diff options
Diffstat (limited to 'config')
32 files changed, 558 insertions, 383 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 72c1f9b4..ed5596d6 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -603,8 +603,8 @@ EOF; } $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n"; - $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n"; - $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n"; + $vh_config.=" ProxyPass balancer://{$backend['balancer']}".($backend['backendpath'] ? $backend['backendpath'] : "/")."\n"; + $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}".($backend['backendpath'] ? $backend['backendpath'] : "/")."\n"; if ($backend['compress']== "no") $vh_config.=" SetInputFilter INFLATE\n SetOutputFilter INFLATE\n"; if ($backend['modsecgroup']!="" && $backend['modsecgroup']!="none" && $mods_settings['enablemodsecurity']=="on"){ diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml index 2b4f6996..3709dce1 100644 --- a/config/checkmk-agent/checkmk.xml +++ b/config/checkmk-agent/checkmk.xml @@ -93,13 +93,12 @@ <fieldname>checkmkport</fieldname> <type>input</type> <size>10</size> - <description>Enter port to listen on. Leave empty to use Default prot 6556</description> - <required/> + <description>Enter port to listen on. Leave empty to use Default port 6556.</description> </field> <field> <fielddescr>Hosts.allow</fielddescr> <fieldname>checkmkhosts</fieldname> - <description>Enter hosts(comma separeted) that can communicate with this agent.</description> + <description>Enter hosts (comma separated) that can communicate with this agent.</description> <type>input</type> <size>60</size> </field> @@ -118,4 +117,4 @@ <custom_php_resync_config_command> sync_package_checkmk(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 76da6213..8472ea5e 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -76,6 +76,15 @@ if ($pfs_version == "2.2") { } function freeradius_deinstall_command() { + $pidFile = "/var/run/radiusd.pid"; + $i = 0; + + while (isvalidpid($pidFile) && $i < 3) { + $sig = ($i == 2 ? SIGKILL : SIGTERM); + sigkillbypid($pidFile, $sig); + sleep(1); + $i++; + } return; } diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php index 0095b009..8cdc844e 100644 --- a/config/freeradius2/freeradius_view_config.php +++ b/config/freeradius2/freeradius_view_config.php @@ -100,8 +100,8 @@ else{ display_top_tabs($tab_array); ?> </td></tr> - <tr> - <td> + <tr> + <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> <tr><td></td></tr> @@ -126,8 +126,8 @@ else{ </td> </tr> <tr> - <td class="tabcont" > - <div id="file_div"></div> + <td class="tabcont" > + <div id="file_div"></div> </td> </tr> diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml index 594e7398..3a643a86 100644 --- a/config/freeradius2/freeradiusauthorizedmacs.xml +++ b/config/freeradius2/freeradiusauthorizedmacs.xml @@ -45,7 +45,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>freeradiusauthorizedmacs</name> - <version>2.1.12</version> + <version>2.2.0</version> <title>FreeRADIUS: MACs</title> <include_file>/usr/local/pkg/freeradius.inc</include_file> <menu> @@ -54,13 +54,6 @@ <section>Services</section> <url>/pkg.php?xml=freeradiusauthorizedmacs.xml</url> </menu> - <service> - <name>radiusd</name> - <rcfile>radiusd.sh</rcfile> - <executable>radiusd</executable> - <description><![CDATA[FreeRADIUS Server]]></description> - </service> - <tabs> <tab> <text>Users</text> @@ -108,61 +101,6 @@ <url>/pkg_edit.php?xml=freeradiussync.xml&id=0</url> </tab> </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item> - </additional_files_needed> <adddeleteeditpagefields> <columnitem> <fielddescr>MAC Address</fielddescr> diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index 4909411a..9899d19f 100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -45,7 +45,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>freeradiuscerts</name> - <version>none</version> + <version>2.2.0</version> <title>FreeRADIUS: Certificates</title> <aftersaveredirect>pkg_edit.php?xml=freeradiuscerts.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/freeradius.inc</include_file> diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index 99ac2af1..16d8d1e9 100644 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -45,7 +45,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>freeradiusclients</name> - <version>none</version> + <version>2.2.0</version> <title>FreeRADIUS: Clients</title> <include_file>/usr/local/pkg/freeradius.inc</include_file> <tabs> diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index a5ea88bd..8f81094a 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>freeradiuseapconf</name> - <version>none</version> + <version>2.2.0</version> <title>FreeRADIUS: EAP</title> <aftersaveredirect>pkg_edit.php?xml=freeradiuseapconf.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/freeradius.inc</include_file> diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml index 5427f988..0538633a 100644 --- a/config/freeradius2/freeradiusinterfaces.xml +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -45,7 +45,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>freeradiusinterfaces</name> - <version>none</version> + <version>2.2.0</version> <title>FreeRADIUS: Interfaces</title> <include_file>/usr/local/pkg/freeradius.inc</include_file> <tabs> diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml index be678e5a..61c7eecb 100644 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -56,12 +56,6 @@ POSSIBILITY OF SUCH DAMAGE. <section>Services</section> <url>/pkg.php?xml=freeradiussync.xml</url> </menu> - <service> - <name>FreeRADIUS</name> - <rcfile>radiusd.sh</rcfile> - <executable>radiusd</executable> - <description><![CDATA[The FreeRADIUS daemon.]]></description> - </service> <tabs> <tab> <text>Users</text> diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index e873e08d..53dc7a2d 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -81,7 +81,7 @@ function siproxd_generate_rules($type) { $ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces); $rtplower = ($siproxd_conf['rtplower'] ? $siproxd_conf['rtplower'] : 7070); $rtpupper = ($siproxd_conf['rtpupper'] ? $siproxd_conf['rtpupper'] : 7079); - $port = ($siproxd_conf['proxy_port'] ? $siproxd_conf['proxy_port'] : 5060); + $port = ($siproxd_conf['port'] ? $siproxd_conf['port'] : 5060); switch($type) { case 'nat': diff --git a/config/snort/deprecated_rules b/config/snort/deprecated_rules new file mode 100644 index 00000000..3d8b2c3f --- /dev/null +++ b/config/snort/deprecated_rules @@ -0,0 +1,62 @@ +# +# Obsoleted Snort VRT rule categories +# +snort_attack-responses.rules +snort_backdoor.rules +snort_bad-traffic.rules +snort_botnet-cnc.rules +snort_chat.rules +snort_ddos.rules +snort_dns.rules +snort_dos.rules +snort_experimental.rules +snort_exploit.rules +snort_finger.rules +snort_ftp.rules +snort_icmp-info.rules +snort_icmp.rules +snort_imap.rules +snort_info.rules +snort_misc.rules +snort_multimedia.rules +snort_mysql.rules +snort_nntp.rules +snort_oracle.rules +snort_other-ids.rules +snort_p2p.rules +snort_phishing-spam.rules +snort_policy.rules +snort_pop2.rules +snort_pop3.rules +snort_rpc.rules +snort_rservices.rules +snort_scada.rules +snort_scan.rules +snort_shellcode.rules +snort_smtp.rules +snort_snmp.rules +snort_specific-threats.rules +snort_spyware-put.rules +snort_telnet.rules +snort_tftp.rules +snort_virus.rules +snort_voip.rules +snort_web-activex.rules +snort_web-attacks.rules +snort_web-cgi.rules +snort_web-client.rules +snort_web-coldfusion.rules +snort_web-frontpage.rules +snort_web-iis.rules +snort_web-misc.rules +snort_web-php.rules +# +# Obsoleted Emerging Threats Categories +# +emerging-rbn-malvertisers.rules +emerging-rbn.rules +# +# Obsoleted Emerging Threats PRO Categories +# +etpro-rbn-malvertisers.rules +etpro-rbn.rules diff --git a/config/snort/snort.inc b/config/snort/snort.inc index bb5ff792..027207b1 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -43,16 +43,13 @@ require("/usr/local/pkg/snort/snort_defs.inc"); ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes -global $g, $config, $rebuild_rules, $pfSense_snort_version; +global $g, $config, $rebuild_rules; // Grab the Snort binary version programmatically, but if that fails use a safe default $snortver = array(); $snortbindir = SNORT_PBI_BINDIR; exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -/* get installed package version for display */ -$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; - /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; @@ -3671,6 +3668,73 @@ function snort_generate_conf($snortcfg) { unset($home_net, $external_net, $ipvardef, $portvardef); } +function snort_remove_dead_rules() { + + /********************************************************/ + /* This function removes dead and deprecated rules */ + /* category files from the base Snort rules directory */ + /* and from the RULESETS setting of each interface. */ + /* The file "deprecated_rules", if it exists, is used */ + /* to determine which rules files to remove. */ + /********************************************************/ + + global $config, $g; + $rulesdir = SNORTDIR . "/rules/"; + $count = 0; + $cats = array(); + + // If there is no "deprecated_rules" file, then exit + if (!file_exists("{$rulesdir}deprecated_rules")) + return; + + // Open a SplFileObject to read in deprecated rules + $file = new SplFileObject("{$rulesdir}/deprecated_rules"); + $file->setFlags(SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE); + while (!$file->eof()) { + $line = $file->fgets(); + + // Skip any lines with just spaces + if (trim($line) == "") + continue; + + // Skip any comment lines starting with '#' + if (preg_match('/^\s*\#+/', $line)) + continue; + + $cats[] = $line; + } + + // Close the SplFileObject since we are finished with it + $file = null; + + // Delete any dead rules files from the Snort RULES directory + foreach ($cats as $file) { + if (file_exists("{$rulesdir}{$file}")) + $count++; + unlink_if_exists("{$rulesdir}{$file}"); + } + + // Log how many obsoleted files were removed + log_error(gettext("[Snort] Removed {$count} obsoleted rules category files.")); + + // Now remove any dead rules files from the interface configurations + if (!empty($cats) && is_array($config['installedpackages']['snortglobal']['rule'])) { + foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { + $enabled_rules = explode("||", $iface['rulesets']); + foreach ($enabled_rules as $k => $v) { + foreach ($cats as $d) { + if (strpos(trim($v), $d) !== false) + unset($enabled_rules[$k]); + } + } + $iface['rulesets'] = implode("||", $enabled_rules); + } + } + + // Clean up + unset($cats, $enabled_rules); +} + /* Uses XMLRPC to synchronize the changes to a remote node */ function snort_sync_on_changes() { global $config, $g; @@ -3807,6 +3871,38 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, if (!empty($sid_files) && $error == "") log_error("[snort] Snort pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + /*************************************************/ + /* Send over any IPREP IP List files */ + /*************************************************/ + $sid_files = glob(SNORT_IPREP_PATH . '*'); + foreach ($sid_files as $file) { + $content = base64_encode(file_get_contents($file)); + $payload = "@file_put_contents('{$file}', base64_decode('{$content}'));"; + + /* assemble xmlrpc payload */ + $method = 'pfsense.exec_php'; + $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); + + log_error("[snort] Snort XMLRPC CARP sync sending IPREP files to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + $error = ""; + if(!$resp) { + $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + log_error($error); + file_notice("sync_settings", $error, "Snort Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Snort Settings Sync", ""); + } + } + + if (!empty($sid_files) && $error == "") + log_error("[snort] Snort pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + /**************************************************/ /* Send over the <snortglobal> portion of the */ /* config.xml. $xml will hold section to sync. */ diff --git a/config/snort/snort.xml b/config/snort/snort.xml index c9401f05..6c70b39e 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.7.3</version> - <title>Services:2.9.7.3 pkg v3.2.5</title> + <title>Services:2.9.7.3 pkg v3.2.6</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -94,6 +94,11 @@ <item>https://packages.pfsense.org/packages/config/snort/snort_sync.xml</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/deprecated_rules</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.php</item> diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php index 96c70562..2b7a10c7 100644 --- a/config/snort/snort_alerts.widget.php +++ b/config/snort/snort_alerts.widget.php @@ -125,7 +125,10 @@ function snort_widget_get_alerts() { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_snort{$snort_uuid}", "r"); + if (!$fd = fopen("/tmp/alert_snort{$snort_uuid}", "r")) { + log_error(gettext("[Snort Widget] Failed to open file /tmp/alert_snort{$snort_uuid}")); + continue; + } while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 13) continue; diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 842e39d5..0c4543cd 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -203,9 +203,11 @@ function snort_download_file_url($url, $file_out) { } curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)"); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); + curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36"); + curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1.2, TLSv1"); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15); curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Use the system proxy server setttings if configured @@ -680,6 +682,12 @@ if ($emergingthreats == 'on') { } } +// If removing deprecated rules categories, then do it +if ($config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on") { + log_error(gettext("[Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.")); + snort_remove_dead_rules(); +} + function snort_apply_customizations($snortcfg, $if_real) { global $vrt_enabled, $rebuild_rules; diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index ee463ac9..0d24f197 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -107,11 +107,15 @@ if ($_POST['save']) { foreach ($snort_servers as $key => $server) { if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) - $input_errors[] = "Only aliases are allowed"; + $input_errors[] = "Only aliases are allowed."; + if ($_POST["def_{$key}"] && is_alias($_POST["def_{$key}"]) && trim(filter_expand_alias($_POST["def_{$key}"])) == "") + $input_errors[] = "FQDN aliases are not allowed in Snort."; } foreach ($snort_ports as $key => $server) { if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) - $input_errors[] = "Only aliases are allowed"; + $input_errors[] = "Only aliases are allowed."; + if ($_POST["def_{$key}"] && is_alias($_POST["def_{$key}"]) && trim(filter_expand_alias($_POST["def_{$key}"])) == "") + $input_errors[] = "FQDN aliases are not allowed in Snort."; } /* if no errors write to conf */ if (!$input_errors) { @@ -142,6 +146,9 @@ if ($_POST['save']) { /* Soft-restart Snort to live-load new variables. */ snort_reload_config($a_nat[$id]); + /* Sync to configured CARP slaves if any are enabled */ + snort_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 38471ef0..803c1491 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -125,7 +125,7 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { sleep(3); // So the GUI reports correctly } -$pgtitle = "Services: $snort_package_version"; +$pgtitle = "Services: Snort " . SNORT_BIN_VERSION . " pkg v{$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; include_once("head.inc"); ?> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 6c1d56ac..b2ecefee 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -60,6 +60,7 @@ else { $pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; $pconfig['verbose_logging'] = $config['installedpackages']['snortglobal']['verbose_logging'] == "on" ? 'on' : 'off'; $pconfig['openappid_detectors'] = $config['installedpackages']['snortglobal']['openappid_detectors'] == "on" ? 'on' : 'off'; + $pconfig['hide_deprecated_rules'] = $config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on" ? 'on' : 'off'; } /* Set sensible values for any empty default params */ @@ -100,6 +101,7 @@ if (!$input_errors) { $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['verbose_logging'] = $_POST['verbose_logging'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['openappid_detectors'] = $_POST['openappid_detectors'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['hide_deprecated_rules'] = $_POST['hide_deprecated_rules'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start @@ -136,6 +138,12 @@ if (!$input_errors) { } } + // If deprecated rules should be removed, then do it + if ($config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on") { + log_error(gettext("[Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.")); + snort_remove_dead_rules(); + } + $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code']; @@ -334,6 +342,13 @@ if ($input_errors) </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Hide Deprecated Rules Categories"); ?></td> + <td width="78%" class="vtable"><input name="hide_deprecated_rules" id="hide_deprecated_rules" type="checkbox" value="yes" + <?php if ($pconfig['hide_deprecated_rules']=="on") echo "checked"; ?> /> + <?php echo gettext("Hide deprecated rules categories in the GUI and remove them from the configuration. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>" . gettext("."); ?></td> +</tr> +<tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Rules Update Settings"); ?></td> </tr> <tr> diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index 4c3065a0..c190b0e6 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -170,6 +170,9 @@ if ($_POST['save'] || $_POST['apply']) { snort_reload_config($a_nat[$id]); $pconfig = $natent; + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); + // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('snort_iprep'); } diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index dcc5aa76..ae1daf6a 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -117,6 +117,14 @@ if (empty($config['installedpackages']['snortglobal']['openappid_detectors'])) { } /**********************************************************/ +/* Create new HIDE_DEPRECATED_RULES setting if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['snortglobal']['hide_deprecated_rules'])) { + $config['installedpackages']['snortglobal']['hide_deprecated_rules'] = "off"; + $updated_cfg = true; +} + +/**********************************************************/ /* Migrate per interface settings if required. */ /**********************************************************/ foreach ($rule as &$r) { @@ -533,7 +541,7 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 9f95adb4..75724344 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -155,9 +155,12 @@ if ($_POST['save']) { } } - if ($_POST['address']) + if ($_POST['address']) { if (!is_alias($_POST['address'])) - $input_errors[] = gettext("A valid alias must be provided"); + $input_errors[] = gettext("A valid alias must be provided."); + if (is_alias($_POST['address']) && trim(filter_expand_alias($_POST['address'])) == "") + $input_errors[] = gettext("FQDN aliases are not supported in Snort."); + } if (!$input_errors) { $p_list = array(); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 7b931246..280f0efe 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -85,6 +85,9 @@ conf_mount_rw(); @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map"); //@rename("{$snortdir}/attribute_table.dtd-sample", "{$snortdir}/attribute_table.dtd"); +/* Move deprecated_rules file to SNORTDIR/rules directory */ +@rename("/usr/local/pkg/snort/deprecated_rules", "{$snortdir}/rules/deprecated_rules"); + /* fix up the preprocessor rules filenames from a PBI package install */ $preproc_rules = array("decoder.rules", "preprocessor.rules", "sensitive-data.rules"); foreach ($preproc_rules as $file) { @@ -245,9 +248,8 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { if (!($g['booting'])) { if ($pkg_interface <> "console") { update_status(gettext("Starting Snort using rebuilt configuration...")); - update_output_window(gettext("Please wait while Snort is started...")); - mwexec("{$rcdir}snort.sh start"); - update_output_window(gettext("Snort has been started using the rebuilt configuration...")); + mwexec_bg("{$rcdir}snort.sh start"); + update_output_window(gettext("Snort is starting as a background task using the rebuilt configuration...")); } else mwexec_bg("{$rcdir}snort.sh start"); @@ -263,8 +265,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; -write_config("Snort pkg v3.2.5: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; +write_config("Snort pkg v3.2.6: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 9f6879ef..dd8ec660 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -80,6 +80,18 @@ $pconfig = array(); if (isset($id) && isset($a_nat[$id])) { $pconfig = $a_nat[$id]; + // Initialize multiple config engine arrays for supported preprocessors if necessary + if (!is_array($pconfig['frag3_engine']['item'])) + $pconfig['frag3_engine']['item'] = array(); + if (!is_array($pconfig['stream5_tcp_engine']['item'])) + $pconfig['stream5_tcp_engine']['item'] = array(); + if (!is_array($pconfig['http_inspect_engine']['item'])) + $pconfig['http_inspect_engine']['item'] = array(); + if (!is_array($pconfig['ftp_server_engine']['item'])) + $pconfig['ftp_server_engine']['item'] = array(); + if (!is_array($pconfig['ftp_client_engine']['item'])) + $pconfig['ftp_client_engine']['item'] = array(); + /************************************************************/ /* To keep new users from shooting themselves in the foot */ /* enable the most common required preprocessors by default */ @@ -451,6 +463,12 @@ if ($_POST['save']) { $input_errors[] = gettext("The value for Application ID Stats Period must be between 60 and 3600."); } + // Validate Portscan Ignore_Scanners parameter + if ($_POST['sf_portscan'] == 'on' && is_alias($_POST['pscan_ignore_scanners'])) { + if (trim(filter_expand_alias($_POST["def_{$key}"])) == "") + $input_errors[] = gettext("FQDN aliases are not supported in Snort for the PORTSCAN IGNORE_SCANNERS parameter."); + } + /* if no errors write to conf */ if (!$input_errors) { /* post new options */ @@ -569,6 +587,9 @@ if ($_POST['save']) { !empty($natent['host_attribute_data'])) snort_reload_config($natent, "SIGURG"); + /* Sync to configured CARP slaves if any are enabled */ + snort_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -1500,10 +1521,10 @@ if ($savemsg) { <?php $values = array('Credit Card', 'Email Addresses', 'U.S. Phone Numbers', 'U.S. Social Security Numbers'); foreach ($values as $val): ?> - <option value="<?=$val;?>" - <?php if (preg_match("/$val/",$pconfig['sdf_alert_data_type'])) echo "selected"; ?>> + <option value="<?=$val;?>" + <?php if (strpos($pconfig['sdf_alert_data_type'], $val) !== FALSE) echo "selected"; ?>> <?=gettext($val);?></option> - <?php endforeach; ?> + <?php endforeach; ?> </select><br/><?php echo gettext("Choose which types of sensitive data to detect. Use CTRL + Click for multiple selections."); ?><br/> </td> </tr> diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc index 047383ff..5effa10c 100644 --- a/config/tinydns/tinydns.inc +++ b/config/tinydns/tinydns.inc @@ -1163,7 +1163,7 @@ function tinydns_dnscache_forwarding_servers($index) { exec("rm -R {$g['varetc_path']}/dnscache/root/servers/"); exec("/bin/mkdir -p {$g['varetc_path']}/dnscache{$index}/root/servers/"); if (intval($config['version']) >= 6) - if (file_exists("{$g['varetc_path']}/nameserver_*")) { + if (!empty(glob("{$g['varetc_path']}/nameserver_*"))) { exec("/bin/cat {$g['varetc_path']}/nameserver_* > {$g['varetc_path']}/dnscache{$index}/root/servers/@"); } else { $fw = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w"); diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index c875be52..ca8d869d 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -1,15 +1,16 @@ <?php + require_once("util.inc"); + function vnstat_install_deinstall() { conf_mount_rw(); global $config; -// Remove Vnstat package and files + // Remove Vnstat package and files exec("rm -d -R /usr/local/www/vnstat2"); exec("rm -d -R /usr/local/www/vnstati"); exec("rm -d -R /usr/local/pkg/vnstat2"); exec("rm /usr/local/etc/vnstat.conf"); - -// Remove vnstat cron entry from config.xml + // Remove vnstat cron entry from config.xml vnstat2_install_cron(false); conf_mount_ro(); } @@ -17,11 +18,12 @@ function vnstat_install_deinstall() { function vnstat2_install_cron($vnstat_cron_value) { global $config; $is_installed = false; - if(!$config['cron']['item']) + if (!$config['cron']['item']) { return; + } $x=0; foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/pkg/vnstat2/vnstat2.sh")) { + if (strstr($item['command'], "/usr/local/pkg/vnstat2/vnstat2.sh")) { $is_installed = true; break; } @@ -29,23 +31,23 @@ function vnstat2_install_cron($vnstat_cron_value) { } switch($vnstat_cron_value) { case true: - if(!$is_installed) { + if (!$is_installed) { $cron_item = array(); $cron_item['minute'] = "*/1"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/vnstat2/vnstat2.sh"; - $config['cron']['item'][] = $cron_item; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/pkg/vnstat2/vnstat2.sh"; + $config['cron']['item'][] = $cron_item; write_config(); configure_cron(); } break; case false: - if($is_installed == true) { - if($x > 0) { + if ($is_installed == true) { + if ($x > 0) { unset($config['cron']['item'][$x]); write_config(); } @@ -55,8 +57,7 @@ function vnstat2_install_cron($vnstat_cron_value) { } } - -function change_vnstat_conf(){ +function change_vnstat_conf() { conf_mount_rw(); global $config; $config['installedpackages']['vnstat2']['config'][0]['monthrotate'] = $_POST['monthrotate']; @@ -64,21 +65,19 @@ function change_vnstat_conf(){ write_conf_f(); write_config(); - if ($config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] == "on"){ - vnstat_php_frontend(); - } - else { - exec("[ -d /usr/local/www/vnstat2 ] && rm -d -R /usr/local/www/vnstat2"); + if ($config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] == "on") { + vnstat_php_frontend(); + } else { + exec("[ -d /usr/local/www/vnstat2 ] && rm -d -R /usr/local/www/vnstat2"); } conf_mount_ro(); } -function write_conf_f(){ +function write_conf_f() { global $config; $monthrotate = $config['installedpackages']['vnstat2']['config'][0]['monthrotate']; -// ************ Write new vnstat.conf ***************** - + // ************ Write new vnstat.conf ***************** $vnstat_conf_file = <<<EOF # vnStat 1.10 config file ## @@ -108,9 +107,9 @@ CTxD "-" EOF; $hf2 = fopen("/usr/local/etc/vnstat.conf","w"); - if(!$hf2) { - log_error("could not open /usr/local/etc/vnstat.conf for writing"); - exit; + if (!$hf2) { + log_error("could not open /usr/local/etc/vnstat.conf for writing"); + exit; } fwrite($hf2, $vnstat_conf_file); fclose($hf2); @@ -145,7 +144,7 @@ function create_vnstat_output() { } function vnstat_link_config() { -// Check for pbi install and arch type then create symlinks + // Check for pbi install and arch type then create symlinks if (file_exists('/usr/pbi/vnstat-' . php_uname("m"))) { $conf_path = "/usr/local/etc/vnstat.conf"; $pbi_conf_path = "/usr/pbi/vnstat-" . php_uname("m") . "/etc/vnstat.conf"; @@ -179,14 +178,14 @@ function vnstat_create_nic_dbs() { foreach ($leftovers as $nic) { exec("/usr/local/bin/vnstat -u -i ". escapeshellarg($nic)); } - conf_mount_ro(); } function vnstat_install_config() { $vnstat_db_prefix = "/conf/vnstat"; + global $config; conf_mount_rw(); -// Create vnstat database dir where it also will work for nanobsd + // Create vnstat database dir where it also will work for nanobsd if (is_dir("/usr/local/pkg/vnstat2/vnstat")) { @rename("/usr/local/pkg/vnstat2/vnstat", $vnstat_db_prefix); } @@ -194,141 +193,140 @@ function vnstat_install_config() { @mkdir($vnstat_db_prefix); } vnstat_link_config(); -// Add MonthRotate value to config.xml and write /usr/local/etc/vnstat.conf - if ($config['installedpackages']['vnstat2']['config'][0]['monthrotate'] == ""){ + // Add MonthRotate value to config.xml and write /usr/local/etc/vnstat.conf + if ($config['installedpackages']['vnstat2']['config'][0]['monthrotate'] == "") { $config['installedpackages']['vnstat2']['config'][0]['monthrotate'] = "1"; } - if ($config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] == "on"){ + if ($config['installedpackages']['vnstat2']['config'][0]['vnstat_phpfrontend'] == "on") { vnstat_php_frontend(); } write_conf_f(); -// Add cron job to config.xml + // Add cron job to config.xml vnstat2_install_cron(true); vnstat_create_nic_dbs(); write_config(); conf_mount_ro(); } -function vnstat_php_frontend(){ +function vnstat_php_frontend() { global $config; -// Copy vnstat_php_frontend to www + // Copy vnstat_php_frontend to www exec("/bin/cp -a /usr/local/pkg/vnstat2/vnstat_php_frontend/. /usr/local/www/vnstat2/"); -// Find information to be writing in config.php + // Find information to be writing in config.php // $iface_list_array_items - exec("ls /conf/vnstat/ | grep -v '\.'", $vnstat_nic_in); - $iface_list_array_items = implode("', '", $vnstat_nic_in); - $iface_list_array = "\$iface_list = array('$iface_list_array_items');"; - // $iface_title_array_items - $iface_title_array_items = array(); - $iface_title_array_items2 = array(); - foreach ($vnstat_nic_in as $vnstat_nic_out) - { - $ifdescrs = array('wan' => 'WAN', 'lan' => 'LAN'); + exec("ls /conf/vnstat/ | grep -v '\.'", $vnstat_nic_in); + $iface_list_array_items = implode("', '", $vnstat_nic_in); + $iface_list_array = "\$iface_list = array('$iface_list_array_items');"; + // $iface_title_array_items + $iface_title_array_items = array(); + $iface_title_array_items2 = array(); + foreach ($vnstat_nic_in as $vnstat_nic_out) { + $ifdescrs = array('wan' => 'WAN', 'lan' => 'LAN'); for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; } - foreach ($ifdescrs as $ifdescr => $ifname): - $real_nic_names3 = get_real_interface($ifdescr); - If ($real_nic_names3 == $vnstat_nic_out) - { - $ifname_out = convert_friendly_interface_to_friendly_descr($ifdescr); - $iface_title_array_items = "\$iface_title['$vnstat_nic_out'] = '$ifname_out';\n"; - array_push($iface_title_array_items2, $iface_title_array_items); - } - endforeach; + foreach ($ifdescrs as $ifdescr => $ifname) { + $real_nic_names3 = get_real_interface($ifdescr); + if ($real_nic_names3 == $vnstat_nic_out) { + $ifname_out = convert_friendly_interface_to_friendly_descr($ifdescr); + $iface_title_array_items = "\$iface_title['$vnstat_nic_out'] = '$ifname_out';\n"; + array_push($iface_title_array_items2, $iface_title_array_items); + } + } } - $iface_title_array = implode($iface_title_array_items2); + $iface_title_array = implode($iface_title_array_items2); // php in php static items // added to new items for the front end version 1.5.1 - $locale = "\$locale = 'en_US.UTF-8';"; - $language = "\$language = 'en';"; - $vnstat_bin2 = "\$vnstat_bin = '/usr/local/bin/vnstat';"; - $data_dir2 = "\$data_dir = './dumps';"; - $graph_format2 ="\$graph_format='svg';"; - $colorscheme2 = "\$colorscheme['light'] = array("; - $colorscheme3 = "\$colorscheme['red'] = array("; - $colorscheme4 = "\$colorscheme['pfSense'] = array("; -// ************ Write new config.php ****************** - $config_file = <<<EOF + $locale = "\$locale = 'en_US.UTF-8';"; + $language = "\$language = 'en';"; + $vnstat_bin2 = "\$vnstat_bin = '/usr/local/bin/vnstat';"; + $data_dir2 = "\$data_dir = './dumps';"; + $graph_format2 ="\$graph_format='svg';"; + $colorscheme2 = "\$colorscheme['light'] = array("; + $colorscheme3 = "\$colorscheme['red'] = array("; + $colorscheme4 = "\$colorscheme['pfSense'] = array("; + // ************ Write new config.php ****************** + $config_file = <<<EOF <?php - // - // vnStat PHP frontend 1.5.1 (c)2006-2008 Bjorge Dijkstra (bjd@jooz.net) - // - // This program is free software; you can redistribute it and/or modify - // it under the terms of the GNU General Public License as published by - // the Free Software Foundation; either version 2 of the License, or - // (at your option) any later version. - // - // This program is distributed in the hope that it will be useful, - // but WITHOUT ANY WARRANTY; without even the implied warranty of - // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - // GNU General Public License for more details. - // - // You should have received a copy of the GNU General Public License - // along with this program; if not, write to the Free Software - // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - // - // - // see file COPYING or at http://www.gnu.org/licenses/gpl.html - // for more information. - // - //error_reporting(E_ALL | E_NOTICE); - - // - // configuration parameters - // - // edit these to reflect your particular situation - // -$locale -$language - // list of network interfaces monitored by vnStat -$iface_list_array + // + // vnStat PHP frontend 1.5.1 (c)2006-2008 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + //error_reporting(E_ALL | E_NOTICE); - // - // optional names for interfaces - // if there's no name set for an interface then the interface identifier - // will be displayed instead -$iface_title_array + // + // configuration parameters + // + // edit these to reflect your particular situation + // + $locale + $language + // list of network interfaces monitored by vnStat + $iface_list_array - // - // There are two possible sources for vnstat data. If the - // variable is set then vnstat is called directly from the PHP script - // to get the interface data. - // - // The other option is to periodically dump the vnstat interface data to - // a file (e.g. by a cronjob). In that case the variable - // must be cleared and set to the location where the dumps - // are stored. Dumps must be named 'vnstat_dump_'. - // - // You can generate vnstat dumps with the command: - // vnstat --dumpdb -i > /path/to/data_dir/vnstat_dump_ - // -$vnstat_bin2 -$data_dir2 + // + // optional names for interfaces + // if there's no name set for an interface then the interface identifier + // will be displayed instead + $iface_title_array - // graphics format to use: svg or png -$graph_format2 - - // Font to use for PNG graphs - define('GRAPH_FONT',dirname(__FILE__).'/VeraBd.ttf'); + // + // There are two possible sources for vnstat data. If the + // variable is set then vnstat is called directly from the PHP script + // to get the interface data. + // + // The other option is to periodically dump the vnstat interface data to + // a file (e.g. by a cronjob). In that case the variable + // must be cleared and set to the location where the dumps + // are stored. Dumps must be named 'vnstat_dump_'. + // + // You can generate vnstat dumps with the command: + // vnstat --dumpdb -i > /path/to/data_dir/vnstat_dump_ + // + $vnstat_bin2 + $data_dir2 - // Font to use for SVG graphs - define('SVG_FONT', 'Verdana'); + // graphics format to use: svg or png + $graph_format2 - // color schemes - // colors are defined as R,G,B,ALPHA quads where R, G and B range from 0-255 - // and ALPHA from 0-127 where 0 is opaque and 127 completely transparent. - // - define('DEFAULT_COLORSCHEME', 'pfSense'); + // Font to use for PNG graphs + define('GRAPH_FONT',dirname(__FILE__).'/VeraBd.ttf'); + + // Font to use for SVG graphs + define('SVG_FONT', 'Verdana'); + + // color schemes + // colors are defined as R,G,B,ALPHA quads where R, G and B range from 0-255 + // and ALPHA from 0-127 where 0 is opaque and 127 completely transparent. + // + define('DEFAULT_COLORSCHEME', 'pfSense'); ?> EOF; - $hf = fopen("/usr/local/www/vnstat2/config.php","w"); - if(!$hf) { - log_error("could not open /usr/local/www/vnstat2/config.php for writing"); - exit; - } - fwrite($hf, $config_file); - fclose($hf); + $hf = fopen("/usr/local/www/vnstat2/config.php","w"); + if (!$hf) { + log_error("could not open /usr/local/www/vnstat2/config.php for writing"); + exit; + } + fwrite($hf, $config_file); + fclose($hf); } + ?> diff --git a/config/vnstat2/vnstat2.xml b/config/vnstat2/vnstat2.xml index 94b7cfc1..f696850a 100644 --- a/config/vnstat2/vnstat2.xml +++ b/config/vnstat2/vnstat2.xml @@ -2,10 +2,10 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> - <copyright></copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <copyright></copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>vnstat2</name> <version>11.2,3</version> <title>Vnstat2</title> @@ -203,36 +203,36 @@ <type>select</type> <size>3</size> <default_value>1</default_value> - <options> - <option><name>1</name><value>1</value></option> - <option><name>2</name><value>2</value></option> - <option><name>3</name><value>3</value></option> - <option><name>4</name><value>4</value></option> - <option><name>5</name><value>5</value></option> - <option><name>6</name><value>6</value></option> - <option><name>7</name><value>7</value></option> - <option><name>8</name><value>8</value></option> - <option><name>9</name><value>9</value></option> - <option><name>10</name><value>10</value></option> - <option><name>11</name><value>11</value></option> - <option><name>12</name><value>12</value></option> - <option><name>13</name><value>13</value></option> - <option><name>14</name><value>14</value></option> - <option><name>15</name><value>15</value></option> - <option><name>16</name><value>16</value></option> - <option><name>17</name><value>17</value></option> - <option><name>18</name><value>18</value></option> - <option><name>19</name><value>19</value></option> - <option><name>20</name><value>20</value></option> - <option><name>21</name><value>21</value></option> - <option><name>22</name><value>22</value></option> - <option><name>23</name><value>23</value></option> - <option><name>24</name><value>24</value></option> - <option><name>25</name><value>25</value></option> - <option><name>26</name><value>26</value></option> - <option><name>27</name><value>27</value></option> - <option><name>28</name><value>28</value></option> - </options> + <options> + <option><name>1</name><value>1</value></option> + <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> + <option><name>4</name><value>4</value></option> + <option><name>5</name><value>5</value></option> + <option><name>6</name><value>6</value></option> + <option><name>7</name><value>7</value></option> + <option><name>8</name><value>8</value></option> + <option><name>9</name><value>9</value></option> + <option><name>10</name><value>10</value></option> + <option><name>11</name><value>11</value></option> + <option><name>12</name><value>12</value></option> + <option><name>13</name><value>13</value></option> + <option><name>14</name><value>14</value></option> + <option><name>15</name><value>15</value></option> + <option><name>16</name><value>16</value></option> + <option><name>17</name><value>17</value></option> + <option><name>18</name><value>18</value></option> + <option><name>19</name><value>19</value></option> + <option><name>20</name><value>20</value></option> + <option><name>21</name><value>21</value></option> + <option><name>22</name><value>22</value></option> + <option><name>23</name><value>23</value></option> + <option><name>24</name><value>24</value></option> + <option><name>25</name><value>25</value></option> + <option><name>26</name><value>26</value></option> + <option><name>27</name><value>27</value></option> + <option><name>28</name><value>28</value></option> + </options> </field> <field> <description>Enable vnstat php frontend (Note that no login will be needed)</description> @@ -246,4 +246,3 @@ <custom_php_install_command>vnstat_install_config();</custom_php_install_command> <custom_php_deinstall_command>vnstat_install_deinstall();</custom_php_deinstall_command> </packagegui> - diff --git a/config/vnstat2/vnstati.xml b/config/vnstat2/vnstati.xml index 7cd3f3be..84a104dd 100644 --- a/config/vnstat2/vnstati.xml +++ b/config/vnstat2/vnstati.xml @@ -2,10 +2,10 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> - <copyright></copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <copyright></copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>vnstat2</name> <version>1.0</version> <title>Vnstat2</title> @@ -54,4 +54,3 @@ <custom_php_install_command>vnstat_install_config();</custom_php_install_command> <custom_php_deinstall_command>vnstat_install_deinstall();</custom_php_deinstall_command> </packagegui> - diff --git a/config/vnstat2/vnstatoutput.xml b/config/vnstat2/vnstatoutput.xml index 9d2e3d05..5062be1f 100644 --- a/config/vnstat2/vnstatoutput.xml +++ b/config/vnstat2/vnstatoutput.xml @@ -2,10 +2,10 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> - <copyright></copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <copyright></copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>vnstat2</name> <version>1.0</version> <title>Vnstat2</title> @@ -54,4 +54,3 @@ <custom_php_install_command>vnstat_install_config();</custom_php_install_command> <custom_php_deinstall_command>vnstat_install_deinstall();</custom_php_deinstall_command> </packagegui> - diff --git a/config/vnstat2/www/diag_vnstat.php b/config/vnstat2/www/diag_vnstat.php index 04e03911..5e6524c7 100644 --- a/config/vnstat2/www/diag_vnstat.php +++ b/config/vnstat2/www/diag_vnstat.php @@ -1,30 +1,30 @@ <?php /* $Id$ */ /* - diag_pf_info.php - Copyright (C) 2010 Scott Ullrich - All rights reserved. + diag_pf_info.php + Copyright (C) 2010 Scott Ullrich + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ /* @@ -44,7 +44,7 @@ require("guiconfig.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); $pgtitle = gettext("Vnstat2 summary "); -if($_REQUEST['getactivity']) { +if ($_REQUEST['getactivity']) { $text = `vnstat`; $text .= "<p/>"; echo $text; @@ -80,7 +80,7 @@ include("head.inc"); if ($pf_version < 2.0) echo "<p class=\"pgtitle\">{$pgtitle}</p>"; echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />"; - if($savemsg) { + if ($savemsg) { echo "<div id='savemsg'>"; print_info_box($savemsg); echo "</div>"; @@ -89,25 +89,27 @@ include("head.inc"); print_input_errors($input_errors); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="backuptable" class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <center> - <table> - <tr><td> - <div name='cpuactivitydiv' id='cpuactivitydiv'> - <b><?=gettext("Gathering vnstat information, please wait...");?> - </div> - </td></tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> + <tr> + <td> + <table id="backuptable" class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td> + <center> + <table> + <tr> + <td> + <div name='cpuactivitydiv' id='cpuactivitydiv'> + <b><?=gettext("Gathering vnstat information, please wait...");?> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/vnstat2/www/diag_vnstat2.php b/config/vnstat2/www/diag_vnstat2.php index e5ce1de5..504fd534 100644 --- a/config/vnstat2/www/diag_vnstat2.php +++ b/config/vnstat2/www/diag_vnstat2.php @@ -1,30 +1,30 @@ <?php /* $Id$ */ /* - diag_system_pftop.php - Copyright (C) 2008-2009 Scott Ullrich - All rights reserved. + diag_system_pftop.php + Copyright (C) 2008-2009 Scott Ullrich + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ /* @@ -46,11 +46,12 @@ $bbbb = convert_real_interface_to_friendly_descr($aaaa); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); $pgtitle = gettext("Vnstat2 info for $bbbb ($aaaa)"); -if($_REQUEST['getactivity']) { - if($_REQUEST['sorttype']) +if ($_REQUEST['getactivity']) { + if ($_REQUEST['sorttype']) { $sorttype = escapeshellarg($_REQUEST['sorttype']); - else - $sorttype = gettext("-h"); + } else { + $sorttype = gettext("-h"); + } $text = `vnstat -i $aaaa {$sorttype}`; echo $text; exit; @@ -58,10 +59,11 @@ if($_REQUEST['getactivity']) { include("head.inc"); -if($_REQUEST['sorttype']) +if ($_REQUEST['sorttype']) { $sorttype = htmlentities($_REQUEST['sorttype']); -else +} else { $sorttype = "-h"; +} ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -87,16 +89,18 @@ else <div id='maincontent'> <?php include("fbegin.inc"); - if ($pf_version < 2.0) + if ($pf_version < 2.0) { echo "<p class=\"pgtitle\">{$pgtitle}</p>"; - echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />"; - if($savemsg) { + } + echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />"; + if ($savemsg) { echo "<div id='savemsg'>"; print_info_box($savemsg); echo "</div>"; } - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); + } ?> <form method="post"> <?=gettext("Sort type:"); ?> @@ -107,29 +111,31 @@ else <option value='-m'><?=gettext("Show traffic for months.");?></option> <option value='-t'><?=gettext("Show all time top10 traffic.");?></option> <option value='-tr'><?=gettext("Calculate 5sec. of traffic.");?></option> - <option value='-w'><?=gettext("Show traffic for 7 days, current and previous week.");?></option> + <option value='-w'><?=gettext("Show traffic for 7 days, current and previous week.");?></option> </select> <p/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="backuptable" class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <center> - <table> - <tr><td> - <div name='cpuactivitydiv' id='cpuactivitydiv'> - <b><?=gettext("Gathering vnstat activity, please wait...");?> - </div> - </td></tr> - </table> - </td> - </tr> - </table> - </div> - </td> - </tr> + <tr> + <td> + <table id="backuptable" class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td> + <center> + <table> + <tr> + <td> + <div name='cpuactivitydiv' id='cpuactivitydiv'> + <b><?=gettext("Gathering vnstat activity, please wait...");?> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/vnstat2/www/vnstati.php b/config/vnstat2/www/vnstati.php index e5ddcd21..01eca208 100644 --- a/config/vnstat2/www/vnstati.php +++ b/config/vnstat2/www/vnstati.php @@ -14,4 +14,3 @@ echo "<center><p class=\"pgtitle\">{$pgtitle}</p>"; <center><img src="vnstat2_img.php?image=newpicture3.png" style="border:1px solid black; center;"><br /> <center><img src="vnstat2_img.php?image=newpicture4.png" style="border:1px solid black; center;"><br /> <?php include("fend.inc"); ?> - |