aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/snort-dev/snort.inc20
-rw-r--r--config/snort-dev/snort.xml2
-rw-r--r--config/snort-dev/snort_interfaces.php28
-rw-r--r--config/snort-dev/snort_interfaces_edit.php28
-rw-r--r--config/snort-dev/snort_interfaces_global.php21
5 files changed, 50 insertions, 49 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 5e49cad2..b1300e1a 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -293,7 +293,7 @@ rc_start_real() {
# Start the interfaces
- /usr/local/bin/snort -G $id$if_real -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q
+ /usr/local/bin/snort -G $id -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q
sleep 3
AFTER_MEM=`/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{print $12}'`
@@ -1295,7 +1295,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
#
#####################
-var RULE_PATH /usr/local/etc/snort/rules
+var RULE_PATH /usr/local/etc/snort/snort_$id$if_real/rules
# var PREPROC_RULE_PATH ./preproc_rules
################################
@@ -1336,17 +1336,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/
###################
preprocessor frag3_global: max_frags 8192
-preprocessor frag3_engine: policy windows
-preprocessor frag3_engine: policy linux
-preprocessor frag3_engine: policy first
preprocessor frag3_engine: policy bsd detect_anomalies
preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
track_udp yes, track_icmp yes
-preprocessor stream5_tcp: bind_to any, policy windows
-preprocessor stream5_tcp: bind_to any, policy linux
-preprocessor stream5_tcp: bind_to any, policy vista
-preprocessor stream5_tcp: bind_to any, policy macos
preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes
preprocessor stream5_udp
preprocessor stream5_icmp
@@ -1358,7 +1351,7 @@ preprocessor stream5_icmp
#
##########################
-preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
+preprocessor perfmonitor: time 300 file /var/log/snort/snort_$id$if_real.stats pktcnt 10000
#################
#
@@ -1370,7 +1363,6 @@ preprocessor http_inspect: global iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
ports { 80 8080 } \
- no_alerts \
non_strict \
non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
flow_depth 0 \
@@ -1542,9 +1534,9 @@ $spoink_type
#
#################
-include /usr/local/etc/snort/reference.config
-include /usr/local/etc/snort/classification.config
-include /usr/local/etc/snort/threshold.conf
+include /usr/local/etc/snort/snort_$id$if_real/reference.config
+include /usr/local/etc/snort/snort_$id$if_real/classification.config
+include /usr/local/etc/snort/snort_$id$if_real/threshold.conf
# Snort user pass through configuration
{$snort_config_pass_thru}
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
index 99b9b77e..6023a353 100644
--- a/config/snort-dev/snort.xml
+++ b/config/snort-dev/snort.xml
@@ -146,7 +146,7 @@
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php.php</item>
+ <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index 6a275ca7..877d6e6c 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -32,6 +32,10 @@
require("guiconfig.inc");
require("/usr/local/pkg/snort/snort_gui.inc");
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
@@ -77,7 +81,7 @@ if (isset($_POST['del_x'])) {
/* convert fake interfaces to real */
$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']);
- $snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"ng0 -c\" | awk '{print $2;}'");
+ $snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real -c\" | awk '{print $2;}'");
if ($snort_pid != "") {
exec("/bin/sh /usr/local/etc/rc.d/snort_{$rulei}{$if_real}.sh stop");
@@ -142,6 +146,18 @@ if (isset($_POST['del_x'])) {
}
}
+
+/* start/stop snort */
+if ($_GET['act'] == "toggle" && $_GET['id'] != "") {
+ $if_real2 = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
+ $snort_pid2 = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real2 -c\" | awk '{print $2;}'");
+ if ($snort_pid2 != "") {
+ exec("/bin/sh /usr/local/etc/rc.d/snort_{$id}{$if_real2}.sh stop");
+ }else{
+ exec("/bin/sh /usr/local/etc/rc.d/snort_{$id}{$if_real2}.sh start");
+ }
+}
+
$pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.8 alpha";
include("head.inc");
@@ -205,7 +221,7 @@ padding: 15px 10px 50% 50px;
<div id="mainarea">
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
+ <td width="4%" class="list">&nbsp;</td>
<td width="1%" class="list">&nbsp;</td>
<td width="10%" class="listhdrr">If</td>
<td width="10%" class="listhdrr">Snort</td>
@@ -217,25 +233,27 @@ padding: 15px 10px 50% 50px;
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td width="17"></td>
- <td><a href="snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="snort_interfaces_edit.php"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
</tr>
<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
<tr valign="top" id="fr<?=$nnats;?>">
- <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
- <td class="listt" align="center"></td>
<?php
/* convert fake interfaces to real and check if iface is up */
$if_real = convert_friendly_interface_to_real_interface_name($natent['interface']);
$color_up = exec("/bin/ps -auwx | grep -v grep | grep \"{$nnats}{$if_real} -c\" | awk '{print $2;}'");
If ($color_up != "") {
$class_color_up = "listbg2";
+ $iconfn = "block";
}else{
$class_color_up = "listbg";
+ $iconfn = "pass";
}
?>
+ <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 7px; height: 7px;"></td>
+ <td class="listt" align="center"></td>
<td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
if (!$natent['interface'] || ($natent['interface'] == "wan"))
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 410bb02b..cdf2f3e1 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -119,14 +119,28 @@ if ($_POST["Submit"]) {
// $input_errors[] = "The target port range must be an integer between 1 and 65535.";
// }
- if ($_POST['interface'] == $pconfig['interface']) {
- $input_errors[] = "The {$pconfig['interface']} interface is in use. Please select another interface.";
- }
- if ($pconfig['descr'] == "") {
- $input_errors[] = "Please enter a description for your reference.";
- }
+ // if ($config['installedpackages']['snortglobal']['rule']) {
+ if ($_POST['descr'] == "") {
+ $input_errors[] = "Please enter a description for your reference.";
+ }
+
+ if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+
+ $rule_array = $config['installedpackages']['snortglobal']['rule'];
+ $id_c = -1;
+ foreach ($rule_array as $value) {
+ $id_c += 1;
+
+ $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
+ $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+
+ if ($_POST['interface'] == $result_lan) {
+ $input_errors[] = "Interface $result_lan is in use. Please select another interface.";
+ }
+ }
+ }
/* check for overlaps */
foreach ($a_nat as $natent) {
@@ -169,8 +183,6 @@ if ($_POST["Submit"]) {
write_config();
// stop_service("snort");
- //create_snort_conf();
- //create_barnyard2_conf();
if ($pconfig['interface'] != "") {
sync_package_snort();
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php
index a0c0ece2..9ee1a204 100644
--- a/config/snort-dev/snort_interfaces_global.php
+++ b/config/snort-dev/snort_interfaces_global.php
@@ -124,28 +124,7 @@ if ($_POST) {
include("head.inc");
?>
<?php include("fbegin.inc"); ?>
-<script language="JavaScript">
-<!--
-
-/* make shure all the settings exist or function hide will not work */
-function enable_change(enable_change) {
- var endis, radius_endis;
- endis = !(document.iform.enable.checked || enable_change);
-// radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change);
- document.iform.snortdownload[0].disabled = endis;
- document.iform.snortdownload[1].disabled = endis;
- document.iform.snortdownload[2].disabled = endis;
- document.iform.oinkmastercode.disabled = endis;
- document.iform.emergingthreats.disabled = endis;
- document.iform.rm_blocked.disabled = endis;
- document.iform.autorulesupdate7.disabled = endis;
- document.iform.whitelistvpns.disabled = endis;
- document.iform.clickablalerteurls.disabled = endis;
- document.iform.associatealertip.disabled = endis;
-}
-//-->
-</script>
<p class="pgtitle"><?=$pgtitle?></p>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php if ($input_errors) print_input_errors($input_errors); ?>