aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/snort-dev/snort.inc59
-rw-r--r--config/snort-dev/snort_barnyard.php113
-rw-r--r--config/snort-dev/snort_define_servers.php50
-rw-r--r--config/snort-dev/snort_gui.inc2
-rw-r--r--config/snort-dev/snort_interfaces.php37
-rw-r--r--config/snort-dev/snort_interfaces_edit.php117
-rw-r--r--config/snort-dev/snort_preprocessors.php175
-rw-r--r--config/snort-dev/snort_rulesets.php2
8 files changed, 416 insertions, 139 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 08b2aae1..65487703 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -79,9 +79,6 @@ function snort_postinstall()
{
global $config;
conf_mount_rw();
-
- exec("/usr/sbin/pw groupadd snort");
- exec('/usr/sbin/pw useradd snort -c "SNORT USER" -d /nonexistent -g snort -s /sbin/nologin');
if(!file_exists("/var/log/snort/"))
mwexec("mkdir -p /var/log/snort/");
@@ -283,7 +280,7 @@ function create_snort_sh()
/* define snortbarnyardlog_chk */
if ($snortbarnyardlog_info_chk == on) {
- $start_barnyard2 = "\nsleep 4\n/usr/local/bin/barnyard2 -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q\n\n";
+ $start_barnyard2 = "\nsleep 4\n/usr/local/bin/barnyard2 -u snort -g snort -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q\n\n";
}
@@ -395,6 +392,7 @@ rc_start_real() {
/bin/rm /var/run/snort_$if_real$id$if_real.pid.lck
/usr/local/bin/snort -u snort -g snort -G $id -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q
/sbin/ifconfig $if_real_wan polling promisc
+ $start_barnyard2
sleep 3
/bin/cp /var/log/system.log /var/log/snort/snort_sys_$id$if_real.log
@@ -466,12 +464,18 @@ EOD;
/* open barnyard2.conf for writing */
function create_barnyard2_conf() {
- global $bconfig, $bg;
+ global $bconfig, $bg, $id, $if_real;
/* write out barnyard2_conf */
+
+ if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/barnyard2.conf"))
+ {
+ exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf");
+ }
+
$barnyard2_conf_text = generate_barnyard2_conf();
- $bconf = fopen("/usr/local/etc/snort/$id$if_real/barnyard2.conf", "w");
+ $bconf = fopen("/usr/local/etc/snort/snort_$id$if_real/barnyard2.conf", "w");
if(!$bconf) {
- log_error("Could not open /usr/local/etc/snort/$id$if_real/barnyard2.conf for writing.");
+ log_error("Could not open /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf for writing.");
exit;
}
fwrite($bconf, $barnyard2_conf_text);
@@ -658,7 +662,8 @@ snort_rules_up_deinstall_cron("");
}
-function generate_snort_conf() {
+function generate_snort_conf()
+{
global $config, $g, $if_real, $id;
conf_mount_rw();
@@ -670,19 +675,22 @@ function generate_snort_conf() {
// $snort_config_pass_thru = $config['installedpackages']['snortglobal']['rule'][$id]['configpassthru'];
/* create basic files */
- if(!file_exists("/usr/local/etc/snort/snort/snort_$id$if_real")) {
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
-
- if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/gen-msg.map")) {
- exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_$id$if_real/classification.config");
- exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_$id$if_real/gen-msg.map");
- exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_$id$if_real/reference.config");
- exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_$id$if_real/sid-msg.map");
- exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_$id$if_real/unicode.map");
- exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_$id$if_real/threshold.conf");
- exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_$id$if_real/snort.conf");
- exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
+ if(!file_exists("/usr/local/etc/snort/snort/snort_$id$if_real"))
+ {
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
+
+ if(!file_exists("/usr/local/etc/snort/snort_$id$if_real/gen-msg.map"))
+ {
+ exec("/bin/cp /usr/local/etc/snort/classification.config /usr/local/etc/snort/snort_$id$if_real/classification.config");
+ exec("/bin/cp /usr/local/etc/snort/gen-msg.map /usr/local/etc/snort/snort_$id$if_real/gen-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/reference.config /usr/local/etc/snort/snort_$id$if_real/reference.config");
+ exec("/bin/cp /usr/local/etc/snort/sid-msg.map /usr/local/etc/snort/snort_$id$if_real/sid-msg.map");
+ exec("/bin/cp /usr/local/etc/snort/unicode.map /usr/local/etc/snort/snort_$id$if_real/unicode.map");
+ exec("/bin/cp /usr/local/etc/snort/threshold.conf /usr/local/etc/snort/snort_$id$if_real/threshold.conf");
+ exec("/bin/cp /usr/local/etc/snort/snort.conf /usr/local/etc/snort/snort_$id$if_real/snort.conf");
+ exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf");
+ exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules");
}
}
@@ -703,11 +711,6 @@ $tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id][
if ($tcpdumplog_info_chk == on)
$tcpdumplog_type = "output log_tcpdump: snorttcpd.log";
-/* define snortbarnyardlog_chk */
-$snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortbarnyardlog'];
-if ($snortbarnyardlog_info_chk == on)
- $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D";
-
/* define snortunifiedlog */
$snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'];
if ($snortunifiedlog_info_chk == on)
@@ -1546,7 +1549,7 @@ $def_ssl_ports_ignore_info_chk = $config['installedpackages']['snortglobal']['ru
if ($def_ssl_ports_ignore_info_chk == "")
$def_ssl_ports_ignore_type = "443 465 563 636 989 990 992 993 994 995";
else
- $def_ssl_ports_ignore_type = "$def_ssl_ports_info_chk";
+ $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk";
//////////////////////////////////////////////////////////////////
/* build snort configuration file */
@@ -1744,7 +1747,7 @@ preprocessor stream5_icmp:
#
##############################
-preprocessor ssl: ports { $def_ssl_ports_ignore_type }, trustservers, noinspect_encrypted
+preprocessor ssl: ports { {$def_ssl_ports_ignore_type} }, trustservers, noinspect_encrypted
#####################
#
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php
index cfe4e77d..a28bf0e7 100644
--- a/config/snort-dev/snort_barnyard.php
+++ b/config/snort-dev/snort_barnyard.php
@@ -57,10 +57,52 @@ if (isset($_GET['dup'])) {
if (isset($id) && $a_nat[$id]) {
- /* new options */
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['ip def_sip_proxy_ports'] = $a_nat[$id]['ip def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
- /* old options */
$pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
@@ -70,7 +112,6 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
- $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
@@ -96,16 +137,62 @@ if ($_POST) {
/* if no errors write to conf */
if (!$input_errors) {
$natent = array();
- /* repost the options already in conf */
- $natent['enable'] = $pconfig['enable'];
- $natent['interface'] = $pconfig['interface'];
- $natent['descr'] = $pconfig['descr'];
- $natent['performance'] = $pconfig['performance'];
- $natent['blockoffenders7'] = $pconfig['blockoffenders7'];
- $natent['snortalertlogtype'] = $pconfig['snortalertlogtype'];
- $natent['alertsystemlog'] = $pconfig['alertsystemlog'];
- $natent['tcpdumplog'] = $pconfig['tcpdumplog'];
- $natent['flow_depth'] = $pconfig['flow_depth'];
+ /* repost the options already in conf */
+
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+
+
/* post new options */
$natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off;
$natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php
index 812d379b..aca2f036 100644
--- a/config/snort-dev/snort_define_servers.php
+++ b/config/snort-dev/snort_define_servers.php
@@ -57,7 +57,17 @@ if (isset($_GET['dup'])) {
if (isset($id) && $a_nat[$id]) {
- /* new options */
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
$pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
$pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
$pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
@@ -91,7 +101,6 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
$pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
$pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
- /* old options */
$pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
$pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
@@ -103,7 +112,6 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
- $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
if (isset($_GET['dup']))
unset($id);
@@ -119,19 +127,29 @@ if ($_POST) {
/* if no errors write to conf */
if (!$input_errors) {
$natent = array();
- /* repost the options already in conf */
- $natent['enable'] = $pconfig['enable'];
- $natent['interface'] = $pconfig['interface'];
- $natent['descr'] = $pconfig['descr'];
- $natent['performance'] = $pconfig['performance'];
- $natent['blockoffenders7'] = $pconfig['blockoffenders7'];
- $natent['snortalertlogtype'] = $pconfig['snortalertlogtype'];
- $natent['alertsystemlog'] = $pconfig['alertsystemlog'];
- $natent['tcpdumplog'] = $pconfig['tcpdumplog'];
- $natent['snortunifiedlog'] = $pconfig['snortunifiedlog'];
- $natent['flow_depth'] = $pconfig['flow_depth'];
- $natent['barnyard_enable'] = $pconfig['barnyard_enable'];
- $natent['barnyard_mysql'] = $pconfig['barnyard_mysql'];
+ /* repost the options already in conf */
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+
/* post new options */
if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
diff --git a/config/snort-dev/snort_gui.inc b/config/snort-dev/snort_gui.inc
index d8743b43..90fc8505 100644
--- a/config/snort-dev/snort_gui.inc
+++ b/config/snort-dev/snort_gui.inc
@@ -36,7 +36,7 @@ function print_info_box_np2($msg) {
echo " <td>\n";
echo " <div style='background-color:#990000' id='redbox'>\n";
echo " <table width='100%'><tr><td width='8%'>\n";
- echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/images/alert.jpg\" width=\"32\" height=\"28\">\n";
+ echo " &nbsp;&nbsp;&nbsp;<img style='vertical-align:middle' src=\"/snort/alert.jpg\" width=\"32\" height=\"28\">\n";
echo " </td>\n";
echo " <td width='70%'><font color='white'><b>{$msg}</b></font>\n";
echo " </td>";
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index 974e2673..1c97f944 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -162,7 +162,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "") {
}
}
-$pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.8 beta";
+$pgtitle = "Services: Snort 2.8.4.1_6 pkg v. 1.8 RC1";
include("head.inc");
?>
@@ -192,6 +192,17 @@ padding: 15px 10px 50% 50px;
padding-top: 4px;
padding-bottom: 4px;
}
+.listbg3 {
+ border-right: 1px solid #777777;
+ border-bottom: 1px solid #777777;
+ font-size: 11px;
+ background-color: #777777;
+ color: #000;
+ padding-right: 16px;
+ padding-left: 6px;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
</style>
<noscript><div class="alert" ALIGN=CENTER><img src="/themes/nervecenter/images/icons/icon_alert.gif"/><strong>Please enable JavaScript to view this content</CENTER></div></noscript>
@@ -307,7 +318,17 @@ padding: 15px 10px 50% 50px;
?>
<?=strtoupper($check_blockoffenders);?>
</td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <?php
+ /* convert fake interfaces to real and check if iface is up */
+ $if_real2 = convert_friendly_interface_to_real_interface_name($natent['interface']);
+ $color_up_b = exec("/bin/ps -auwx | grep -v grep | grep \"snort.u2_{$nnats}{$if_real2}\" | awk '{print $2;}'");
+ If ($color_up_b != "") {
+ $class_color_up_bb = "listbg2";
+ }else{
+ $class_color_up_bb = "listbg";
+ }
+ ?>
+ <td class="<?=$class_color_up_bb;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
if ($check_snortbarnyardlog_info == "on")
@@ -319,7 +340,7 @@ padding: 15px 10px 50% 50px;
?>
<?=strtoupper($check_snortbarnyardlog);?>
</td>
- <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
+ <td class="listbg3" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<font color="#ffffff">
<?=htmlspecialchars($natent['descr']);?>&nbsp;
</td>
@@ -351,13 +372,15 @@ padding: 15px 10px 50% 50px;
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
<br>
- This is the <strong>Snort Interfaces Menu</strong> where you can see an over view of all your interface settings.
+ This is the <strong>Snort Menu</strong> where you can see an over view of all your interface settings.
<br>
- Please edit the <strong>Global Settings </strong> tab befor adding an interface.
+ Please edit the <strong>Global Settings</strong> tab befor adding an interface.
<br><br>
- Click on the <strong>Plus Icon</strong> to add a interface.
+ <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard.
+ <br>
+ <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard.
<br>
- Click on the <strong>Edit Icon</strong> to edit interface settings.
+ <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings.
</td>
</table>
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index cdf2f3e1..881df8a2 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -50,6 +50,52 @@ if (isset($_GET['dup'])) {
if (isset($id) && $a_nat[$id]) {
+ /* old options */
+ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
+ $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
+ $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
+ $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
+ $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
+ $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
+ $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
+ $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
+ $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
+ $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
+ $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
+ $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
+ $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
+ $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
+ $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
+ $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
+ $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
+ $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
+ $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
+ $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
+ $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
+ $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
+ $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
+ $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
+ $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
+ $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+ $pconfig['ip def_sip_proxy_ports'] = $a_nat[$id]['ip def_sip_proxy_ports'];
+ $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
+ $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
+ $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
+ $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
+ $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
+ $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
+ $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
+ $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
+ $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
$pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['descr'] = $a_nat[$id]['descr'];
@@ -59,9 +105,6 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
- $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
- $pconfig['barnyard_enable'] = $a_nat[$id]['barnyard_enable'];
- $pconfig['barnyard_mysql'] = $a_nat[$id]['barnyard_mysql'];
if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
@@ -150,7 +193,7 @@ if ($_POST["Submit"]) {
continue;
}
-/* if no errors write to conf */
+ /* if no errors write to conf */
if (!$input_errors) {
$natent = array();
@@ -167,10 +210,55 @@ if ($_POST["Submit"]) {
if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
/* if optiion = 0 then the old descr way will not work */
- if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = $pconfig['flow_depth']; }
- /* rewrite the options that are not in post */
- $natent['barnyard_enable'] = $pconfig['barnyard_enable'];
- $natent['barnyard_mysql'] = $pconfig['barnyard_mysql'];
+
+ /* rewrite the options that are not in post */
+ /* make shure values are set befor repost or conf.xml will be broken */
+ if ($pconfig['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $pconfig['def_ssl_ports_ignore']; }
+ if ($pconfig['flow_depth'] != "") { $natent['flow_depth'] = $pconfig['flow_depth']; }
+ if ($pconfig['perform_stat'] != "") { $natent['perform_stat'] = $pconfig['perform_stat']; }
+ if ($pconfig['http_inspect'] != "") { $natent['http_inspect'] = $pconfig['http_inspect']; }
+ if ($pconfig['other_preprocs'] != "") { $natent['other_preprocs'] = $pconfig['other_preprocs']; }
+ if ($pconfig['ftp_preprocessor'] != "") { $natent['ftp_preprocessor'] = $pconfig['ftp_preprocessor']; }
+ if ($pconfig['smtp_preprocessor'] != "") { $natent['smtp_preprocessor'] = $pconfig['smtp_preprocessor']; }
+ if ($pconfig['sf_portscan'] != "") { $natent['sf_portscan'] = $pconfig['sf_portscan']; }
+ if ($pconfig['dce_rpc_2'] != "") { $natent['dce_rpc_2'] = $pconfig['dce_rpc_2']; }
+ if ($pconfig['dns_preprocessor'] != "") { $natent['dns_preprocessor'] = $pconfig['dns_preprocessor']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -246,7 +334,6 @@ echo "
document.iform.descr.disabled = endis;\n";
}
?>
- document.iform.flow_depth.disabled = endis;
document.iform.performance.disabled = endis;
document.iform.blockoffenders7.disabled = endis;
document.iform.snortalertlogtype.disabled = endis;
@@ -432,18 +519,6 @@ if($id != "")
<input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td>
</tr>
- <tr>
- <td valign="top" class="vncell">HTTP server flow depth</td>
- <td class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td>
- </tr>
- </table>
- Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.<br>
- Setting this value too low may cause false negatives. Value above 0 is in bytes.<br>
- <strong>Default value is 0</strong></td>
- </tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php
index 88f90b2e..39ed86d4 100644
--- a/config/snort-dev/snort_preprocessors.php
+++ b/config/snort-dev/snort_preprocessors.php
@@ -58,8 +58,16 @@ if (isset($_GET['dup'])) {
if (isset($id) && $a_nat[$id]) {
/* new options */
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
$pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore'];
+ $pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
+ $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
+ $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
+ $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
+ $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
+ $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
+ $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
+ $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
/* old options */
$pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
@@ -123,55 +131,63 @@ if ($_POST) {
if (!$input_errors) {
$natent = array();
/* repost the options already in conf */
- $natent['enable'] = $pconfig['enable'];
- $natent['interface'] = $pconfig['interface'];
- $natent['descr'] = $pconfig['descr'];
- $natent['performance'] = $pconfig['performance'];
- $natent['blockoffenders7'] = $pconfig['blockoffenders7'];
- $natent['snortalertlogtype'] = $pconfig['snortalertlogtype'];
- $natent['alertsystemlog'] = $pconfig['alertsystemlog'];
- $natent['tcpdumplog'] = $pconfig['tcpdumplog'];
- $natent['snortunifiedlog'] = $pconfig['snortunifiedlog'];
- $natent['flow_depth'] = $pconfig['flow_depth'];
- $natent['barnyard_enable'] = $pconfig['barnyard_enable'];
- $natent['barnyard_mysql'] = $pconfig['barnyard_mysql'];
- $natent['def_dns_servers'] = $pconfig['def_dns_servers'];
- $natent['def_dns_ports'] = $pconfig['def_dns_ports'];
- $natent['def_smtp_servers'] = $pconfig['def_smtp_servers'];
- $natent['def_smtp_ports'] = $pconfig['def_smtp_ports'];
- $natent['def_mail_ports'] = $pconfig['def_mail_ports'];
- $natent['def_http_servers'] = $pconfig['def_http_servers'];
- $natent['def_www_servers'] = $pconfig['def_www_servers'];
- $natent['def_http_ports'] = $pconfig['def_http_ports'];
- $natent['def_sql_servers'] = $pconfig['def_sql_servers'];
- $natent['def_oracle_ports'] = $pconfig['def_oracle_ports'];
- $natent['def_mssql_ports'] = $pconfig['def_mssql_ports'];
- $natent['def_telnet_servers'] = $pconfig['def_telnet_servers'];
- $natent['def_telnet_ports'] = $pconfig['def_telnet_ports'];
- $natent['def_snmp_servers'] = $pconfig['def_snmp_servers'];
- $natent['def_snmp_ports'] = $pconfig['def_snmp_ports'];
- $natent['def_ftp_servers'] = $pconfig['def_ftp_servers'];
- $natent['def_ftp_ports'] = $pconfig['def_ftp_ports'];
- $natent['def_ssh_servers'] = $pconfig['def_ssh_servers'];
- $natent['def_ssh_ports'] = $pconfig['def_ssh_ports'];
- $natent['def_pop_servers'] = $pconfig['def_pop_servers'];
- $natent['def_pop2_ports'] = $pconfig['def_pop2_ports'];
- $natent['def_pop3_ports'] = $pconfig['def_pop3_ports'];
- $natent['def_imap_servers'] = $pconfig['def_imap_servers'];
- $natent['def_imap_ports'] = $pconfig['def_imap_ports'];
- $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip'];
- $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports'];
- $natent['def_auth_ports'] = $pconfig['def_auth_ports'];
- $natent['def_finger_ports'] = $pconfig['def_finger_ports'];
- $natent['def_irc_ports'] = $pconfig['def_irc_ports'];
- $natent['def_nntp_ports'] = $pconfig['def_nntp_ports'];
- $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports'];
- $natent['def_rsh_ports'] = $pconfig['def_rsh_ports'];
- $natent['def_ssl_ports'] = $pconfig['def_ssl_ports'];
+ if ($pconfig['interface'] != "") { $natent['interface'] = $pconfig['interface']; }
+ if ($pconfig['enable'] != "") { $natent['enable'] = $pconfig['enable']; }
+ if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; }
+ if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; }
+ if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; }
+ if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; }
+ if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
+ if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
+ if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+ if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
+ if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; }
+ if ($pconfig['def_dns_servers'] != "") { $natent['def_dns_servers'] = $pconfig['def_dns_servers']; }
+ if ($pconfig['def_dns_ports'] != "") { $natent['def_dns_ports'] = $pconfig['def_dns_ports']; }
+ if ($pconfig['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $pconfig['def_smtp_servers']; }
+ if ($pconfig['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $pconfig['def_smtp_ports']; }
+ if ($pconfig['def_mail_ports'] != "") { $natent['def_mail_ports'] = $pconfig['def_mail_ports']; }
+ if ($pconfig['def_http_servers'] != "") { $natent['def_http_servers'] = $pconfig['def_http_servers']; }
+ if ($pconfig['def_www_servers'] != "") { $natent['def_www_servers'] = $pconfig['def_www_servers']; }
+ if ($pconfig['def_http_ports'] != "") { $natent['def_http_ports'] = $pconfig['def_http_ports']; }
+ if ($pconfig['def_sql_servers'] != "") { $natent['def_sql_servers'] = $pconfig['def_sql_servers']; }
+ if ($pconfig['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $pconfig['def_oracle_ports']; }
+ if ($pconfig['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $pconfig['def_mssql_ports']; }
+ if ($pconfig['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $pconfig['def_telnet_servers']; }
+ if ($pconfig['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $pconfig['def_telnet_ports']; }
+ if ($pconfig['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $pconfig['def_snmp_servers']; }
+ if ($pconfig['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $pconfig['def_snmp_ports']; }
+ if ($pconfig['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $pconfig['def_ftp_servers']; }
+ if ($pconfig['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $pconfig['def_ftp_ports']; }
+ if ($pconfig['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $pconfig['def_ssh_servers']; }
+ if ($pconfig['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $pconfig['def_ssh_ports']; }
+ if ($pconfig['def_pop_servers'] != "") { $natent['def_pop_servers'] = $pconfig['def_pop_servers']; }
+ if ($pconfig['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $pconfig['def_pop2_ports']; }
+ if ($pconfig['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $pconfig['def_pop3_ports']; }
+ if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
+ if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
+ if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+ if ($pconfig['ip def_sip_proxy_ports'] != "") { $natent['ip def_sip_proxy_ports'] = $pconfig['ip def_sip_proxy_ports']; }
+ if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
+ if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
+ if ($pconfig['def_irc_ports'] != "") { $natent['def_irc_ports'] = $pconfig['def_irc_ports']; }
+ if ($pconfig['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $pconfig['def_nntp_ports']; }
+ if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
+ if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
+ if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
/* post new options */
$natent['perform_stat'] = $_POST['perform_stat'];
if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; }
+ if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; }
+ $natent['perform_stat'] = $_POST['perform_stat'] ? on : off;
+ $natent['http_inspect'] = $_POST['http_inspect'] ? on : off;
+ $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off;
+ $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? on : off;
+ $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? on : off;
+ $natent['sf_portscan'] = $_POST['sf_portscan'] ? on : off;
+ $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? on : off;
+ $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? on : off;
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
@@ -268,22 +284,77 @@ if($id != "")
?>
<tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong>Note:</strong></span><br>
- Please save your settings befor you click start.<br>
- Please make sure there are <strong>no spaces</strong> in your definitions.
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note: </strong></span><br>
+ RULES MAY DEPENDENT ON Preprocessors!<br>
+ Please save your settings befor you click start.<br>
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell">perform_stat</td>
+ <td width="22%" valign="top" class="vncell">Enable <br>Performance Statistics</td>
<td width="78%" class="vtable">
<input name="perform_stat" type="checkbox" value="on" <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
- Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</td>
+ Performance Statistics for this interface.</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>HTTP Inspect</td>
+ <td width="78%" class="vtable">
+ <input name="http_inspect" type="checkbox" value="on" <?php if ($pconfig['http_inspect']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Normalize/Decode and detect HTTP traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">HTTP server flow depth</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="flow_depth" type="text" class="formfld" id="flow_depth" size="5" value="<?=htmlspecialchars($pconfig['flow_depth']);?>"> <strong>-1</strong> to <strong>1460</strong> (<strong>-1</strong> disables HTTP inspect, <strong>0</strong> enables all HTTP inspect)</td>
+ </tr>
+ </table>
+ Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.<br>
+ Setting this value too low may cause false negatives. Value above 0 is in bytes.<br>
+ <strong>Default value is 0</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>RPC Decode and Back Orifice detector</td>
+ <td width="78%" class="vtable">
+ <input name="other_preprocs" type="checkbox" value="on" <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>FTP & Telnet Normalizer</td>
+ <td width="78%" class="vtable">
+ <input name="ftp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['ftp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Normalize/Decode FTP & Telnet traffic and protocol anomalies.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>SMTP Normalizer</td>
+ <td width="78%" class="vtable">
+ <input name="smtp_preprocessor" type="checkbox" value="on" <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Normalize/Decode SMTP protocol for enforcement and buffer overflows.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>Portscan Detection</td>
+ <td width="78%" class="vtable">
+ <input name="sf_portscan" type="checkbox" value="on" <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ Detects various types of portscans and portsweeps.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>DCE/RPC2 Detection</td>
+ <td width="78%" class="vtable">
+ <input name="dce_rpc_2" type="checkbox" value="on" <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ The dcerpc preprocessor detects and decodes SMB and DCE/RPC traffic.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Enable <br>DNS Detection</td>
+ <td width="78%" class="vtable">
+ <input name="dns_preprocessor" type="checkbox" value="on" <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?> onClick="enable_change(false)"><br>
+ The dns preprocessor (currently) decodes DNS Response traffic and detects a few vulnerabilities.</td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Define SSL_IGNORE</td>
<td width="78%" class="vtable">
<input name="def_ssl_ports_ignore" type="text" class="formfld" id="def_ssl_ports_ignore" size="40" value="<?=htmlspecialchars($pconfig['def_ssl_ports_ignore']);?>">
- <br> <span class="vexpl">Example: "443 465 563 636 989 990 992 993 994 995".</span></td>
+ <br> <span class="vexpl"> Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives.<br>
+ Default: "443 465 563 636 989 990 992 993 994 995".</span> <strong>Please use spaces and not commas.</strong></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
index 14d9e01c..e98244d0 100644
--- a/config/snort-dev/snort_rulesets.php
+++ b/config/snort-dev/snort_rulesets.php
@@ -29,7 +29,7 @@
*/
require("guiconfig.inc");
-require("filter.inc");
+require_once("filter.inc");
require_once("service-utils.inc");
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {