diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/widget-havp/havp_alerts.inc | 15 | ||||
-rw-r--r-- | config/widget-havp/havp_alerts.inc.php | 90 | ||||
-rw-r--r-- | config/widget-havp/havp_alerts.js | 149 | ||||
-rw-r--r-- | config/widget-havp/havp_alerts.widget.php | 63 | ||||
-rw-r--r-- | config/widget-havp/havp_alerts_helper.php | 13 | ||||
-rw-r--r-- | config/widget-havp/widget-havp.inc | 11 | ||||
-rw-r--r-- | config/widget-havp/widget-havp.xml | 85 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.inc | 15 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.inc.php | 77 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.js | 145 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts.widget.php | 67 | ||||
-rw-r--r-- | config/widget-snort/snort_alerts_helper.php | 13 | ||||
-rw-r--r-- | config/widget-snort/widget-snort.inc | 13 | ||||
-rw-r--r-- | config/widget-snort/widget-snort.xml | 85 |
14 files changed, 841 insertions, 0 deletions
diff --git a/config/widget-havp/havp_alerts.inc b/config/widget-havp/havp_alerts.inc new file mode 100644 index 00000000..ecbfe897 --- /dev/null +++ b/config/widget-havp/havp_alerts.inc @@ -0,0 +1,15 @@ +<?php + +require_once("includes/havp_alerts.inc.php"); + +$havp_alerts_title = "HAVP Alerts"; +$havp_alerts_title_link = "havp_alerts.php"; + +$havp_alerts_logfile = "{$g['varlog_path']}/havp/access.log"; +$nentries = 5; +$havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); + +/* AJAX related routines */ +handle_havp_ajax($havp_alerts_logfile, $nentries = 5); + +?>
\ No newline at end of file diff --git a/config/widget-havp/havp_alerts.inc.php b/config/widget-havp/havp_alerts.inc.php new file mode 100644 index 00000000..c0810b83 --- /dev/null +++ b/config/widget-havp/havp_alerts.inc.php @@ -0,0 +1,90 @@ +<? +function get_havp_alerts($havp_alerts, $nentries, $tail = 20) { + global $config, $g; + $logarr = ""; + /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ + exec("/usr/bin/tail -r -n {$tail} {$havp_alerts}", $logarr); + + $havpalerts = array(); + + $counter = 0; + + foreach ($logarr as $logent) { + if($counter >= $nentries) + break; + + $alert = parse_havp_alert_line($logent); + if ($alert != "") { + $counter++; + $havpalerts[] = $alert; + } + + } + /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ + return isset($config['syslog']['reverse']) ? $havpalerts : array_reverse($havpalerts); +} + + + + +function parse_havp_alert_line($line) { + $log_split = ""; + + preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); + + list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], + $alert['virusname']) = $log_split; + + $usableline = true; + + if(trim($alert['url']) == "") + $usableline = false; + if(trim($alert['virusname']) == "") + $usableline = false; + + if($usableline == true) { + return $alert; + } else { + if($g['debug']) { + log_error("There was a error parsing line: $line. Please report to mailing list or forum."); + } + return ""; + } +} + +/* AJAX specific handlers */ +function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { + if($_GET['lastsawtime'] or $_POST['lastsawtime']) { + if($_GET['lastsawtime']) + $lastsawtime = $_GET['lastsawtime']; + if($_POST['lastsawtime']) + $lastsawtime = $_POST['lastsawtime']; + /* compare lastsawrule's time stamp to alert logs. + * afterwards return the newer records so that client + * can update AJAX interface screen. + */ + $new_rules = ""; + $time_regex = ""; + + $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); + foreach($havp_alerts as $log_row) { + preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U",$log_row['date'] , $time_regex); +# $time_regex = "";"/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])\s+([0-9][0-9]:[0-9][0-9]:[0-9][0-9])$/U" + // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['date'] . " " . $log_row['time'], $time_regex); + $row_time = strtotime($time_regex[2] . "/" . $time_regex[1] . "/" . $time_regex[3] . " " . $log_row['time']); + // $myfile = "/testfile.txt"; + // $fh = fopen($myfile,'a') or die("can't open file"); + // $stringdata = $lastsawtime . "-" . $row_time . "\n"; + // fwrite($fh, $stringdata); + // fclose($fh); + + if($row_time > $lastsawtime and $lastsawtime > 0) { + + $new_rules .= "{$log_row['url']}||{$log_row['virusname']}||" . time() . "||{$log_row['date']}||{$log_row['time']}||" . "\n"; + } + } + echo $new_rules; + exit; + } +} +?>
\ No newline at end of file diff --git a/config/widget-havp/havp_alerts.js b/config/widget-havp/havp_alerts.js new file mode 100644 index 00000000..110e3998 --- /dev/null +++ b/config/widget-havp/havp_alerts.js @@ -0,0 +1,149 @@ + +havplastsawtime = '<?php echo time(); ?>'; +var havplines = Array(); +var havptimer; +var havpupdateDelay = 25500; +var havpisBusy = false; +var havpisPaused = false; + +<?php + if(isset($config['syslog']['reverse'])) + echo "var isReverse = true;\n"; + else + echo "var isReverse = false;\n"; +?> + +if (typeof getURL == 'undefined') { + getURL = function(url, callback) { + if (!url) + throw 'No URL for getURL'; + try { + if (typeof callback.operationComplete == 'function') + callback = callback.operationComplete; + } catch (e) {} + if (typeof callback != 'function') + throw 'No callback function for getURL'; + var http_request = null; + if (typeof XMLHttpRequest != 'undefined') { + http_request = new XMLHttpRequest(); + } + else if (typeof ActiveXObject != 'undefined') { + try { + http_request = new ActiveXObject('Msxml2.XMLHTTP'); + } catch (e) { + try { + http_request = new ActiveXObject('Microsoft.XMLHTTP'); + } catch (e) {} + } + } + if (!http_request) + throw 'Both getURL and XMLHttpRequest are undefined'; + http_request.onreadystatechange = function() { + if (http_request.readyState == 4) { + callback( { success : true, + content : http_request.responseText, + contentType : http_request.getResponseHeader("Content-Type") } ); + } + } + http_request.open('GET', url, true); + http_request.send(null); + } +} + +function havp_alerts_fetch_new_rules() { + if(havpisPaused) + return; + if(havpisBusy) + return; + havpisBusy = true; + getURL('widgets/helpers/havp_alerts_helper.php?lastsawtime=' + havplastsawtime, havp_alerts_fetch_new_rules_callback); +} +function havp_alerts_fetch_new_rules_callback(callback_data) { + if(havpisPaused) + return; + + var data_split; + var new_data_to_add = Array(); + var data = callback_data.content; + data_split = data.split("\n"); + for(var x=0; x<data_split.length-1; x++) { + /* loop through rows */ + row_split = data_split[x].split("||"); + var line = ''; + line += '<td width="25%" class="listr">' + row_split[4] + '<br> ' + row_split[3] + '</td>'; + line += '<td width="75%" class="listr">' + row_split[0] + '<br>' + row_split[1] + '</td>'; + havplastsawtime = row_split[2]; + new_data_to_add[new_data_to_add.length] = line; + } + havp_alerts_update_div_rows(new_data_to_add); + havpisBusy = false; +} + + +function havp_alerts_update_div_rows(data) { + if(havpisPaused) + return; + + var isIE = navigator.appName.indexOf('Microsoft') != -1; + var isSafari = navigator.userAgent.indexOf('Safari') != -1; + var isOpera = navigator.userAgent.indexOf('Opera') != -1; + var rulestable = document.getElementById('havp_alerts'); + var rows = rulestable.getElementsByTagName('tr'); + var showanim = 1; + if (isIE) { + showanim = 0; + } + //alert(data.length); + for(var x=0; x<data.length; x++) { + var numrows = rows.length; + /* if reverse logging is enabled we need to show the + * records in a reverse order with new items appearing + * on the top + */ + if(isReverse == false) { + for (var i = 1; i < numrows; i++) { + nextrecord = i + 1; + if(nextrecord < numrows) + rows[i].innerHTML = rows[nextrecord].innerHTML; + } + } else { + for (var i = numrows; i > 0; i--) { + nextrecord = i + 1; + if(nextrecord < numrows) + rows[nextrecord].innerHTML = rows[i].innerHTML; + } + } + var item = document.getElementById('havp-firstrow'); + if(x == data.length-1) + { + /* nothing */ + showanim = false; + } + else + { + showanim = false; + } + if (showanim) + { + // item.style.display = 'none'; + item.innerHTML = data[x]; + // new Effect.Appear(item); + } + else + { + item.innerHTML = data[x]; + } + } + /* rechedule AJAX interval */ + //havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); +} +function havp_alerts_toggle_pause() { + if(havpisPaused) { + havpisPaused = false; + havp_alerts_fetch_new_rules(); + } else { + havpisPaused = true; + } +} +/* start local AJAX engine */ +havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); diff --git a/config/widget-havp/havp_alerts.widget.php b/config/widget-havp/havp_alerts.widget.php new file mode 100644 index 00000000..57614fa1 --- /dev/null +++ b/config/widget-havp/havp_alerts.widget.php @@ -0,0 +1,63 @@ +<?php +/* + havp_alerts.widget.php + Copyright (C) 2009 Michael Liberman , Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $config, $g; + +?> +<table width="100%" border="0" cellspacing="0" cellpadding="0"> + <tbody> + <tr class="havp-alert-header"> + <td width="25%" class="widgetsubheader">Date</td> + <td width="75%" class="widgetsubheader">Details</td> + </tr> +<?php $counter=0; + foreach ($havp_alerts as $alert) { ?> + + <?php + if(isset($config['syslog']['reverse'])) { + /* honour reverse logging setting */ + if($counter == 0) + $activerow = " id=\"havp-firstrow\""; + else + $activerow = ""; + + } else { + /* non-reverse logging */ + if($counter == count($havp_alerts) - 1) + $activerow = " id=\"havp-firstrow\""; + else + $activerow = ""; + } + ?> + + <tr class="havp-alert-entry" <?php echo $activerow; ?>> + <td width="25%" class="listr"><?= $alert["time"] . "<br>" . $alert["date"]?></td> + <td width="75%" class="listr"><?= $alert["url"] . "<br>" . $alert["virusname"] ?></td> + </tr> +<?php $counter++; + } ?> + </tbody> +</table> diff --git a/config/widget-havp/havp_alerts_helper.php b/config/widget-havp/havp_alerts_helper.php new file mode 100644 index 00000000..332394b2 --- /dev/null +++ b/config/widget-havp/havp_alerts_helper.php @@ -0,0 +1,13 @@ +<?php +require("guiconfig.inc"); + +require_once("includes/havp_alerts.inc.php"); + +$havp_alerts_logfile = "{$g['varlog_path']}/havp/access.log"; +$nentries = 5; +handle_havp_ajax($havp_alerts_logfile, $nentries); + +?> +<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> +<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> +<script src="/widgets/javascript/havp_alerts.js" type="text/javascript"></script> diff --git a/config/widget-havp/widget-havp.inc b/config/widget-havp/widget-havp.inc new file mode 100644 index 00000000..61713f24 --- /dev/null +++ b/config/widget-havp/widget-havp.inc @@ -0,0 +1,11 @@ +<?php + +function widget_havp_uninstall() { + unlink("/usr/local/www/includes/havp_alerts.inc.php"); + unlink("/usr/local/www/widgets/helpers/havp_alerts_helper.php"); + unlink("/usr/local/www/widgets/include/havp_alerts.inc"); + unlink("/usr/local/www/widgets/javascript/havp_alerts.js"); + unlink("/usr/local/www/widgets/widgets/havp_alerts.widget.php"); +} + +?>
\ No newline at end of file diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml new file mode 100644 index 00000000..7042fe55 --- /dev/null +++ b/config/widget-havp/widget-havp.xml @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + widget-havp.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2009 Jim Pingle + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>HAVP widget add-on for Dashboard package</description> + <requirements>Dashboard package and HAVP</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>widget-havp</name> + <version>0.1</version> + <title>Widget - HAVP</title> + <include_file>/usr/local/pkg/widget-havp.inc</include_file> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/widget-havp/widget-havp.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/includes/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/helpers/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts_helper.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.js</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.widget.php</item> + </additional_files_needed> + <custom_php_deinstall_command> + widget_havp_uninstall(); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/widget-snort/snort_alerts.inc b/config/widget-snort/snort_alerts.inc new file mode 100644 index 00000000..d6e3b0ca --- /dev/null +++ b/config/widget-snort/snort_alerts.inc @@ -0,0 +1,15 @@ +<?php + +require_once("includes/snort_alerts.inc.php"); + +$snort_alerts_title = "Snort Alerts"; +$snort_alerts_title_link = "snort_alerts.php"; + +$snort_alerts_logfile = "{$g['varlog_path']}/snort/alert"; +$nentries = 5; +$snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); + +/* AJAX related routines */ +handle_snort_ajax($snort_alerts_logfile, $nentries = 5); + +?>
\ No newline at end of file diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php new file mode 100644 index 00000000..99e3ee9f --- /dev/null +++ b/config/widget-snort/snort_alerts.inc.php @@ -0,0 +1,77 @@ +<? +function get_snort_alerts($snort_alerts, $nentries, $tail = 20) { + global $config, $g; + $logarr = ""; + /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ + exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr); + + $snortalerts = array(); + + $counter = 0; + + foreach ($logarr as $logent) { + if($counter >= $nentries) + break; + + $alert = parse_snort_alert_line($logent); + if ($alert != "") { + $counter++; + $snortalerts[] = $alert; + } + + } + /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ + return isset($config['syslog']['reverse']) ? $snortalerts : array_reverse($snortalerts); +} + +function parse_snort_alert_line($line) { + $log_split = ""; + + preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split); + + list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], + $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split; + + $usableline = true; + + if(trim($alert['src']) == "") + $usableline = false; + if(trim($alert['dst']) == "") + $usableline = false; + + if($usableline == true) { + return $alert; + } else { + if($g['debug']) { + log_error("There was a error parsing line: $line. Please report to mailing list or forum."); + } + return ""; + } +} + +/* AJAX specific handlers */ +function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) { + if($_GET['lastsawtime'] or $_POST['lastsawtime']) { + if($_GET['lastsawtime']) + $lastsawtime = $_GET['lastsawtime']; + if($_POST['lastsawtime']) + $lastsawtime = $_POST['lastsawtime']; + /* compare lastsawrule's time stamp to alert logs. + * afterwards return the newer records so that client + * can update AJAX interface screen. + */ + $new_rules = ""; + $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); + foreach($snort_alerts as $log_row) { + $time_regex = ""; + preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); + $row_time = strtotime($time_regex[1]); + if($row_time > $lastsawtime) { + $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||\n"; + } + } + echo $new_rules; + exit; + } +} +?>
\ No newline at end of file diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js new file mode 100644 index 00000000..48c97d6c --- /dev/null +++ b/config/widget-snort/snort_alerts.js @@ -0,0 +1,145 @@ + +snortlastsawtime = '<?php echo time(); ?>'; +var snortlines = Array(); +var snorttimer; +var snortupdateDelay = 25500; +var snortisBusy = false; +var snortisPaused = false; + +<?php + if(isset($config['syslog']['reverse'])) + echo "var isReverse = true;\n"; + else + echo "var isReverse = false;\n"; +?> + +if (typeof getURL == 'undefined') { + getURL = function(url, callback) { + if (!url) + throw 'No URL for getURL'; + try { + if (typeof callback.operationComplete == 'function') + callback = callback.operationComplete; + } catch (e) {} + if (typeof callback != 'function') + throw 'No callback function for getURL'; + var http_request = null; + if (typeof XMLHttpRequest != 'undefined') { + http_request = new XMLHttpRequest(); + } + else if (typeof ActiveXObject != 'undefined') { + try { + http_request = new ActiveXObject('Msxml2.XMLHTTP'); + } catch (e) { + try { + http_request = new ActiveXObject('Microsoft.XMLHTTP'); + } catch (e) {} + } + } + if (!http_request) + throw 'Both getURL and XMLHttpRequest are undefined'; + http_request.onreadystatechange = function() { + if (http_request.readyState == 4) { + callback( { success : true, + content : http_request.responseText, + contentType : http_request.getResponseHeader("Content-Type") } ); + } + } + http_request.open('GET', url, true); + http_request.send(null); + } +} + +function snort_alerts_fetch_new_rules() { + if(snortisPaused) + return; + if(snortisBusy) + return; + snortisBusy = true; + getURL('widgets/helpers/snort_alerts_helper.php?lastsawtime=' + snortlastsawtime, snort_alerts_fetch_new_rules_callback); +} +function snort_alerts_fetch_new_rules_callback(callback_data) { + if(snortisPaused) + return; + + var data_split; + var new_data_to_add = Array(); + var data = callback_data.content; + + data_split = data.split("\n"); + + for(var x=0; x<data_split.length-1; x++) { + /* loop through rows */ + row_split = data_split[x].split("||"); + var line = ''; + line = '<td width="5%" class="listr">' + row_split[1] + '</td>'; + line += '<td width="5%" class="listr">' + row_split[2] + '</td>'; + line += '<td width="45%" class="listr">' + row_split[3] + '</td>'; + line += '<td width="45%" class="listr">' + row_split[4] + '</td>'; + snortlastsawtime = row_split[5]; + new_data_to_add[new_data_to_add.length] = line; + } + snort_alerts_update_div_rows(new_data_to_add); + snortisBusy = false; +} +function snort_alerts_update_div_rows(data) { + if(snortisPaused) + return; + + var isIE = navigator.appName.indexOf('Microsoft') != -1; + var isSafari = navigator.userAgent.indexOf('Safari') != -1; + var isOpera = navigator.userAgent.indexOf('Opera') != -1; + var rulestable = document.getElementById('snort_alerts'); + var rows = rulestable.getElementsByTagName('tr'); + var showanim = 1; + if (isIE) { + showanim = 0; + } + //alert(data.length); + for(var x=0; x<data.length; x++) { + var numrows = rows.length; + /* if reverse logging is enabled we need to show the + * records in a reverse order with new items appearing + * on the top + */ + if(isReverse == false) { + for (var i = 1; i < numrows; i++) { + nextrecord = i + 1; + if(nextrecord < numrows) + rows[i].innerHTML = rows[nextrecord].innerHTML; + } + } else { + for (var i = numrows; i > 0; i--) { + nextrecord = i + 1; + if(nextrecord < numrows) + rows[nextrecord].innerHTML = rows[i].innerHTML; + } + } + var item = document.getElementById('snort-firstrow'); + if(x == data.length-1) { + /* nothing */ + showanim = false; + } else { + showanim = false; + } + if (showanim) { + item.style.display = 'none'; + item.innerHTML = data[x]; + new Effect.Appear(item); + } else { + item.innerHTML = data[x]; + } + } + /* rechedule AJAX interval */ + //snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); +} +function snort_alerts_toggle_pause() { + if(snortisPaused) { + snortisPaused = false; + snort_alerts_fetch_new_rules(); + } else { + snortisPaused = true; + } +} +/* start local AJAX engine */ +snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php new file mode 100644 index 00000000..22bd1b69 --- /dev/null +++ b/config/widget-snort/snort_alerts.widget.php @@ -0,0 +1,67 @@ +<?php +/* + snort_alerts.widget.php + Copyright (C) 2009 Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $config, $g; + +?> +<table width="100%" border="0" cellspacing="0" cellpadding="0"> + <tbody> + <tr class="snort-alert-header"> + <td width="5%" class="widgetsubheader">Pri</td> + <td width="5%" class="widgetsubheader">Category</td> + <td width="45%" class="widgetsubheader">Src</td> + <td width="45%" class="widgetsubheader">Dst</td> + </tr> +<?php $counter=0; + foreach ($snort_alerts as $alert) { ?> + + <?php + if(isset($config['syslog']['reverse'])) { + /* honour reverse logging setting */ + if($counter == 0) + $activerow = " id=\"snort-firstrow\""; + else + $activerow = ""; + + } else { + /* non-reverse logging */ + if($counter == count($snort_alerts) - 1) + $activerow = " id=\"snort-firstrow\""; + else + $activerow = ""; + } + ?> + + <tr class="snort-alert-entry" <?php echo $activerow; ?>> + <td width="5%" class="listr"><?= $alert["priority"] ?></td> + <td width="5%" class="listr"><?= $alert["category"] ?></td> + <td width="45%" class="listr"><?= $alert["src"] ?></td> + <td width="45%" class="listr"><?= $alert["dst"] ?></td> + </tr> +<?php $counter++; + } ?> + </tbody> +</table> diff --git a/config/widget-snort/snort_alerts_helper.php b/config/widget-snort/snort_alerts_helper.php new file mode 100644 index 00000000..0e7b4fad --- /dev/null +++ b/config/widget-snort/snort_alerts_helper.php @@ -0,0 +1,13 @@ +<?php +require("guiconfig.inc"); + +require_once("includes/snort_alerts.inc.php"); + +$snort_alerts_logfile = "{$g['varlog_path']}/snort/alert"; +$nentries = 5; +handle_snort_ajax($snort_alerts_logfile, $nentries); + +?> +<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> +<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> +<script src="/widgets/javascript/snort_alerts.js" type="text/javascript"></script> diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc new file mode 100644 index 00000000..584e5f2d --- /dev/null +++ b/config/widget-snort/widget-snort.inc @@ -0,0 +1,13 @@ +<?php + +function widget_snort_uninstall() { + + unlink("/usr/local/www/includes/snort_alerts.inc.php"); + unlink("/usr/local/www/widgets/helpers/snort_alerts_helper.php"); + unlink("/usr/local/www/widgets/include/snort_alerts.inc"); + unlink("/usr/local/www/widgets/javascript/snort_alerts.js"); + unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php"); + +} + +?>
\ No newline at end of file diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml new file mode 100644 index 00000000..b32a27d7 --- /dev/null +++ b/config/widget-snort/widget-snort.xml @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + widget-snort.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2009 Jim Pingle + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Snort widget add-on for Dashboard package</description> + <requirements>Dashboard package and Snort</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>widget-snort</name> + <version>0.1</version> + <title>Widget - Snort</title> + <include_file>/usr/local/pkg/widget-snort.inc</include_file> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/includes/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/helpers/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts_helper.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.js</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0644</chmod> + <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item> + </additional_files_needed> + <custom_php_deinstall_command> + widget_snort_uninstall(); + </custom_php_deinstall_command> +</packagegui> |