aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/snort/snort.inc255
-rw-r--r--config/snort/snort.xml10
-rw-r--r--config/snort/snort_alerts.php57
-rw-r--r--config/snort/snort_barnyard.php70
-rw-r--r--config/snort/snort_blocked.php53
-rw-r--r--config/snort/snort_check_cron_misc.inc1
-rw-r--r--config/snort/snort_check_for_rule_updates.php2
-rw-r--r--config/snort/snort_define_servers.php76
-rw-r--r--config/snort/snort_download_rules.php238
-rw-r--r--config/snort/snort_download_updates.php112
-rw-r--r--config/snort/snort_dynamic_ip_reload.php4
-rw-r--r--config/snort/snort_head.inc130
-rw-r--r--config/snort/snort_interfaces.php119
-rw-r--r--config/snort/snort_interfaces_edit.php203
-rw-r--r--config/snort/snort_interfaces_global.php130
-rw-r--r--config/snort/snort_interfaces_suppress.php76
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php33
-rw-r--r--config/snort/snort_interfaces_whitelist.php70
-rw-r--r--config/snort/snort_interfaces_whitelist_edit.php48
-rw-r--r--config/snort/snort_preprocessors.php85
-rw-r--r--config/snort/snort_rules.php124
-rw-r--r--config/snort/snort_rules_edit.php123
-rw-r--r--config/snort/snort_rulesets.php103
23 files changed, 661 insertions, 1461 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 76cb563d..873c5f79 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -51,10 +51,10 @@ else
/* find out if were in 1.2.3-RELEASE */
$pfsense_ver_chk = trim(file_get_contents("/etc/version"), " \n");
-if (strstr($pfsense_ver_chk, "1.2.3"))
- $snort_pfsense_basever = 'yes';
-else
+if (intval($config['version']) > 6)
$snort_pfsense_basever = 'no';
+else
+ $snort_pfsense_basever = 'yes';
/* find out what arch where in x86 , x64 */
$snort_arch_ck = php_uname("m");
@@ -99,14 +99,15 @@ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $v
global $config, $g, $snort_pfsense_basever;
/* build an interface array list */
- if ($snort_pfsense_basever == 'yes') {
+ if (function_exists('get_configured_interface_list'))
+ $int_array = get_configured_interface_list();
+ else {
$int_array = array('lan');
for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
if(isset($config['interfaces']['opt' . $j]['enable']))
if(isset($config['interfaces']['opt' . $j]['gateway']))
$int_array[] = "opt{$j}";
- } else
- $int_array = get_configured_interface_list();
+ }
$home_net = "";
@@ -342,27 +343,30 @@ function Running_Start($snort_uuid, $if_real, $id) {
}
/* get the real iface name of wan */
-function convert_friendly_interface_to_real_interface_name2($interface)
-{
+function snort_get_real_interface($interface) {
global $config;
$lc_interface = strtolower($interface);
- if ($lc_interface == "lan") {
- if ($config['inerfaces']['lan'])
- return $config['interfaces']['lan']['if'];
- return $interface;
- }
- if ($lc_interface == "wan")
- return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
- $ifname = "opt{$j}";
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
- return $config['interfaces'][$ifname]['if'];
- }
-
+ if (function_exists('get_real_interface'))
+ return get_real_interface($lc_interface);
+ else {
+ if ($lc_interface == "lan") {
+ if ($config['inerfaces']['lan'])
+ return $config['interfaces']['lan']['if'];
+ return $interface;
+ }
+ if ($lc_interface == "wan")
+ return $config['interfaces']['wan']['if'];
+ $ifdescrs = array();
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifname = "opt{$j}";
+ if(strtolower($ifname) == $lc_interface)
+ return $config['interfaces'][$ifname]['if'];
+ if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
+ return $config['interfaces'][$ifname]['if'];
+ }
+ }
+
return $interface;
}
@@ -426,7 +430,7 @@ function post_delete_logs()
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
$result_lan = $value['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
$snort_uuid = $value['uuid'];
if ($if_real != '' && $snort_uuid != '') {
@@ -456,7 +460,7 @@ function post_delete_logs()
//if ($value['barnyard_enable'] == 'on')
//create_barnyard2_conf($id, $if_real, $snort_uuid);
- if ($value['perform_stat'] == on)
+ if ($value['perform_stat'] == 'on')
file_put_contents("/var/log/snort/snort_{$snort_uuid}_{$if_real}.stats", "");
}
}
@@ -606,23 +610,23 @@ function snort_postinstall()
$snort_tmp_pkg_dir = "{$g['tmp_path']}/pkg_s";
chdir('$snort_tmp_pkg_dir');
- update_status(gettext("Installing perl-threaded for {$snort_arch}..."));
- update_output_window(gettext("Please wait downloading..."));
- if ($snort_pfsense_basever == 'yes')
+ /* XXX: remove compeletely? */
+ if ($snort_pfsense_basever == 'yes') {
+ update_status(gettext("Installing perl-threaded for {$snort_arch}..."));
+ update_output_window(gettext("Please wait downloading..."));
exec("/usr/bin/fetch http://files.pfsense.org/packages/snort/7.3x86/perl-threaded-5.12.1_1.tbz");
- else if ($snort_pfsense_basever == 'no')
- exec("/usr/bin/fetch http://files.pfsense.org/packages/snort//8.1{$snort_arch}/perl-threaded-5.12.1_1.tbz");
- update_output_window(gettext("Please wait Installing..."));
- if (file_exists("{$snort_tmp_pkg_dir}/perl-threaded-5.12.1_1.tbz"))
- exec("/usr/sbin/pkg_add -f {$snort_tmp_pkg_dir}/perl-threaded-5.12.1_1.tbz");
+ update_output_window(gettext("Please wait Installing..."));
+ if (file_exists("{$snort_tmp_pkg_dir}/perl-threaded-5.12.1_1.tbz"))
+ exec("/usr/sbin/pkg_add -f {$snort_tmp_pkg_dir}/perl-threaded-5.12.1_1.tbz");
+
+ update_output_window(gettext("Finnished Installing perl-threaded..."));
+ }
update_output_window(gettext("Please wait Cleaning Up..."));
if (is_dir($snort_tmp_pkg_dir))
exec("/bin/rm -r {$snort_tmp_pkg_dir}");
- update_output_window(gettext("Finnished Installing perl-threaded..."));
-
/* back to default */
chdir('/root/');
@@ -639,7 +643,6 @@ function snort_postinstall()
}
conf_mount_ro();
-
}
function sync_package_snort_reinstall()
@@ -674,13 +677,11 @@ function snort_snortloglimit_install_cron($should_install) {
if ($g['booting']==true)
return;
-
- $is_installed = false;
-
if (!is_array($config['cron']['item']))
$config['cron']['item'] = array();
$x=0;
+ $is_installed = false;
foreach($config['cron']['item'] as $item) {
if (strstr($item['command'], '/usr/local/pkg/snort/snort_check_cron_misc.inc')) {
$is_installed = true;
@@ -705,24 +706,14 @@ function snort_snortloglimit_install_cron($should_install) {
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
$config['cron']['item'][] = $cron_item;
- write_config('Installed snort log limit size'); /* XXX */
- conf_mount_rw();
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
}
break;
case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config(); /* XXX */
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
+ if($is_installed == true)
+ unset($config['cron']['item'][$x]);
break;
}
+ configure_cron();
}
@@ -733,13 +724,11 @@ function snort_rm_blocked_install_cron($should_install)
if ($g['booting']==true)
return;
-
- $is_installed = false;
-
- if(!is_array($config['cron']['item']))
+ if (!is_array($config['cron']['item']))
$config['cron']['item'] = array();
$x=0;
+ $is_installed = false;
foreach($config['cron']['item'] as $item) {
if (strstr($item['command'], "snort2c")) {
$is_installed = true;
@@ -825,24 +814,14 @@ function snort_rm_blocked_install_cron($should_install)
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
$config['cron']['item'][] = $cron_item;
- write_config("Installed $snort_rm_blocked_info_ck minute filter reload for Time Based Rules"); /* XXX */
- conf_mount_rw();
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
}
break;
case false:
- if ($is_installed == true) {
- if ($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config(); /* XXX */
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
+ if ($is_installed == true)
+ unset($config['cron']['item'][$x]);
break;
}
+ configure_cron();
}
/* func to install snort update */
@@ -851,13 +830,11 @@ function snort_rules_up_install_cron($should_install) {
if ($g['booting']==true)
return;
-
- $is_installed = false;
-
if(!$config['cron']['item'])
$config['cron']['item'] = array();
$x=0;
+ $is_installed = false;
foreach($config['cron']['item'] as $item) {
if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
$is_installed = true;
@@ -920,24 +897,14 @@ function snort_rules_up_install_cron($should_install) {
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log";
$config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules"); /* XXX */
- cont_mount_rw();
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
}
break;
case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config(); /* XXX */
- conf_mount_rw();
- }
- configure_cron();
- exec('/usr/bin/killall -HUP cron'); // TODO: remove when 2.0 is stable
- }
+ if($is_installed == true)
+ unset($config['cron']['item'][$x]);
break;
}
+ configure_cron();
}
function sync_snort_package_remove_old()
@@ -963,7 +930,7 @@ function sync_snort_package_remove_old()
$rule_array2 = $config['installedpackages']['snortglobal']['rule'];
foreach ($rule_array2 as $id => $value) {
$result_lan = $value['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
$snort_rules_list[] = "snort_{$id}{$if_real}";
}
@@ -1013,26 +980,17 @@ function sync_snort_package()
$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
- $write_config = false;
-
- if ($snortloglimit == '') {
+ if ($snortloglimit == '')
/* code will set limit to 21% of slice that is unused */
$config['installedpackages']['snortglobal']['snortloglimit'] = 'on';
- $write_config = true;
- }
if ($snortloglimitsize == '') {
/* code will set limit to 21% of slice that is unused */
$snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
$config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize;
- $write_config = true;
}
- $snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
- if ($snort_snortloglimit_info_ck == '') {
- snort_snortloglimit_install_cron('');
- snort_snortloglimit_install_cron('true');
- }
+ snort_snortloglimit_install_cron($config['installedpackages']['snortglobal']['snortloglimit'] == 'on' ? true : false);
/* XXX: Really need write_config here? */
write_config();
@@ -1056,14 +1014,14 @@ function sync_snort_package_all($id, $if_real, $snort_uuid)
/* do not start config build if rules is empty */
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
- if (empty($config['installedpackages']['snortglobal']['rule'][$id]))
+ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]))
return;
conf_mount_rw();
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
$result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
/* create snort configuration file */
create_snort_conf($id, $if_real, $snort_uuid);
@@ -1105,13 +1063,13 @@ function sync_snort_package_empty()
//exec("/sbin/sysctl net.inet.tcp.rfc1323=1");
/* do not start config build if rules is empty */
- if (is_array($config['installedpackages']['snortglobal']['rule']))
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
conf_mount_rw();
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $if_real = convert_friendly_interface_to_real_interface_name($value['interface']);
+ $if_real = snort_get_real_interface($value['interface']);
$snort_uuid = $value['uuid'];
if ($if_real != '' && $snort_uuid != '') {
@@ -1167,7 +1125,7 @@ function sync_snort_package_config()
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
$result_lan = $value['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
$snort_uuid = $value['uuid'];
if (!empty($if_real) && !empty($snort_uuid)) {
@@ -1341,7 +1299,7 @@ function create_snort_sh()
foreach ($snortconf as $value) {
$snort_uuid = $value['uuid'];
$result_lan = $value['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
/* define snortbarnyardlog_chk */
$snortbarnyardlog_info_chk = $value['barnyard_enable'];
@@ -1633,8 +1591,8 @@ function create_snort_conf($id, $if_real, $snort_uuid)
{
global $config, $g;
- if ($if_real != '' && $snort_uuid != '') {
- if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf")) {
+ if (!empty($if_real)&& !empty($snort_uuid)) {
+ if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}")) {
exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
@touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
}
@@ -1643,8 +1601,6 @@ function create_snort_conf($id, $if_real, $snort_uuid)
if (empty($snort_conf_text))
return;
- conf_mount_rw();
-
/* write out snort.conf */
$conf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf", "w");
if(!$conf) {
@@ -1653,8 +1609,6 @@ function create_snort_conf($id, $if_real, $snort_uuid)
}
fwrite($conf, $snort_conf_text);
fclose($conf);
-
- conf_mount_ro();
}
}
@@ -1667,29 +1621,23 @@ function snort_deinstall()
/* decrease bpf buffers back to 4096, from 20480 */
exec('/sbin/sysctl net.bpf.bufsize=4096');
- exec('/usr/usr/bin/killall snort');
+ mwexec('/usr/bin/killall snort', true);
sleep(2);
- exec('/usr/usr/bin/killall -9 snort');
+ mwexec('/usr/bin/killall -9 snort', true);
sleep(2);
- exec('/usr/usr/bin/killall barnyard2');
+ mwexec('/usr/bin/killall barnyard2', true);
sleep(2);
- exec('/usr/usr/bin/killall -9 barnyard2');
+ mwexec('/usr/bin/killall -9 barnyard2', true);
sleep(2);
- exec('/usr/sbin/pw userdel snort');
- exec('/usr/sbin/pw groupdel snort');
- exec('/bin/rm -rf /usr/local/etc/snort*');
- exec('/bin/rm -rf /usr/local/pkg/snort*');
- exec('/bin/rm -rf /usr/local/pkg/pf/snort*');
-
- exec("cd /var/db/pkg && pkg_delete -x snort");
- exec("cd /var/db/pkg && pkg_delete -x perl-threaded");
- exec("cd /var/db/pkg && pkg_delete -x mysql-client-5.1.50_1");
- exec('/bin/rm -r /usr/local/bin/barnyard2');
-
- /* TODO: figure out how to detect pfsense packages that use the same freebsd pkckages and not deinstall */
- //exec("cd /var/db/pkg && pkg_delete `ls | grep perl`");
- //exec("cd /var/db/pkg && pkg_delete `ls | grep barnyard2`");
- //exec("cd /var/db/pkg && pkg_delete `ls | grep pcre`"); // Never remove pcre or pfsense will break
+ mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
+ mwexec('/bin/rm -rf /usr/local/etc/snort*; /bin/rm -rf /usr/local/pkg/snort*; /bin/rm -rf /usr/local/pkg/pf/snort*', true);
+
+ /* XXX */
+ mwexec("/usr/sbin/pkg_delete -x snort", true);
+ mwexec("/usr/sbin/pkg_delete -x perl-threaded", true);
+ mwexec("/usr/sbin/pkg_delete -x mysql-client-5.1.50_1", true);
+ mwexec('/bin/rm -r /usr/local/bin/barnyard2', true);
+ mwexec('/bin/rm -rf /usr/local/www/snort; /bin/rm -rf /usr/local/lib/snort; /bin/rm -rf /var/log/snort; /bin/rm -rf /usr/local/pkg/snort, true');
/* Remove snort cron entries Ugly code needs smoothness*/
if (!function_exists('snort_deinstall_cron')) {
@@ -1717,6 +1665,7 @@ function snort_deinstall()
snort_deinstall_cron("snort2c");
snort_deinstall_cron("snort_check_for_rule_updates.php");
+ snort_deinstall_cron("/usr/local/pkg/snort/snort_check_cron_misc.inc");
/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
/* Keep this as a last step */
@@ -1725,24 +1674,17 @@ function snort_deinstall()
write_config(); /* XXX */
conf_mount_rw();
-
- exec('rm -rf /usr/local/www/snort');
- exec('rm -rf /usr/local/lib/snort/');
- exec('rm -rf /var/log/snort/');
- exec('rm -rf /usr/local/pkg/snort');
}
function generate_snort_conf($id, $if_real, $snort_uuid)
{
- global $config, $g;
+ global $config, $g, $snort_pfsense_basever;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
$snortcfg =& $config['installedpackages']['snortglobal']['rule'][$id];
- conf_mount_rw();
-
/* custom home nets */
$home_net = create_snort_homenet($id, $if_real);
@@ -1762,14 +1704,14 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
if (!is_dir("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}");
- @copy("/usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
- @copy("/usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
- @copy("/usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
- @copy("/usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
- @copy("/usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
- @copy("/usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
- @copy("/usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
- @touch("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
+ exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/gen-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config");
+ exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config");
+ exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/unicode.map");
+ exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf");
+ exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf");
+ exec("/bin/cp /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
if (!is_dir("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules"))
exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/rules");
@@ -1778,31 +1720,29 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
$snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
/* define snortalertlogtype */
- $snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype'];
- if ($snortalertlogtype == "fast")
+ if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
$snortalertlogtype_type = "output alert_fast: alert";
else
$snortalertlogtype_type = "output alert_full: alert";
/* define alertsystemlog */
- $alertsystemlog_type = $snortcfg['alertsystemlog'];
- if ($alertsystemlog_type == "on")
+ $alertsystemlog_type = "";
+ if ($snortcfg['alertsystemlog'] == "on")
$alertsystemlog_type = "output alert_syslog: log_alert";
/* define tcpdumplog */
- $tcpdumplog_info_chk = $snortcfg['tcpdumplog'];
- if ($tcpdumplog_info_chk == "on")
+ $tcpdumplog_type = "";
+ if ($snortcfg['tcpdumplog'] == "on")
$tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
/* define snortunifiedlog */
- $snortunifiedlog_info_chk = $snortcfg['snortunifiedlog'];
- if ($snortunifiedlog_info_chk == "on")
+ $snortunifiedlog_type = "";
+ if ($snortcfg['snortunifiedlog'] == "on")
$snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
/* define spoink */
- $spoink_info_chk = $snortcfg['blockoffenders7'];
- if ($spoink_info_chk == "on") {
-
+ $spoink_type = "";
+ if ($snortcfg['blockoffenders7'] == "on") {
if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['whitelistname'], $wlist_name_file)) {
if ($wlist_name_file[0] == 'default')
$spoink_whitelist_name = 'defaultwlist';
@@ -1814,8 +1754,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
}
/* define threshold file */
- $threshold_info_chk = $snortcfg['suppresslistname'];
- if ($threshold_info_chk != 'default') {
+ if ($snortcfg['suppresslistname'] != 'default') {
if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['suppresslistname'], $slist_name_file2)) {
$threshold_name = $slist_name_file2[0];
$threshold_file_name = "include /usr/local/etc/snort/suppress/{$threshold_name}";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index d133232d..9d14c9ec 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -77,11 +77,6 @@
<additional_files_needed>
<prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_head.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item>
</additional_files_needed>
<additional_files_needed>
@@ -199,11 +194,6 @@
<chmod>077</chmod>
<item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.php</item>
</additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/etc/rc.d/</prefix>
- <chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort.sh</item>
- </additional_files_needed>
<fields>
</fields>
<custom_add_php_command>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index f89d99ef..e5e85237 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -252,25 +252,15 @@ function get_snort_alert_sid($fileline)
}
$pgtitle = "Services: Snort: Snort Alerts";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
-include("fbegin.inc");
+include_once("fbegin.inc");
echo $snort_general_css;
/* refresh every 60 secs */
@@ -278,34 +268,25 @@ if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li class="newtabmenu_active"><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
- <tr>
- <td>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
<div id="mainarea2">
<table class="tabcont" width="100%" border="1" cellspacing="0"
cellpadding="0">
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 17c49689..e54ce831 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -137,23 +137,13 @@ if (isset($id) && $a_nat[$id]) {
if (isset($_GET['dup']))
unset($id);
-$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+$if_real = snort_get_real_interface($pconfig['interface']);
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]))
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
- if (file_exists($d_snortconfdirty_path)) {
- write_config();
- sync_snort_package();
- unlink($d_snortconfdirty_path);
- }
-}
-
-
if ($_POST["Submit"]) {
/* XXX: Mising error reporting?!
@@ -257,7 +247,6 @@ if ($_POST["Submit"]) {
write_config();
sync_snort_package_all($id, $if_real, $snort_uuid);
- touch($d_snortconfdirty_path);
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -272,7 +261,7 @@ if ($_POST["Submit"]) {
}
$pgtitle = "Snort: Interface: $id$if_real Barnyard2 Edit";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
<body
@@ -286,10 +275,6 @@ include("/usr/local/pkg/snort/snort_head.inc");
echo "{$snort_general_css}\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2">
<noscript>
@@ -334,7 +319,7 @@ echo "
print_info_box2($savemsg);
}
- if (file_exists($d_snortconfdirty_path)) {
+ if (0 && file_exists($d_snortconfdirty_path)) {
echo '<p>';
if($savemsg) {
@@ -350,27 +335,26 @@ echo "
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl"><?php
- if($id != "")
- {
-
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
-
- }
- ?></td>
- </tr>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
@@ -468,10 +452,10 @@ echo "
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn"
- value="Save"><input type="button" class="formbtn" value="Cancel"
- onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 233337a1..b9392cdf 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -116,7 +116,7 @@ if ($_POST['save'])
/* no errors */
if (!$input_errors)
{
- $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off;
+ $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
write_config();
@@ -203,24 +203,15 @@ if ($blockedtab_msg_chk != "never_b")
}
$pgtitle = "Services: Snort Blocked Hosts";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
-
<?php
-include("fbegin.inc");
+include_once("fbegin.inc");
echo $snort_general_css;
/* refresh every 60 secs */
@@ -228,10 +219,6 @@ if ($pconfig['brefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<!-- not needed maybe
@@ -239,26 +226,20 @@ if ($pconfig['brefresh'] == 'on')
<script src="/javascript/sorttable.js" type="text/javascript"></script>
--> <?php if ($savemsg) print_info_box($savemsg); ?>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li class="newtabmenu_active"><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
-
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
<tr>
<td>
<div id="mainarea2">
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index be16c519..bf8566e2 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -74,5 +74,4 @@ if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
}
-
?>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 4f87f1f9..7e97c510 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -759,7 +759,7 @@ if (is_array($config['installedpackages']['snortglobal']['rule']))
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
$result_lan = $value['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
$iface_uuid = $value['uuid'];
/* make oinkmaster.conf for each interface rule */
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 735ea78f..68b5710a 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -136,7 +136,7 @@ if (isset($id) && $a_nat[$id]) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
@@ -234,7 +234,6 @@ if ($_POST["Submit"]) {
write_config();
sync_snort_package_all($id, $if_real, $snort_uuid);
- touch($d_snortconfdirty_path);
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -249,33 +248,20 @@ if ($_POST["Submit"]) {
}
}
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
- sync_snort_package();
- unlink($d_snortconfdirty_path);
- }
-}
-
$pgtitle = "Snort: Interface $id$if_real Define Servers";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
<body
link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php
+include("fbegin.inc");
+if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-<?php
echo "{$snort_general_css}\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2">
<noscript>
@@ -315,28 +301,27 @@ enable JavaScript to view this content
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl"><?php
- if($id != "")
- {
-
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
-
- }
- ?></td>
- </tr>
- <tr>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), true, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<?php
@@ -637,10 +622,11 @@ enable JavaScript to view this content
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn"
- value="Save"> <input type="button" class="formbtn" value="Cancel"
- onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index c8c66795..e830063d 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -48,7 +48,7 @@ $pfsense_rules_filename = "pfsense_rules.tar.gz";
$id_d = $_GET['id_d'];
if (isset($_POST['id_d']))
-$id_d = $_POST['id_d'];
+ $id_d = $_POST['id_d'];
/* Time stamps define */
$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
@@ -81,89 +81,59 @@ if (file_exists('/var/run/snort.conf.dirty')) {
$pgtitle = "Services: Snort: Update Rules";
-include("/usr/local/pkg/snort/snort_head.inc");
+include("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<!-- before fbegin -->
-
-<?php //include("./snort_fbegin.inc"); ?>
-
-
-<div id="wrapper" style="top: 200px">
-<div id="content">
-<div id="right" style="min-height: 200px"><br>
-
-<!-- after fbegin --> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<form action="./snort_testing.php" method="post">
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<form action="/snort/snort_testing.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td></td>
- </tr>
- <br>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6"
- cellspacing="0">
- <tr>
- <td align="center" valign="top"><!-- progress bar -->
- <table id="progholder" width='420'
+<tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td ><!-- progress bar -->
+ <table id="progholder" width='320'
style='border-collapse: collapse; border: 1px solid #000000;'
cellpadding='2' cellspacing='2'>
- <tr>
- <td><img border='0'
+ <tr>
+ <td><img border='0'
src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
width='280' height='23' name='progressbar' id='progressbar'
- alt='' /></td>
- </tr>
- </table>
- <br />
- <!-- status box --> <textarea cols="60" rows="2" name="status"
- id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea> <!-- command output box --> <textarea
- cols="60" rows="2" name="output" id="output" wrap="hard">
- </textarea></td>
- </tr>
+ alt='' />
+ </td>
+ </tr>
+ </table>
+ <br />
+ <!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
+ <?=gettext("Initializing...");?>
+ </textarea>
+ <!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
+ </textarea>
+ </td>
+ </tr>
</table>
- </div>
- </td>
- </tr>
+ </div>
+ </td>
+</tr>
+<tr><td><a href="/snort/snort_download_updates.php"><input type="button" Value="Return"></a></td></tr>
</table>
-<form>
-
-<style type="text/css">
-#footer {
- position: relative;
- background-color: transparent;
- background-repeat: no-repeat;
- background-attachment: scroll;
- background-position: 0% 0%;
- top: -18px;
- left: 0px;
- width: 810px;
- height: 75px;
- color: #ffffff;
- text-align: center;
- font-size: 0.9em;
- padding-top: 0px;
- margin-bottom: 0px;
- clear: both;
-}
-</style>
-
-<?php include("fend.inc");?> <?php
+</form>
+
+<?php include("fend.inc");?>
+</body>
+</html>
+<?php
/* Start of code */
-/* Begin main code */
conf_mount_rw();
-if (!file_exists('/usr/local/etc/snort/tmp')) {
+if (!is_dir('/usr/local/etc/snort/tmp')) {
exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
}
@@ -176,17 +146,15 @@ $config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-
/* send current buffer */
ob_flush();
-conf_mount_rw();
/* hide progress bar */
hide_progress_bar_status();
/* send current buffer */
ob_flush();
-conf_mount_rw();
/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
+if (is_dir("{$tmpfname}")) {
update_status(gettext("Removing old tmp files..."));
exec("/bin/rm -r {$tmpfname}");
apc_clear_cache();
@@ -200,20 +168,17 @@ exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
/* send current buffer */
ob_flush();
-conf_mount_rw();
/* If tmp dir does not exist create it */
-if (file_exists($tmpfname)) {
+if (is_dir($tmpfname)) {
update_status(gettext("The directory tmp exists..."));
} else {
- mkdir("{$tmpfname}", 700);
+ @mkdir("{$tmpfname}", 700);
}
/* unhide progress bar and lets end this party */
unhide_progress_bar_status();
-
-
/* download md5 sig from snort.org */
if ($snortdownload == 'on')
{
@@ -268,12 +233,8 @@ if ($snortdownload == 'on')
update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n\n</body>\n</html>\n";
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -284,12 +245,8 @@ if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
update_output_window(gettext("Rules are released to support Pfsense packages."));
hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n\n</body>\n</html>\n";
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
/* Check if were up to date snort.org */
@@ -301,15 +258,11 @@ if ($snortdownload == 'on')
$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- write_config(); // Will cause switch back to read-only on nanobsd
- conf_mount_rw();
if ($md5_check_new == $md5_check_old)
{
update_status(gettext("Your rules are up to date..."));
update_output_window(gettext("You may start Snort now, check update."));
hide_progress_bar_status();
- echo "\n\n</body>\n</html>\n";
$snort_md5_check_ok = on;
}
}
@@ -324,10 +277,6 @@ if ($emergingthreats == "on")
$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
if ($emerg_md5_check_new == $emerg_md5_check_old)
{
hide_progress_bar_status();
@@ -343,10 +292,6 @@ if (file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
$pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
- /* Write out time of last sucsessful md5 to cache */
- // Will cause switch back to read-only on nanobsd
- write_config();
- conf_mount_rw();
if ($pfsense_md5_check_new == $pfsense_md5_check_old)
{
hide_progress_bar_status();
@@ -362,10 +307,8 @@ if ($snortdownload == 'on' && $emergingthreats == 'on')
{
update_status(gettext("All your rules are up to date..."));
update_output_window(gettext("You may start Snort now..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -375,10 +318,8 @@ if ($snortdownload == 'on' && $emergingthreats == 'off')
{
update_status(gettext("Your snort.org rules are up to date..."));
update_output_window(gettext("You may start Snort now..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -388,10 +329,8 @@ if ($snortdownload == 'off' && $emergingthreats == 'on')
{
update_status(gettext("Your Emergingthreats rules are up to date..."));
update_output_window(gettext("You may start Snort now..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -415,7 +354,6 @@ if ($snortdownload == 'on')
unhide_progress_bar_status();
update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
update_output_window(gettext("May take 4 to 10 min..."));
- conf_mount_rw();
//snort_download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
snort_download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
update_all_status($static_output);
@@ -424,10 +362,8 @@ if ($snortdownload == 'on')
update_status(gettext("Error with the snort rules download..."));
update_output_window(gettext("Snort rules file downloaded failed..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
}
@@ -478,7 +414,7 @@ if ($pfsense_md5_check_ok != on) {
//} else {
// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
+// return;
// }
//}
@@ -491,7 +427,7 @@ if ($pfsense_md5_check_ok != on) {
//} else {
// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
+// return;
// }
//}
@@ -572,10 +508,8 @@ if ($snortdownload == 'on')
}else{
update_status(gettext("Error extracting Snort.org Rules..."));
update_output_window(gettext("Error Line 755"));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
}
@@ -626,10 +560,8 @@ if ($snortdownload == 'on')
}else{
update_status(gettext("The md5 file does not exist..."));
update_output_window(gettext("Error copying config..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
}
@@ -646,10 +578,8 @@ if ($emergingthreats == "on")
}else{
update_status(gettext("The emergingthreats md5 file does not exist..."));
update_output_window(gettext("Error copying config..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
}
@@ -662,10 +592,8 @@ if ($pfsense_md5_check_ok != on) {
} else {
update_status(gettext("The Pfsense md5 file does not exist..."));
update_output_window(gettext("Error copying config..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
@@ -686,10 +614,8 @@ if ($snortdownload == 'on')
}else{
update_status(gettext("Directory signatures exist..."));
update_output_window(gettext("Error copying signature..."));
- echo "</body>";
- echo "</html>";
conf_mount_ro();
- exit(0);
+ return;
}
}
}
@@ -698,13 +624,13 @@ if ($snortdownload == 'on')
/* double make shure cleanup emerg rules that dont belong */
if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+ @unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
}
if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
@@ -728,9 +654,7 @@ exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/r
/* open oinkmaster_conf for writing" function */
function oinkmaster_conf($id, $if_real, $iface_uuid)
{
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
+ global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
/* enable disable setting will carry over with updates */
/* TODO carry signature changes with the updates */
@@ -740,14 +664,14 @@ function oinkmaster_conf($id, $if_real, $iface_uuid)
$enabled_sid_on = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'];
$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
foreach($enabled_sid_on_array as $enabled_item_on)
- $selected_sid_on_sections .= "$enabled_item_on\n";
+ $selected_sid_on_sections .= "$enabled_item_on\n";
}
if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
$enabled_sid_off = $config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'];
$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
foreach($enabled_sid_off_array as $enabled_item_off)
- $selected_sid_off_sections .= "$enabled_item_off\n";
+ $selected_sid_off_sections .= "$enabled_item_off\n";
}
$snort_sid_text = <<<EOD
@@ -772,9 +696,7 @@ EOD;
/* open snort's oinkmaster.conf for writing */
$oinkmasterlist = fopen("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", "w");
-
fwrite($oinkmasterlist, "$snort_sid_text");
-
/* close snort's oinkmaster.conf file */
fclose($oinkmasterlist);
@@ -786,9 +708,7 @@ fclose($oinkmasterlist);
/* TODO add per interface settings here */
function oinkmaster_run($id, $if_real, $iface_uuid)
{
-
- global $config, $g, $id, $if_real, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
- conf_mount_rw();
+ global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
if ($snort_md5_check_ok != on || $emerg_md5_check_ok != on || $pfsense_md5_check_ok != on)
{
@@ -831,26 +751,18 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
/* Start the proccess for every interface rule */
/* TODO: try to make the code smother */
-
-if (!empty($config['installedpackages']['snortglobal']['rule']))
+if (is_array($config['installedpackages']['snortglobal']['rule']))
{
-
- $rule_array = $config['installedpackages']['snortglobal']['rule'];
- $id = -1;
- foreach ($rule_array as $value) {
-
- $id += 1;
-
- $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
- $iface_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+ $result_lan = $value['interface'];
+ $if_real = snort_get_real_interface($result_lan);
+ $iface_uuid = $value['uuid'];
/* make oinkmaster.conf for each interface rule */
oinkmaster_conf($id, $if_real, $iface_uuid);
/* run oinkmaster for each interface rule */
oinkmaster_run($id, $if_real, $iface_uuid);
-
}
}
@@ -860,19 +772,17 @@ if (!empty($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
/* remove old $tmpfname files */
-if (file_exists('/usr/local/etc/snort/tmp'))
-{
+if (is_dir('/usr/local/etc/snort/tmp')) {
update_status(gettext("Cleaning up..."));
exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
sleep(2);
exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
- apc_clear_cache();
}
/* php code to flush out cache some people are reportting missing files this might help */
sleep(2);
apc_clear_cache();
-exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
+exec("/bin/sync; /bin/sync");
/* make all dirs snorts */
exec("/usr/sbin/chown -R snort:snort /var/log/snort");
@@ -897,8 +807,8 @@ if (file_exists("/tmp/snort_download_halt.pid")) {
/* hide progress bar and lets end this party */
hide_progress_bar_status();
conf_mount_ro();
-?> <?php
+if (!functions_exists('read_body_firmware')) {
function read_body_firmware($ch, $string) {
global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
$length = strlen($string);
@@ -922,6 +832,7 @@ function read_body_firmware($ch, $string) {
fwrite($fout, $string);
return $length;
}
+}
function snort_download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') {
global $ch, $fout, $file_size, $downloaded;
@@ -953,6 +864,3 @@ function snort_download_file_with_progress_bar($url_file, $destination_file, $re
return ($http_code == 200) ? true : $http_code;
}
?>
-
-</body>
-</html>
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 5fc915c0..982a2f72 100644
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -105,23 +105,11 @@ header( "Pragma: no-cache" );
$pgtitle = "Services: Snort: Updates";
-include_once("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#000000" vlink="#000000" alink="#000000">
-
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example7").colorbox({width:"900px", height:"400px", iframe:true, overlayClose:false});
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
- jQuery(".example9").colorbox({width:"90%", height:"65%", iframe:true, overlayClose:false});
-
- });
- </script>
+<body link="#000000" vlink="#000000" alink="#000000">
<?php
echo "{$snort_general_css}\n";
@@ -130,10 +118,6 @@ echo "$snort_interfaces_css\n";
<?php include("fbegin.inc"); ?>
-<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<noscript>
@@ -144,45 +128,21 @@ enable JavaScript to view this content
</noscript>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
- <div class="newtabmenu" style="margin: 1px 10px; width: 760px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li class="newtabmenu_active"><a
- href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php?id_d=up"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
-
- <tr>
- <td>
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
-
- <li class="newtabmenu_active"><a
- href="/snort/snort_download_rules.php"><span>Rule Update</span></a></li>
- <li><a href="#"><span>Upload Custom Rules</span></a></li>
- <li><a href="#"><span>Gui Update</span></a></li>
-
- </ul>
- </div>
-
- </td>
- </tr>
-
- <tr>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
<td>
<div id="mainarea3">
<table id="maintable4" class="tabcont" width="100%" border="0"
@@ -247,22 +207,19 @@ enable JavaScript to view this content
<font color='#777777' size='1.5px'><b>UPDATE YOUR RULES</b></font><br>
<br>
- <?php
+ <?php
if ($error_stop == 'true') {
-
echo '
- <button class="sexybutton disabled" disabled="disabled" href="/snort/snort_download_rules.php?$id_d=up"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button><br>
+ <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled" disabled="disabled"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button></a><br/>
<p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;No rule types have been selected for download. "Global Settings Tab"</font><br>
- ';
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;No rule types have been selected for download. "Global Settings Tab"</font><br>';
if ($mfolder_chk == 'empty') {
echo '
- <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>
- ' . "\n";
+ <font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>' ."\n";
}
echo '</p>' . "\n";
@@ -271,17 +228,14 @@ enable JavaScript to view this content
echo '
- <button class="sexybutton sexysimple example7" href="/snort/snort_download_rules.php?$id_d=up"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button>
-
- ' . "\n";
+ <a href="/snort/snort_download_rules.php"><button class="sexybutton disabled"><span class="download">Update Rules&nbsp;&nbsp;&nbsp;&nbsp;</span></button></a><br/>' . "\n";
if ($mfolder_chk == 'empty') {
echo '
<p style="text-align:left; margin-left:150px;">
<font color="#fc3608" size="2px"><b>WARNING:</b></font><font size="1px" color="#000000">&nbsp;&nbsp;The main rules directory is empty. /usr/local/etc/snort/rules</font>
- </p>
- ';
+ </p>';
}
}
@@ -378,25 +332,7 @@ enable JavaScript to view this content
</table>
<!-- end of final table --></div>
- <?php //include("fend.inc"); ?>
-
-</div>
-<!-- Right DIV -->
-</div>
-<!-- Content DIV -->
-<div id="footer"><a target="_blank"
- href="<?=$g['product_website_footer']?>" class="redlnk"><?=$g['product_name']?></a>
-is &copy; <?=$g['product_copyright_years']?> by <a
- href="<?=$g['product_copyright_url']?>" class="tblnk"><?=$g['product_copyright']?></a>.
-All Rights Reserved. [<a href="/license.php" class="tblnk">view license</a>]
-<br />
-[<a target="_blank" href="https://portal.pfsense.org/?guilead=true"
- class="tblnk">Commercial Support Available</a>]</div>
-<!-- Footer DIV -->
-</div>
-<!-- Wrapper Div -->
-<script type="text/javascript"
- src="/themes/<?php echo $g['theme']; ?>/bottom-loader.js"></script>
+<?php include("fend.inc"); ?>
<?php echo "$snort_custom_rnd_box\n"; ?>
diff --git a/config/snort/snort_dynamic_ip_reload.php b/config/snort/snort_dynamic_ip_reload.php
index 290b0e3b..66bc505c 100644
--- a/config/snort/snort_dynamic_ip_reload.php
+++ b/config/snort/snort_dynamic_ip_reload.php
@@ -40,8 +40,6 @@ if (file_exists('/var/run/snort_dynamic_ip_reload.dirty')) {
exec('/usr/bin/touch /var/run/snort_dynamic_ip_reload.dirty');
sync_snort_package_config();
-sync_snort_package();
-
-exec('/bin/rm /var/run/snort_dynamic_ip_reload.dirty');
+@unlink("/var/run/snort_dynamic_ip_reload.dirty");
?>
diff --git a/config/snort/snort_head.inc b/config/snort/snort_head.inc
deleted file mode 100644
index 3ab02c84..00000000
--- a/config/snort/snort_head.inc
+++ /dev/null
@@ -1,130 +0,0 @@
-<?php
-/*
- pfSense_MODULE: header
- */
-
-/*
- * if user has selected a custom template, use it.
- * otherwise default to pfsense tempalte
- */
-if($config['theme'] <> "")
-$g['theme'] = $config['theme'];
-else
-$g['theme'] = "pfsense";
-
-/*
- * If this device is an apple ipod/iphone
- * switch the theme to one that works with it.
- */
-$apple_ua = array("iPhone","iPod", "iPad");
-foreach($apple_ua as $useragent)
-if(strstr($_SERVER['HTTP_USER_AGENT'], $useragent))
-$g['theme'] = "pfsense";
-
-$pagetitle = gentitle( $pgtitle );
-
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html>
-<head>
-<title><?php echo($config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle); ?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-<link rel="apple-touch-icon"
- href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png" />
-<?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false &&
-file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?>
-<?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?>
-<?php else: ?>
-<link rel="stylesheet" href="/themes/<?php echo $g['theme']; ?>/all.css"
- media="all" />
-<?php endif; ?>
-<link rel="stylesheet" type="text/css" href="../niftycssCode.css">
-<link rel="stylesheet" type="text/css" href="../niftycssprintCode.css"
- media="print">
-
-<?php if ($config['version'] >= 6): ?>
-<link rel="stylesheet" type="text/css" href="/themes/<?php echo $g['theme']; ?>/new_tab_menu.css"
- media="all">
-<?php else: ?>
-<link rel="stylesheet" type="text/css" href="./css/new_tab_menu.css"
- media="all">
-<?php endif; ?>
-
-<link rel="stylesheet" type="text/css" href="./css/sexybuttons.css"
- media="all" />
-<link rel="stylesheet" type="text/css" href="./css/colorbox.css"
- media="all" />
-<link rel="stylesheet" type="text/css" href="./css/style.css"
- media="all" />
-
-
-<script type="text/javascript" src="../javascript/niftyjsCode.js"></script>
-<script type="text/javascript">
- var theme = "<?php echo $g['theme']; ?>";
- </script> <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?>
-<?php
-if($_GET['enablefirebuglite']) {
- echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n";
- echo "\t<script type=\"text/javascript\" src=\"/javascript/firebug-lite.js\"></script>\n";
-}
-
-/* only load javascript that you need, jquery and prototype dont play together */
-//if ($snort_load_jquery == 'yes') {
-echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery-1.4.2.min.js\"></script>\n";
-//}
-//if ($snort_load_jquery_colorbox == 'yes') {
-echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/jquery.colorbox.js\"></script>\n";
-echo "\t<script type=\"text/javascript\" src=\"/javascript/sorttable.js\"></script>\n";
-//}
-if ($snort_load_mootools == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/mootools.js\"></script>\n";
-}
-if ($snort_load_sortabletable == 'yes') {
- echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/sortableTable.js\"></script>\n";
-}
-
-/* some pfsense commercial versions require prototype to be in every tab on the GUI, for custom logos */
-echo "\t<script type=\"text/javascript\" src=\"/snort/javascript/prototype.js\"></script>\n";
-// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/prototype.js\"></script>\n";
-// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/scriptaculous.js\"></script>\n";
-// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/effects.js\"></script>\n";
-// echo "\t<script type=\"text/javascript\" src=\"../javascript/scriptaculous/dragdrop.js\"></script>\n";
-
-if(file_exists("{$g['www_path']}/javascript/global.js"))
-echo "\t<script type=\"text/javascript\" src=\"../javascript/global.js\"></script>\n";
-/*
- * Find all javascript files that need to be included
- * for this page ... from the arrays ... :)
- * Coded by: Erik Kristensen
- */
-
-$dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php');
-$path = "{$g['www_path']}/javascript/" . $dir . "/";
-if (is_dir($path)) {
- if ($dh = opendir($path)) {
- while (($file = readdir($dh)) !== false) {
- if (is_dir($file))
- continue;
- echo "\t<script type=\"text/javascript\" src=\"/javascript/{$dir}/{$file}\"></script>\n";
- }
- closedir($dh);
- }
-}
-
-if (!isset($closehead))
-echo "</head>";
-
-/* If this page is being remotely managed then do not allow the loading of the contents. */
-if($config['remote_managed_pages']['item']) {
- foreach($config['remote_managed_pages']['item'] as $rmp) {
- if($rmp == $_SERVER['SCRIPT_NAME']) {
- include("fbegin.inc");
- print_info_box_np("This page is currently being managed by a remote machine.");
- include("fend.inc");
- exit;
- }
- }
-}
-
-?>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index b5db0857..13b7fb4e 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -46,32 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id_gen = count($config['installedpackages']['snortglobal']['rule']);
-/* alert file */
-$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty');
-
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if ($d_snortconfdirty_path_ls != '') {
-
- sync_snort_package_empty();
- sync_snort_package();
-
- exec('/bin/rm /var/run/snort_conf_*.dirty');
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /snort/snort_interfaces.php");
-
- exit;
-
- }
-
-}
-
if (isset($_POST['del_x'])) {
/* delete selected rules */
if (is_array($_POST['rule'])) {
@@ -80,7 +54,7 @@ if (isset($_POST['del_x'])) {
foreach ($_POST['rule'] as $rulei) {
/* convert fake interfaces to real */
- $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']);
+ $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
/* cool code to check if any snort is up */
@@ -133,7 +107,7 @@ if (isset($_POST['del_x'])) {
/* stop syslog flood code */
//$if_real_wan_rulei = $a_nat[$rulei]['interface'];
- //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei);
+ //$if_real_wan_rulei2 = snort_get_real_interface($if_real_wan_rulei);
//exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc");
//exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log");
//exec("/usr/bin/killall syslogd");
@@ -170,7 +144,7 @@ if (isset($_POST['del_x'])) {
conf_mount_ro();
}
- //touch("/var/run/snort_conf_delete.dirty");
+ sync_snort_package_empty();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -187,7 +161,7 @@ if (isset($_POST['del_x'])) {
/* start/stop snort */
if ($_GET['act'] == 'toggle' && is_numeric($id)) {
- $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+ $if_real = snort_get_real_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* Log Iface stop */
@@ -212,8 +186,6 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
}else{
sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
-
Running_Start($snort_uuid, $if_real, $id);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -228,33 +200,19 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
$pgtitle = "Services: $snort_package_version";
-include_once("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-
<body link="#000000" vlink="#000000" alink="#000000">
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
-
<?php
echo "{$snort_general_css}\n";
echo "$snort_interfaces_css\n";
-?>
-
-<?php include("fbegin.inc"); ?>
-<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+include_once("fbegin.inc");
+if ($pfsense_stable == 'yes')
+ echo '<p class="pgtitle">' . $pgtitle . '</p>';
+?>
<noscript>
<div class="alert" ALIGN=CENTER><img
@@ -263,60 +221,47 @@ enable JavaScript to view this content
</CENTER></div>
</noscript>
-
<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-
- <?php
-
+<?php
/* Display Alert message */
-
- if ($input_errors) {
+ if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
+ if ($savemsg)
print_info_box2($savemsg);
- }
//if (file_exists($d_snortconfdirty_path)) {
if ($d_snortconfdirty_path_ls != '') {
echo '<p>';
- if($savemsg) {
+ if($savemsg)
print_info_box_np2("{$savemsg}");
- }else{
+ else {
print_info_box_np2('
The Snort configuration has changed for one or more interfaces.<br>
You must apply the changes in order for them to take effect.<br>
');
}
}
-
- ?>
+?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li class="newtabmenu_active"><a href="/snort/snort_interfaces.php"><span>Snort
- Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
- <tr>
- <td>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
<div id="mainarea2">
<table class="tabcont" width="100%" border="0" cellpadding="0"
cellspacing="0">
@@ -346,7 +291,7 @@ enable JavaScript to view this content
/* convert fake interfaces to real and check if iface is up */
/* There has to be a smarter way to do this */
- $if_real = convert_friendly_interface_to_real_interface_name2($natent['interface']);
+ $if_real = snort_get_real_interface($natent['interface']);
$snort_uuid = $natent['uuid'];
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 26aeb60f..746145e2 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -54,33 +54,22 @@ if (isset($_GET['dup'])) {
/* always have a limit of (65535) numbers only or snort will not start do to id limits */
/* TODO: When inline gets added make the uuid the port number lisstening */
-//function gen_snort_uuid($fileline)
-//{
-/* return the first 5 */
-//if (preg_match("/...../", $fileline, $matches1))
-//{
-//$uuid_final = "$matches1[0]";
- //}
- //return $uuid_final;
- //}
-
- /* gen uuid for each iface !inportant */
- if (!empty($config['installedpackages']['snortglobal']['rule'][$id]) && !empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) {
- //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
- $snort_uuid = 0;
- while ($snort_uuid > 65535 || $snort_uuid == 0) {
- $snort_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $snort_uuid;
- }
+$pconfig = array();
+
+/* gen uuid for each iface !inportant */
+if (empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+ $snort_uuid = 0;
+ while ($snort_uuid > 65535 || $snort_uuid == 0) {
+ $snort_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $snort_uuid;
}
+} else {
+ $snort_uuid = $a_nat[$id]['uuid'];
+ $pconfig['uuid'] = $snort_uuid;
+}
- /* convert fake interfaces to real */
- $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
-
- if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '')
- $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
-
- if (isset($id) && $a_nat[$id]) {
+if (isset($id) && $a_nat[$id]) {
/* old options */
$pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
@@ -131,7 +120,6 @@ if (isset($_GET['dup'])) {
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['uuid'] = $a_nat[$id]['uuid'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
$pconfig['performance'] = $a_nat[$id]['performance'];
@@ -152,42 +140,21 @@ if (isset($_GET['dup'])) {
if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
+ } else
$pconfig['interface'] = "wan";
- } else {
- $pconfig['interface'] = "wan";
- }
- if (isset($_GET['dup']))
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+
+if (isset($_GET['dup']))
unset($id);
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
- /* this will exec when alert says apply */
- if ($_POST['apply']) {
-
- if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
-
- $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']);
-
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
-
- unlink("/var/run/snort_conf_{$snort_uuid}_.dirty");
- }
-
- if (file_exists($d_snortconfdirty_path)) {
-
- sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
-
- unlink($d_snortconfdirty_path);
- }
- }
-
if ($_POST["Submit"]) {
- // if ($config['installedpackages']['snortglobal']['rule']) {
if ($_POST['descr'] == '' && $pconfig['descr'] == '') {
$input_errors[] = "Please enter a description for your reference.";
}
@@ -198,7 +165,7 @@ if (isset($_GET['dup'])) {
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
$result_lan = $value['interface'];
- $if_real = convert_friendly_interface_to_real_interface_name2($result_lan);
+ $if_real = snort_get_real_interface($result_lan);
if ($_POST['interface'] == $result_lan)
$input_errors[] = "Interface $result_lan is in use. Please select another interface.";
@@ -220,7 +187,8 @@ if (isset($_GET['dup'])) {
$natent = array();
/* write to conf for 1st time or rewrite the answer */
- $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface'];
+ if ($_POST['interface'])
+ $natent['interface'] = $_POST['interface'];
/* if post write to conf or rewite the answer */
$natent['enable'] = $_POST['enable'] ? 'on' : 'off';
@@ -232,15 +200,13 @@ if (isset($_GET['dup'])) {
$natent['blockoffenders7'] = 'on';
else
$natent['blockoffenders7'] = 'off';
- if ($_POST['enable'] == "")
- $natent['blockoffenders7'] = $pconfig['blockoffenders7'];
$natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname'];
$natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname'];
$natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname'];
$natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname'];
$natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype'];
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
- if ($_POST['enable']) { $natent['alertsystemlog'] = 'on'; } else unset($natent['alertsystemlog']);
+ if ($_POST['enable']) { $natent['enable'] = 'on'; } else unset($natent['enable']);
if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; }
if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; }
$natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
@@ -302,7 +268,7 @@ if (isset($_GET['dup'])) {
if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
+ $a_nat[$id] = $natent;
else {
if (is_numeric($after))
array_splice($a_nat, $after+1, 0, array($natent));
@@ -312,8 +278,6 @@ if (isset($_GET['dup'])) {
write_config();
- touch("$d_snortconfdirty_path");
-
/* if snort.sh crashed this will remove the pid */
exec('/bin/rm /tmp/snort.sh.pid');
@@ -331,7 +295,6 @@ if (isset($_GET['dup'])) {
if ($_POST["Submit2"]) {
sync_snort_package_all($id, $if_real, $snort_uuid);
- sync_snort_package();
sleep(1);
Running_Start($snort_uuid, $if_real, $id);
@@ -373,24 +336,17 @@ if (isset($_GET['dup'])) {
} else
$snort_up_ck = '';
- $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
- include("/usr/local/pkg/snort/snort_head.inc");
+
+$pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real";
+include_once("head.inc");
?>
+
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
- <?php
+<?php
include("fbegin.inc");
- ?>
-
- <?php
echo "{$snort_general_css}\n";
- ?>
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
-<div class="body2">
+?>
<noscript>
<div class="alert" ALIGN=CENTER><img
@@ -426,14 +382,14 @@ echo "
document.iform.configpassthru.disabled = endis;
}
//-->
-</script> <?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+</script>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>"
- method="post" enctype="multipart/form-data" name="iform" id="iform"><?php
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
/* Display Alert message */
-
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
@@ -446,21 +402,41 @@ echo "
if (file_exists($d_snortconfdirty_path) || file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
echo '<p>';
- if($savemsg) {
+ if($savemsg)
print_info_box_np2("{$savemsg}");
- }else{
+ else {
print_info_box_np2('
The Snort configuration has changed and snort needs to be restarted on this interface.<br>
You must apply the changes in order for them to take effect.<br>
');
}
}
-
- ?>
+?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
<tr>
- <td class="tabnavtbl"><?php
+ <td class="tabnavtbl">
+ <?php
if ($a_nat[$id]['interface'] != '') {
/* get the interface name */
$snortInterfaces = array(); /* -gtm */
@@ -470,7 +446,7 @@ echo "
if($if_array) {
foreach($if_array as $iface2) {
/* build a list of user specified interfaces -gtm */
- $if2 = convert_friendly_interface_to_real_interface_name2($iface2);
+ $if2 = snort_get_real_interface($iface2);
if ($if2)
array_push($snortInterfaces, $if2);
}
@@ -480,29 +456,8 @@ echo "
}
}
-
-
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- }
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- /* hide user tabs when no settings have be saved */
- if ($config['installedpackages']['snortglobal']['rule'][$id]['interface'] != '') {
- if (!file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) {
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- }
- }
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
-
- ?></td>
+ ?>
+ </td>
</tr>
<tr>
<td class="tabcont">
@@ -511,12 +466,12 @@ echo "
<td colspan="2" valign="top" class="listtopic">General Settings</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncellreq2">Interface</td>
+ <td width="22%" valign="top" class="vncellreq2">Enable</td>
<td width="22%" valign="top" class="vtable">&nbsp; <?php
// <input name="enable" type="checkbox" value="yes" checked onClick="enable_change(false)">
// care with spaces
if ($pconfig['enable'] == "on")
- $checked = checked;
+ $checked = checked;
$onclick_enable = "onClick=\"enable_change(false)\">";
@@ -530,9 +485,13 @@ echo "
<td width="78%" class="vtable"><select name="interface"
class="formfld">
<?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ if (function_exists('get_configured_interface_with_descr'))
+ $interfaces = get_configured_interface_with_descr();
+ else {
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
}
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?=$iface;?>"
@@ -763,10 +722,11 @@ echo "
</tr>
<tr>
<td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn"
- value="Save"> <?php echo $snort_up_ck; ?> <input type="button"
- class="formbtn" value="Cancel" onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php echo $snort_up_ck; ?>
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
@@ -779,17 +739,12 @@ echo "
</table>
</form>
-</div>
-
<script language="JavaScript">
<!--
enable_change(false);
//-->
</script>
- <?php include("fend.inc"); ?>
-
-<div>
-
+<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index 0fbc29ae..5f432a6f 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -52,19 +52,6 @@ $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['auto
$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if (file_exists("$d_snort_global_dirty_path")) {
-
- /* create whitelist and homenet file then sync files */
- sync_snort_package_empty();
- sync_snort_package();
-
- unlink("$d_snort_global_dirty_path");
- }
-}
-
/* if no errors move foward */
if (!$input_errors) {
@@ -83,48 +70,31 @@ if (!$input_errors) {
$retval = 0;
$snort_snortloglimit_info_ck = $config['installedpackages']['snortglobal']['snortloglimit'];
- if ($snort_snortloglimit_info_ck == 'on') {
- snort_snortloglimit_install_cron('');
- snort_snortloglimit_install_cron('true');
- }
-
- if ($snort_snortloglimit_info_ck == 'off') {
- snort_snortloglimit_install_cron('');
- }
-
+ snort_snortloglimit_install_cron($snort_snortloglimit_info_ck == 'ok' ? true : false);
/* set the snort block hosts time IMPORTANT */
$snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = "";
+ $snort_rm_blocked_false = false;
else
- $snort_rm_blocked_false = "true";
+ $snort_rm_blocked_false = true;
- if ($snort_rm_blocked_info_ck != "")
- {
- snort_rm_blocked_install_cron("");
- snort_rm_blocked_install_cron($snort_rm_blocked_false);
- }
+ snort_rm_blocked_install_cron($snort_rm_blocked_false);
/* set the snort rules update time */
$snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = "";
+ $snort_rules_up_false = false;
else
- $snort_rules_up_false = "true";
-
- if ($snort_rules_up_info_ck != "")
- {
- snort_rules_up_install_cron("");
- snort_rules_up_install_cron($snort_rules_up_false);
- }
+ $snort_rules_up_false = true;
+ snort_rules_up_install_cron($snort_rules_up_false);
- touch($d_snort_global_dirty_path);
- $savemsg = get_std_save_message($retval);
write_config();
+ $savemsg = get_std_save_message($retval);
- sync_snort_package();
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_empty();
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -188,8 +158,6 @@ if ($_POST["Reset"]) {
/* remove all snort iface dir */
exec('rm -r /usr/local/etc/snort/snort_*');
exec('rm /var/log/snort/*');
-
- write_config();
}
snort_deinstall_settings();
@@ -204,35 +172,22 @@ if ($_POST["Reset"]) {
exit;
}
-
$pgtitle = 'Services: Snort: Global Settings';
-include_once("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
-
<?php
echo "{$snort_general_css}\n";
echo "$snort_interfaces_css\n";
-?>
-
-<?php include("fbegin.inc"); ?>
-<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
+include_once("fbegin.inc");
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+if($pfsense_stable == 'yes')
+ echo '<p class="pgtitle">' . $pgtitle . '</p>';
+?>
<noscript>
<div class="alert" ALIGN=CENTER><img
@@ -241,48 +196,39 @@ enable JavaScript to view this content
</CENTER></div>
</noscript>
-
-<form action="snort_interfaces_global.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform"><?php
+<form action="snort_interfaces_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php
/* Display Alert message, under form tag or no refresh */
- if ($input_errors) {
+ if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
- }
if (!$input_errors) {
if (file_exists($d_snort_global_dirty_path)) {
-
print_info_box_np2('
The Snort configuration has changed and snort needs to be restarted on this interface.<br>
You must apply the changes in order for them to take effect.<br>
');
}
}
- ?>
+?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li class="newtabmenu_active"><a
- href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
-
- <tr>
- <td class="tabcont">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), true, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td class="tabcont">
<table id="maintable2" width="100%" border="0" cellpadding="6"
cellspacing="0">
<tr>
@@ -297,7 +243,7 @@ enable JavaScript to view this content
<td colspan="2"><input name="snortdownload" type="radio"
id="snortdownload" value="off" onClick="enable_change(false)"
<?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?>>
- Do <strong>NOT</strong> Install</td>
+ Do <strong>NOT</strong> Install</td>
</tr>
<tr>
<td colspan="2"><input name="snortdownload" type="radio"
@@ -456,8 +402,8 @@ enable JavaScript to view this content
class="red"><strong>&nbsp;WARNING:</strong><br>
This will reset all global and interface settings.</span></td>
<td width="78%"><input name="Submit" type="submit" class="formbtn"
- value="Save" onClick="enable_change(true)"> <input type="button"
- class="formbtn" value="Cancel" onclick="history.back()"></td>
+ value="Save" onClick="enable_change(true)">
+ </td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index dfa890b6..05a09039 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -49,62 +49,30 @@ $id_gen = count($config['installedpackages']['snortglobal']['suppress']['item'])
$d_suppresslistdirty_path = '/var/run/snort_suppress.dirty';
-if ($_POST) {
-
- $pconfig = $_POST;
-
- if ($_POST['apply']) {
- $retval = 0;
-
- if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
- else
- $savemsg = $retval;
- if (file_exists($d_suppresslistdirty_path))
- unlink($d_suppresslistdirty_path);
-
- filter_configure();
- }
-}
-
if ($_GET['act'] == "del") {
if ($a_suppress[$_GET['id']]) {
/* make sure rule is not being referenced by any nat or filter rules */
unset($a_suppress[$_GET['id']]);
write_config();
- touch($d_suppresslistdirty_path);
+ filter_configure();
header("Location: /snort/snort_interfaces_suppress.php");
exit;
}
}
$pgtitle = "Services: Snort: Suppression";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#000000" vlink="#000000" alink="#000000">
-
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
+<body link="#000000" vlink="#000000" alink="#000000">
<?php
-include("fbegin.inc");
+include_once("fbegin.inc");
echo $snort_general_css;
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
@@ -113,27 +81,21 @@ echo $snort_general_css;
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li class="newtabmenu_active"><a
- href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
- </td>
- </tr>
-
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+ </tr>
<tr>
<td class="tabcont">
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index eb406ac5..bf916500 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -90,16 +90,6 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
}
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if (file_exists("$d_snort_suppress_dirty_path")) {
- sync_snort_package_config();
- sync_snort_package();
- unlink("$d_snort_suppress_dirty_path");
- }
-}
-
if ($_POST['submit']) {
unset($input_errors);
@@ -143,10 +133,10 @@ if ($_POST['submit']) {
else
$a_suppress[] = $s_list;
- touch($d_snort_suppress_dirty_path);
-
write_config();
+ sync_snort_package_config();
+
header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id");
exit;
}
@@ -154,32 +144,17 @@ if ($_POST['submit']) {
}
$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC"
- onload="<?= $jsevents["body"]["onload"] ?>">
-
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
echo $snort_general_css;
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php
index 8f3f32ce..5a3b8650 100644
--- a/config/snort/snort_interfaces_whitelist.php
+++ b/config/snort/snort_interfaces_whitelist.php
@@ -54,24 +54,6 @@ if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
-if ($_POST) {
-
- $pconfig = $_POST;
-
- if ($_POST['apply']) {
- $retval = 0;
-
- if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
- else
- $savemsg = $retval;
- if ($retval == 0) {
- if (file_exists($d_whitelistdirty_path))
- unlink($d_whitelistdirty_path);
- }
- }
-}
-
if ($_GET['act'] == "del") {
if ($a_whitelist[$_GET['id']]) {
/* make sure rule is not being referenced by any nat or filter rules */
@@ -79,38 +61,23 @@ if ($_GET['act'] == "del") {
unset($a_whitelist[$_GET['id']]);
write_config();
filter_configure();
- touch($d_whitelistdirty_path);
header("Location: /snort/snort_interfaces_whitelist.php");
exit;
}
}
$pgtitle = "Services: Snort: Whitelist";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
-include("fbegin.inc");
+include_once("fbegin.inc");
echo $snort_general_css;
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<form action="/snort/snort_interfaces_whitelist.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
@@ -119,24 +86,19 @@ echo $snort_general_css;
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl">
-
- <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code-->
- <ul class="newtabmenu">
- <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
- <li><a href="/snort/snort_interfaces_global.php"><span>Global
- Settings</span></a></li>
- <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li>
- <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li>
- <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li>
- <li class="newtabmenu_active"><a
- href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li>
- <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li>
- <li><a class="example8" href="/snort/help_and_info.php"><span>Help</span></a></li>
- </ul>
- </div>
-
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
</td>
</tr>
<tr>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php
index 951ed0b5..c484df9e 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_interfaces_whitelist_edit.php
@@ -101,25 +101,6 @@ if (isset($id) && $a_whitelist[$id]) {
$addresssubnettest = false;
}
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if (file_exists("$d_snort_whitelist_dirty_path")) {
- conf_mount_rw();
-
- /* create whitelist and homenet file then sync files */
- sync_snort_package_empty();
- sync_snort_package();
-
- unlink("$d_snort_whitelist_dirty_path");
-
- write_config();
- conf_mount_ro();
-
- }
-
-}
-
if ($_POST['submit']) {
conf_mount_rw();
@@ -218,14 +199,15 @@ if ($_POST['submit']) {
$w_list['detail'] = $final_address_details;
if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
+ $a_whitelist[$id] = $w_list;
else
- $a_whitelist[] = $w_list;
-
- touch($d_snort_whitelist_dirty_path);
+ $a_whitelist[] = $w_list;
write_config();
+ /* create whitelist and homenet file then sync files */
+ sync_snort_package_empty();
+
header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id");
exit;
}
@@ -240,32 +222,16 @@ if ($_POST['submit']) {
}
$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#0000CC" vlink="#0000CC" alink="#0000CC"
- onload="<?= $jsevents["body"]["onload"] ?>">
-
-<script>
- jQuery(document).ready(function(){
-
- //Examples of how to assign the ColorBox event to elements
- jQuery(".example8").colorbox({width:"820px", height:"700px", iframe:true, overlayClose:false});
-
- });
- </script>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
<?php
include("fbegin.inc");
echo $snort_general_css;
?>
-
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2"><script type="text/javascript"
src="/snort/javascript/row_helper.js"></script> <input type='hidden'
name='address_type' value='textbox' /> <script type="text/javascript">
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index be7a8892..64f5b52e 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -129,22 +129,13 @@ if (isset($id) && $a_nat[$id]) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $pconfig['uuid'];
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
- sync_snort_package();
- unlink($d_snortconfdirty_path);
- }
-}
-
if ($_POST["Submit"]) {
/* check for overlaps */
@@ -215,14 +206,14 @@ if ($_POST["Submit"]) {
if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; }
if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; }
- $natent['perform_stat'] = $_POST['perform_stat'] ? on : off;
- $natent['http_inspect'] = $_POST['http_inspect'] ? on : off;
- $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off;
- $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? on : off;
- $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off;
- $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off;
- $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off;
- $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
+ $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off';
+ $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off';
+ $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off';
+ $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off';
+ $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off';
+ $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off';
+ $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off';
+ $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off';
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -234,24 +225,21 @@ if ($_POST["Submit"]) {
}
write_config();
-
sync_snort_package_all($id, $if_real, $snort_uuid);
/* after click go to this page */
- touch($d_snortconfdirty_path);
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
- sleep(2);
header("Location: snort_preprocessors.php?id=$id");
exit;
}
}
$pgtitle = "Snort: Interface $id$if_real Preprocessors and Flow";
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
<body
@@ -264,10 +252,6 @@ include("/usr/local/pkg/snort/snort_head.inc");
echo "{$snort_general_css}\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2">
<noscript>
@@ -307,27 +291,26 @@ enable JavaScript to view this content
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="tabnavtbl"><?php
- if($id != "")
- {
-
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
-
- }
- ?></td>
- </tr>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
@@ -511,10 +494,10 @@ enable JavaScript to view this content
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn"
- value="Save"> <input type="button" class="formbtn" value="Cancel"
- onclick="history.back()"> <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 0feef550..27fb1149 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -50,20 +50,20 @@ if (isset($id) && $a_nat[$id]) {
}
/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+$if_real = snort_get_real_interface($pconfig['interface']);
$iface_uuid = $a_nat[$id]['uuid'];
-// if(!is_dir("/usr/local/etc/snort/rules"))
-// exec('mkdir /usr/local/etc/snort/rules/');
-
/* Check if the rules dir is empy if so warn the user */
/* TODO give the user the option to delete the installed rules rules */
+if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"))
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules");
+
$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
- include("/usr/local/pkg/snort/snort_head.inc");
- include("fbegin.inc");
+ include_once("head.inc");
+ include_once("fbegin.inc");
echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
@@ -75,20 +75,23 @@ if ($isrulesfolderempty == "") {
<tr>\n
<td>\n";
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
-
- echo "</td>\n
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+echo "</td>\n
</tr>\n
<tr>\n
<td>\n
@@ -172,36 +175,29 @@ function load_rule_file($incoming_file)
}
-$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
-$dh = opendir($ruledir);
-
-if ($_GET['openruleset'] != '' && $_GET['ids'] != '')
-{
+/*
+if ($_GET['openruleset'] != '' && $_GET['ids'] != '') {
header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes");
+ exit;
}
+*/
+$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/";
+$dh = opendir($ruledir);
while (false !== ($filename = readdir($dh)))
{
//only populate this array if its a rule file
$isrulefile = strstr($filename, ".rules");
if ($isrulefile !== false)
- {
$files[] = $filename;
- }
}
-
sort($files);
if ($_GET['openruleset'])
-{
$rulefile = $_GET['openruleset'];
-}
else
-{
$rulefile = $ruledir.$files[0];
-}
-
//Load the rule file
$splitcontents = load_rule_file($rulefile);
@@ -293,6 +289,7 @@ if ($_POST)
$stopMsg = true;
}
+ conf_mount_ro();
}
else if ($_GET['act'] == "toggle")
{
@@ -361,9 +358,6 @@ else if ($_GET['act'] == "toggle")
$a_nat[$id]['rule_sid_off'] = $sid_off_old;
// add sid off registers to new off sid
$a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
- write_config();
- conf_mount_rw();
-
}
else
{
@@ -386,9 +380,9 @@ else if ($_GET['act'] == "toggle")
$a_nat[$id]['rule_sid_on'] = $sid_on_old;
// add sid on registers to new on sid
$a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
- write_config();
- conf_mount_rw();
}
+ write_config();
+ conf_mount_ro();
}
@@ -408,7 +402,7 @@ $currentruleset = basename($rulefile);
$ifname = strtoupper($pconfig['interface']);
require_once("guiconfig.inc");
-include_once("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
@@ -424,10 +418,6 @@ $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset";
echo "{$snort_general_css}\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2">
<noscript>
@@ -476,22 +466,26 @@ function popup(url)
</script>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td><?php
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
- ?></td>
- </tr>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
<tr>
<td>
<div id="mainarea2">
@@ -529,7 +523,7 @@ function popup(url)
{
$selectedruleset = "";
if ($files[$i] === $currentruleset)
- $selectedruleset = "selected";
+ $selectedruleset = "selected";
?>
<option
value="?id=<?=$id;?>&openruleset=<?=$ruledir;?><?=$files[$i];?>"
@@ -722,13 +716,11 @@ function popup(url)
</div>
- <?php
-
- include("fend.inc");
-
- echo $snort_custom_rnd_box;
+<?php
- ?>
+include("fend.inc");
+echo $snort_custom_rnd_box;
+?>
</div>
</body>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 05712e49..deb489dc 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -61,60 +61,23 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
}
-/* convert fake interfaces to real */
-$if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
-
-
-$file = $_GET['openruleset'];
-
-//read snort file
-$filehandle = fopen($file, "r");
-
//get rule id
$lineid = $_GET['ids'];
+$file = $_GET['openruleset'];
//read file into string, and get filesize also chk for empty files
if (filesize($file) > 0 ) {
- $contents2 = fread($filehandle, filesize($file));
+ $contents2 = file_get_contents($file);
}else{
$contents2 = '';
}
-//close handler
-fclose ($filehandle);
-
//delimiter for each new rule is a new line
$delimiter = "\n";
//split the contents of the string file into an array using the delimiter
$splitcontents = explode($delimiter, $contents2);
-//copy rule contents from array into string
-$tempstring = $splitcontents[$lineid];
-
-if (!function_exists('write_rule_file')) {
-function write_rule_file($content_changed, $received_file)
-{
- //read snort file with writing enabled
- $filehandle = fopen($received_file, "w");
-
- //delimiter for each new rule is a new line
- $delimiter = "\n";
-
- //implode the array back into a string for writing purposes
- $fullfile = implode($delimiter, $content_changed);
-
- //write data to file
- fwrite($filehandle, $fullfile);
-
- //close file handle
- fclose($filehandle);
-
-}
-}
-
-
-
if($_POST['highlight'] <> "") {
if($_POST['highlight'] == "yes" or
$_POST['highlight'] == "enabled") {
@@ -147,16 +110,16 @@ if ($_POST)
$splitcontents[$lineid] = $rule_content2;
//write the new .rules file
- write_rule_file($splitcontents, $file);
+ @file_put_contents($file, implode($delimiter, $splitcontents));
- header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids");
+ echo "<script> window.close(); </script>";
+ //header("Location: /snort/snort_view_edit.php?id=$id&openruleset=$file&ids=$ids");
exit;
}
}
$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
-//
?>
<?php include("head.inc");?>
@@ -165,45 +128,38 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
- <form
- action="snort_view_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>"
- method="post"><?php if ($savemsg) print_info_box($savemsg);?> <?php
- if ($file != '/usr/local/etc/snort/snort_update.log')
- {
-
- echo '
- <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
- <tr>
- <td>
- <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
- <hr noshade="noshade" />
- ' . "\n";
-
- echo 'Disable original rule :';
-
-
- echo ' <input id="highlighting_enabled" name="highlight2" type="radio" value="yes"'; if($highlight == "yes") echo " checked=\"checked\""; echo '/>
- <label for="highlighting_enabled">'; gettext("Enabled"); echo '</label>
- <input id="highlighting_disabled" name="highlight2" type="radio" value="no"'; if($highlight == "no") echo " checked=\"checked\""; echo ' />
- <label for="highlighting_disabled">'; gettext("Disabled"); echo ' </label>
- </td>
- </tr>
- </table>
-
- <table width="100%">
- <tr>
- <td valign="top" class="label">
- <div style="background: #eeeeee;" id="textareaitem">
- <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea wrap="off" style="width: 98%; margin: 7px;" class="'; echo $language; echo ' :showcolumns" rows="'; echo $rows; echo ' " cols="'; echo $cols; echo ' " name="code">'; echo $tempstring; echo ' </textarea>
- </div>
- </td>
- </tr>
- </table>';
-
- }
- ?>
-
+ <form action="snort_rules_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post">
+
+ <?php if ($savemsg) print_info_box($savemsg);
+ if ($file != '/usr/local/etc/snort/snort_update.log'):
+ ?>
+ <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+ <tr>
+ <td>
+ <input name="save" type="submit" class="formbtn" id="save" value="save" />
+ <input type="button" class="formbtn" value="Cancel" onclick="window.close()">
+ <hr noshade="noshade" />
+ Disable original rule :<br/>
+
+ <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_enabled"><?=gettext("Enabled");?> </label>
+ <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> />
+ <label for="highlighting_disabled"> <?=gettext("Disabled");?></label>
+ </td>
+ </tr>
+ </table>
+ <table width="100%">
+ <tr>
+ <td valign="top" class="label">
+ <div style="background: #eeeeee;" id="textareaitem">
+ <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea wrap="off" style="width: 98%; margin: 7px;" class="<?=$language;?>:showcolumns" rows="<?=$rows;?>" cols="<?=$cols;?>" name="code">
+ <?=$tempstring;?> </textarea>
+ </div>
+ </td>
+ </tr>
+ </table>
+ <?php endif; ?>
<table width='100%'>
<tr>
<td valign="top" class="label">
@@ -212,17 +168,16 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
<? if ($file != '/usr/local/etc/snort/snort_update.log') { echo 'disabled'; } ?>
wrap="off" style="width: 98%; margin: 7px;"
class="<?php echo $language; ?>:showcolumns" rows="33"
- cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea>
+ cols="<?=$cols;?>" name="code2"><?=$contents2;?></textarea>
</div>
</td>
</tr>
</table>
- <?php // include("formend.inc");?></form>
<? echo "$file\n"; ?></td>
</tr>
</table>
- <?php //include("fend.inc");?>
+<?php include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index c19c8dd3..df5a24aa 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -51,7 +51,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
/* convert fake interfaces to real */
- $if_real = convert_friendly_interface_to_real_interface_name2($pconfig['interface']);
+ $if_real = snort_get_real_interface($pconfig['interface']);
$iface_uuid = $a_nat[$id]['uuid'];
}
@@ -64,7 +64,7 @@ $pgtitle = "Snort: Interface $id $iface_uuid $if_real Categories";
$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
if ($isrulesfolderempty == "") {
- include("/usr/local/pkg/snort/snort_head.inc");
+ include_once("head.inc");
include("fbegin.inc");
echo "<p class=\"pgtitle\">";
@@ -75,24 +75,26 @@ if ($isrulesfolderempty == "") {
echo "
<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
-
- echo "</td>\n
- </tr>\n
+ <tr><td>\n";
+
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+echo "
+</td></tr>
<tr>\n
<td>\n
<div id=\"mainarea\">\n
@@ -119,21 +121,10 @@ if ($isrulesfolderempty == "") {
echo "</html>";
exit(0);
-
}
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$iface_uuid}_{$if_real}.dirty";
-
-/* this will exec when alert says apply */
-if ($_POST['apply']) {
-
- if (file_exists($d_snortconfdirty_path)) {
- sync_snort_package();
- unlink($d_snortconfdirty_path);
- }
-}
-
if ($_POST["Submit"]) {
$enabled_items = "";
$isfirst = true;
@@ -150,11 +141,8 @@ if ($_POST["Submit"]) {
$a_nat[$id]['rulesets'] = $enabled_items;
write_config();
-
sync_snort_package_all($id, $if_real, $iface_uuid);
- touch($d_snortconfdirty_path);
-
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -166,14 +154,13 @@ if ($_POST["Submit"]) {
$enabled_rulesets = $a_nat[$id]['rulesets'];
if($enabled_rulesets)
-$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+ $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
-include("/usr/local/pkg/snort/snort_head.inc");
+include_once("head.inc");
?>
-<body
- link="#000000" vlink="#000000" alink="#000000">
+<body link="#000000" vlink="#000000" alink="#000000">
<?php include("fbegin.inc"); ?>
<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
@@ -182,10 +169,6 @@ include("/usr/local/pkg/snort/snort_head.inc");
echo "{$snort_general_css}\n";
?>
-<!-- hack to fix the hardcoed fbegin link in header -->
-<div id="header-left2"><a href="../index.php" id="status-link2"><img
- src="./images/transparent.gif" border="0"></img></a></div>
-
<div class="body2">
<noscript>
@@ -227,22 +210,26 @@ if (file_exists($d_snortconfdirty_path)) {
?>
<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td><?php
- echo '<div class="newtabmenu" style="margin:1px 0px; width:775px;">' . "\n";
- echo '<!-- Tabbed bar code -->' . "\n";
- echo '<ul class="newtabmenu">' . "\n";
- echo '<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>' . "\n";
- echo "<li><a href=\"/snort/snort_interfaces_edit.php?id={$id}\"><span>If Settings</span></a></li>\n";
- echo "<li class=\"newtabmenu_active\"><a href=\"/snort/snort_rulesets.php?id={$id}\"><span>Categories</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_rules.php?id={$id}\"><span>Rules</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_define_servers.php?id={$id}\"><span>Servers</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_preprocessors.php?id={$id}\"><span>Preprocessors</span></a></li>\n";
- echo "<li><a href=\"/snort/snort_barnyard.php?id={$id}\"><span>Barnyard2</span></a></li>\n";
- echo '</ul>' . "\n";
- echo '</div>' . "\n";
- ?></td>
- </tr>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tabid = 0;
+ $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tabid++;
+ $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
<tr>
<td>
<div id="mainarea2">