 +282,7 @@ function popup(url)
<tr>
<td class="listt" colspan="8">
<br>Category:
- <select id="selectbox" name="selectbox" class="formfld" onChange="go()">
+ <select id="selectbox" name="selectbox" class="formselect" onChange="go()">
<?php
foreach ($files as $value) {
echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' ";