diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/snort-dev/snort.inc | 20 | ||||
-rw-r--r-- | config/snort-dev/snort.xml | 2 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces.php | 28 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 28 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_global.php | 21 |
5 files changed, 50 insertions, 49 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 5e49cad2..b1300e1a 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -293,7 +293,7 @@ rc_start_real() { # Start the interfaces - /usr/local/bin/snort -G $id$if_real -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q + /usr/local/bin/snort -G $id -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q sleep 3 AFTER_MEM=`/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{print $12}'` @@ -1295,7 +1295,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504] # ##################### -var RULE_PATH /usr/local/etc/snort/rules +var RULE_PATH /usr/local/etc/snort/snort_$id$if_real/rules # var PREPROC_RULE_PATH ./preproc_rules ################################ @@ -1336,17 +1336,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/ ################### preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy windows -preprocessor frag3_engine: policy linux -preprocessor frag3_engine: policy first preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ track_udp yes, track_icmp yes -preprocessor stream5_tcp: bind_to any, policy windows -preprocessor stream5_tcp: bind_to any, policy linux -preprocessor stream5_tcp: bind_to any, policy vista -preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp preprocessor stream5_icmp @@ -1358,7 +1351,7 @@ preprocessor stream5_icmp # ########################## -preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 +preprocessor perfmonitor: time 300 file /var/log/snort/snort_$id$if_real.stats pktcnt 10000 ################# # @@ -1370,7 +1363,6 @@ preprocessor http_inspect: global iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ ports { 80 8080 } \ - no_alerts \ non_strict \ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ flow_depth 0 \ @@ -1542,9 +1534,9 @@ $spoink_type # ################# -include /usr/local/etc/snort/reference.config -include /usr/local/etc/snort/classification.config -include /usr/local/etc/snort/threshold.conf +include /usr/local/etc/snort/snort_$id$if_real/reference.config +include /usr/local/etc/snort/snort_$id$if_real/classification.config +include /usr/local/etc/snort/snort_$id$if_real/threshold.conf # Snort user pass through configuration {$snort_config_pass_thru} diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 99b9b77e..6023a353 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -146,7 +146,7 @@ <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php.php</item> + <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 6a275ca7..877d6e6c 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -32,6 +32,10 @@ require("guiconfig.inc"); require("/usr/local/pkg/snort/snort_gui.inc"); +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); @@ -77,7 +81,7 @@ if (isset($_POST['del_x'])) { /* convert fake interfaces to real */ $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']); - $snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"ng0 -c\" | awk '{print $2;}'"); + $snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real -c\" | awk '{print $2;}'"); if ($snort_pid != "") { exec("/bin/sh /usr/local/etc/rc.d/snort_{$rulei}{$if_real}.sh stop"); @@ -142,6 +146,18 @@ if (isset($_POST['del_x'])) { } } + +/* start/stop snort */ +if ($_GET['act'] == "toggle" && $_GET['id'] != "") { + $if_real2 = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); + $snort_pid2 = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real2 -c\" | awk '{print $2;}'"); + if ($snort_pid2 != "") { + exec("/bin/sh /usr/local/etc/rc.d/snort_{$id}{$if_real2}.sh stop"); + }else{ + exec("/bin/sh /usr/local/etc/rc.d/snort_{$id}{$if_real2}.sh start"); + } +} + $pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.8 alpha"; include("head.inc"); @@ -205,7 +221,7 @@ padding: 15px 10px 50% 50px; <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> - <td width="3%" class="list"> </td> + <td width="4%" class="list"> </td> <td width="1%" class="list"> </td> <td width="10%" class="listhdrr">If</td> <td width="10%" class="listhdrr">Snort</td> @@ -217,25 +233,27 @@ padding: 15px 10px 50% 50px; <table border="0" cellspacing="0" cellpadding="1"> <tr> <td width="17"></td> - <td><a href="snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td><a href="snort_interfaces_edit.php"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> </table> </td> </tr> <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> <tr valign="top" id="fr<?=$nnats;?>"> - <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> - <td class="listt" align="center"></td> <?php /* convert fake interfaces to real and check if iface is up */ $if_real = convert_friendly_interface_to_real_interface_name($natent['interface']); $color_up = exec("/bin/ps -auwx | grep -v grep | grep \"{$nnats}{$if_real} -c\" | awk '{print $2;}'"); If ($color_up != "") { $class_color_up = "listbg2"; + $iconfn = "block"; }else{ $class_color_up = "listbg"; + $iconfn = "pass"; } ?> + <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 7px; height: 7px;"></td> + <td class="listt" align="center"></td> <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php if (!$natent['interface'] || ($natent['interface'] == "wan")) diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 410bb02b..cdf2f3e1 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -119,14 +119,28 @@ if ($_POST["Submit"]) { // $input_errors[] = "The target port range must be an integer between 1 and 65535."; // } - if ($_POST['interface'] == $pconfig['interface']) { - $input_errors[] = "The {$pconfig['interface']} interface is in use. Please select another interface."; - } - if ($pconfig['descr'] == "") { - $input_errors[] = "Please enter a description for your reference."; - } + // if ($config['installedpackages']['snortglobal']['rule']) { + if ($_POST['descr'] == "") { + $input_errors[] = "Please enter a description for your reference."; + } + + if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id_c = -1; + foreach ($rule_array as $value) { + $id_c += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + + if ($_POST['interface'] == $result_lan) { + $input_errors[] = "Interface $result_lan is in use. Please select another interface."; + } + } + } /* check for overlaps */ foreach ($a_nat as $natent) { @@ -169,8 +183,6 @@ if ($_POST["Submit"]) { write_config(); // stop_service("snort"); - //create_snort_conf(); - //create_barnyard2_conf(); if ($pconfig['interface'] != "") { sync_package_snort(); diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index a0c0ece2..9ee1a204 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -124,28 +124,7 @@ if ($_POST) { include("head.inc"); ?> <?php include("fbegin.inc"); ?> -<script language="JavaScript"> -<!-- - -/* make shure all the settings exist or function hide will not work */ -function enable_change(enable_change) { - var endis, radius_endis; - endis = !(document.iform.enable.checked || enable_change); -// radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change); - document.iform.snortdownload[0].disabled = endis; - document.iform.snortdownload[1].disabled = endis; - document.iform.snortdownload[2].disabled = endis; - document.iform.oinkmastercode.disabled = endis; - document.iform.emergingthreats.disabled = endis; - document.iform.rm_blocked.disabled = endis; - document.iform.autorulesupdate7.disabled = endis; - document.iform.whitelistvpns.disabled = endis; - document.iform.clickablalerteurls.disabled = endis; - document.iform.associatealertip.disabled = endis; -} -//--> -</script> <p class="pgtitle"><?=$pgtitle?></p> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php if ($input_errors) print_input_errors($input_errors); ?> |