diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/snort/snort.inc | 19 | ||||
-rw-r--r-- | config/snort/snort_alerts.php | 3 | ||||
-rw-r--r-- | config/snort/snort_preprocessors.php | 11 |
3 files changed, 27 insertions, 6 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 54be4225..e7ba998b 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1221,6 +1221,8 @@ preprocessor dns: \ EOD; + $sensitive_data = "preprocessor sensitive_data:\n"; + /* stream5 queued settings */ $def_max_queued_bytes_type = ''; if (!empty($snortcfg['max_queued_bytes'])) @@ -1257,7 +1259,7 @@ EOD; $snort_preproc = array ( "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", - "sf_portscan", "dce_rpc_2", "dns_preprocessor" + "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data" ); $snort_preprocessors = ""; foreach ($snort_preproc as $preproc) { @@ -1274,9 +1276,16 @@ EOD; if (file_exists("{$snortcfgdir}/classification.config")) $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; if (is_dir("{$snortdir}/preproc_rules")) { - foreach (glob("{$snortdir}/preproc_rules/*.rules") as $file) { - $file = basename($file); - $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/{$file}\n"; + if ($snortcfg['sensitive_data'] && file_exists("{$snortdir}/preproc_rules/sensitive-data.rules")) + $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules/\n"; + + if (file_exists("{$snortdir}/preproc_rules/decoder.rules") && + file_exists("{$snortdir}/preproc_rules/preprocessor.rules")) { + $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; + $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; + } else { + $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; + log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); } } else { $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; @@ -1351,8 +1360,6 @@ preprocessor stream5_tcp: policy BSD, ports both all{$def_max_queued_bytes_type} preprocessor stream5_udp: preprocessor stream5_icmp: -preprocessor sensitive_data: - {$snort_preprocessors} # Ignore SSL and Encryption # diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index e05bd938..73c67415 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -334,6 +334,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { </table> </div> </td></tr></table> +<script type="text/javascript"> +sortable.reverse("myTable"); +</script> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 339c0168..6a5cca6e 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -65,6 +65,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; + $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data']; } if ($_POST) { @@ -86,6 +87,7 @@ if ($_POST) { $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; + $natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off'; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -299,6 +301,15 @@ include_once("head.inc"); vulnerabilities.</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Enable <br> Sensitive Data</td> + <td width="78%" class="vtable"> + <input name="sensitive_data" type="checkbox" value="on" + <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + Sensisitive data searches for CC or SS# in data + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> |