diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/ntopng/ntopng.xml | 240 | ||||
| -rwxr-xr-x | config/snort/snort.inc | 109 | ||||
| -rwxr-xr-x | config/snort/snort.xml | 4 | ||||
| -rwxr-xr-x | config/snort/snort_alerts.php | 83 | ||||
| -rw-r--r-- | config/snort/snort_blocked.php | 68 | ||||
| -rwxr-xr-x | config/snort/snort_download_updates.php | 2 | ||||
| -rwxr-xr-x | config/snort/snort_interfaces_edit.php | 6 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_global.php | 4 | ||||
| -rw-r--r-- | config/snort/snort_migrate_config.php | 2 | ||||
| -rw-r--r-- | config/snort/snort_passlist_edit.php | 134 | ||||
| -rw-r--r-- | config/snort/snort_post_install.php | 2 | ||||
| -rwxr-xr-x | config/snort/snort_preprocessors.php | 37 | ||||
| -rwxr-xr-x | config/snort/snort_rules.php | 60 | ||||
| -rw-r--r-- | config/snort/snort_rules_flowbits.php | 4 | ||||
| -rw-r--r-- | config/tinydns/tinydns.inc | 73 | ||||
| -rw-r--r-- | config/tinydns/tinydns_domains.xml | 22 | ||||
| -rw-r--r-- | config/tinydns/tinydns_status.php | 45 | ||||
| -rw-r--r-- | config/tinydns/tinydns_view_logs.php | 7 | ||||
| -rw-r--r-- | config/zabbix2/zabbix2-agent.xml | 4 | ||||
| -rw-r--r-- | config/zabbix2/zabbix2-proxy.xml | 4 | ||||
| -rw-r--r-- | config/zabbix2/zabbix2.inc | 2 |
21 files changed, 725 insertions, 187 deletions
diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml new file mode 100644 index 00000000..5428d205 --- /dev/null +++ b/config/ntopng/ntopng.xml @@ -0,0 +1,240 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + ntopng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2014 ESF, LLC + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <name>ntopng</name> + <version>1.1 v0.1</version> + <title>Diagnostics: ntopng Settings</title> + <savetext>Change</savetext> + <aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect> + <menu> + <name>ntopng Settings</name> + <tooltiptext>Set ntopng settings such as password and port.</tooltiptext> + <section>Diagnostics</section> + <url>/pkg_edit.php?xml=ntopng.xml&id=0</url> + </menu> + <menu> + <name>ntopng</name> + <tooltiptext>Access ntopng</tooltiptext> + <section>Diagnostics</section> + <url>http://$myurl:3000</url> + <depends_on_service>ntopng</depends_on_service> + </menu> + <service> + <name>ntopng</name> + <rcfile>ntopng.sh</rcfile> + <executable>ntopng</executable> + <description>ntopng bandwidth monitoring/graphing</description> + </service> + <tabs> + <tab> + <text>ntopng Settings</text> + <url>/pkg_edit.php?xml=ntopng.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Access ntopng</text> + <url>http://$myurl:3000</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>ntopng Admin Password</fielddescr> + <fieldname>password</fieldname> + <description>Enter the password for the ntopng GUI. Minimum 5 characters, defaults to admin.</description> + <type>password</type> + </field> + <field> + <fielddescr>Confirm ntopng Admin Password</fielddescr> + <fieldname>passwordagain</fieldname> + <type>password</type> + </field> + <field> + <fielddescr>Interface</fielddescr> + <fieldname>interface_array</fieldname> + <type>interfaces_selection</type> + <size>3</size> + <value>lan</value> + <multiple>true</multiple> + </field> + <field> + <fielddescr>DNS Mode</fielddescr> + <fieldname>dns_mode</fieldname> + <description>Configures how name resolution is handled</description> + <type>select</type> + <default_value>0</default_value> + <options> + <option><value>0</value><name>Decode DNS responses and resolve local numeric IPs only (default)</name></option> + <option><value>1</value><name>Decode DNS responses and resolve all numeric IPs</name></option> + <option><value>2</value><name>Decode DNS responses and don't resolve numeric IPs</name></option> + <option><value>3</value><name>Don't decode DNS responses and don't resolve numeric IPs</name></option> + </options> + </field> + <field> + <fielddescr>Local Networks</fielddescr> + <fieldname>local_networks</fieldname> + <description>Configures how Local Networks are defined</description> + <type>select</type> + <default_value>rfc1918</default_value> + <options> + <option><value>rfc1918</value><name>Consider all RFC1918 networks local</name></option> + <option><value>selected</value><name>Consider selected interface networks local</name></option> + <option><value>lanonly</value><name>Consider only LAN interface local</name></option> + </options> + </field> + </fields> + <custom_php_global_functions> + <![CDATA[ + function sync_package_ntopng() { + conf_mount_rw(); + config_lock(); + global $config; + global $input_errors; + if ($_POST) { + $config['installedpackages']['ntopng']['config'] = array(); + $config['installedpackages']['ntopng']['config'][0] = $_POST; + } + $ntopng_config =& $config['installedpackages']['ntopng']['config'][0]; + $if_final = ""; + $ifaces_final = ""; + system("/bin/mkdir -p /var/db/ntopng"); + system("/bin/mkdir -p /var/db/ntopng/rrd"); + system("/bin/mkdir -p /var/db/ntopng/rrd/graphics"); + system("/bin/chmod -R 755 /var/db/ntopng"); + system("/usr/sbin/chown -R nobody:nobody /var/db/ntopng"); + system("/bin/cp -Rp /usr/local/lib/X11/fonts/webfonts/ /usr/local/lib/X11/fonts/TTF/"); + $first = 0; + foreach($ntopng_config['interface_array'] as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + if ($if) { + $ifaces .= " -i " . escapeshellarg("{$if}"); + } + } + + // DNS Mode + if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) { + $dns_mode = "--dns-mode " . escapeshellarg($ntopng_config['dns_mode']); + } + + // Local Networks > + switch ($ntopng_config['local_networks']) { + case "selected": + $nets = array(); + foreach ($ntopng_config['interface_array'] as $iface) { + if (is_ipaddr(get_interface_ip($iface))) { + $nets[] = gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . '/' . get_interface_subnet($iface); + } + } + if (!empty($nets)) + $local_networks = "--local-networks " . escapeshellarg(implode(",", $nets)); + break; + case "lanonly": + if (is_ipaddr(get_interface_ip('lan'))) { + $local_networks = "--local-networks " . escapeshellarg(gen_subnet(get_interface_ip('lan'),get_interface_subnet('lan')) . '/' . get_interface_subnet('lan')); + } + break; + case "rfc1918": + default: + $local_networks = "--local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8'"; + break; + } + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version >= 2.2) { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; + } else { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; + } + + $start = "ldconfig -m /usr/pbi/ntopng-i386/lib\n"; + $start .= "\t{$redis_path}/redis-server &\n"; + // TODO: + // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse, + // --dump-timeline (on/off) --http-port, --https-port + + $start .= "\t/usr/local/bin/ntopng -s -e {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &"; + write_rcfile(array( + "file" => "ntopng.sh", + "start" => $start, + "stop" => "/usr/bin/killall ntopng redis-cli redis-server" + ) + ); + if (is_service_running("ntopng")) { + stop_service("ntopng"); + // Wait for ntopng to shut down cleanly. + sleep(20); + } + start_service("ntopng"); + sleep(2); + + if (empty($ntopng_config['password'])) + $ntopng_config['password'] = "admin"; + $password = md5($ntopng_config['password']); + mwexec_bg("{$redis_path}/redis-cli SET user.admin.password " . escapeshellarg($password)); + conf_mount_ro(); + config_unlock(); + } + ]]> + </custom_php_global_functions> + <custom_add_php_command> + sync_package_ntopng(); + </custom_add_php_command> + <custom_php_resync_config_command> + sync_package_ntopng(); + </custom_php_resync_config_command> + <custom_php_install_command> + <![CDATA[ + mwexec_bg("/usr/pbi/ntopng-" . php_uname("m") . "/bin/geoipupdate.sh"); + sync_package_ntopng(); + ]]> + </custom_php_install_command> + <custom_php_deinstall_command> + exec("rm /usr/local/etc/rc.d/ntopng*"); + </custom_php_deinstall_command> + <custom_php_validation_command> + <![CDATA[ + if ($_POST) { + if (empty($_POST['password']) || empty($_POST['passwordagain'])) + $input_errors[] = "You must provide (and confirm) ntopng's password."; + if ($_POST['password'] != $_POST['passwordagain']) + $input_errors[] = "The provided passwords did not match."; + } + ]]> + </custom_php_validation_command> +</packagegui>
\ No newline at end of file diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 2a6d006a..e442755a 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -51,7 +51,7 @@ $snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); /* Used to indicate latest version of this include file has been loaded */ -$pfSense_snort_version = "3.1.1"; +$pfSense_snort_version = "3.1.2"; /* get installed package version for display */ $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; @@ -333,9 +333,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - /* Always add loopback to HOME_NET and whitelist (ftphelper) */ + /* Always add loopback addresses to HOME_NET and whitelist */ if (!in_array("127.0.0.1", $home_net)) $home_net[] = "127.0.0.1"; + if (!in_array("::1", $home_net)) + $home_net[] = "::1"; /********************************************************************/ /* Always put the interface running Snort in HOME_NET and whitelist */ @@ -363,27 +365,37 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } - /* Handle IPv6 if available (2.1 and higher) */ - if (function_exists('get_interface_ipv6')) { - $snortip = get_interface_ipv6($snortcfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { - if (is_ipaddrv6($snortip)) { - if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $snortip = get_interface_ipv6($snortcfg['interface']); + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (is_ipaddrv6($snortip)) { + if ($snortcfg['interface'] <> "wan") { + $sn = get_interface_subnetv6($snortcfg['interface']); + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; } } - else { - if (is_ipaddrv6($snortip)) { - if (!in_array($snortip, $home_net)) - $home_net[] = $snortip; - } + } + else { + if (is_ipaddrv6($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } + // Add link-local address + $snortip = get_interface_linklocal($snortcfg['interface']); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; + } + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { /*************************************************************************/ /* Iterate through the interface list and write out whitelist items and */ @@ -402,16 +414,23 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - if ($int == "wan") - continue; - $subnet = get_interface_ipv6($int); - if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + + $subnet = get_interface_ipv6($int); + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal($int); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } } @@ -422,12 +441,23 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - $ip = get_interface_ipv6("wan"); - if (is_ipaddrv6($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $ip = get_interface_ipv6("wan"); + if (is_ipaddrv6($ip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($ip, "%") !== FALSE) + $ip = substr($ip, 0, strpos($ip, "%")); + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal("wan"); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } @@ -441,11 +471,12 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $gw = get_interface_gateway($snortcfg['interface']); if (is_ipaddr($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; - if (function_exists("get_interface_gateway_v6")) { - $gw = get_interface_gateway_v6($snortcfg['interface']); - if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) - $home_net[] = $gw; - } + $gw = get_interface_gateway_v6($snortcfg['interface']); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($gw, "%") !== FALSE) + $gw = substr($gw, 0, strpos($gw, "%")); + if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) + $home_net[] = $gw; } if ($wandns == 'yes') { diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 3feede80..663ce4eb 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.6.2</version> - <title>Services:2.9.6.2 pkg v3.1.1</title> + <title>Services:2.9.6.2 pkg v3.1.2</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -279,7 +279,7 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.1.1") + if ($GLOBALS['pfSense_snort_version'] == "3.1.2") sync_snort_package_config(); ]]> </custom_php_resync_config_command> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 1c9d8492..c04f4e31 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * @@ -164,6 +165,21 @@ if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; $anentries = $pconfig['alertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['save']) { if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -344,7 +360,6 @@ include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php include_once("fbegin.inc"); @@ -444,7 +459,7 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> @@ -488,16 +503,12 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_src .= "<br/>"; - if ($pfs_version > 2.0) { - $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $alert_ip_src .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[6]}');\" title=\""; + $alert_ip_src .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_src .= " style=\"cursor: pointer;\"/>"; /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && @@ -521,16 +532,13 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_dst .= "<br/>"; - if ($pfs_version > 2.0) { - $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $alert_ip_dst .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[8]}');\" title=\""; + $alert_ip_dst .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_dst .= " style=\"cursor: pointer;\"/>"; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { @@ -580,11 +588,11 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { <td class='listr' align='center'>{$alert_priority}</td> <td class='listr' align='center'>{$alert_proto}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[6]};\" sorttable_customkey=\"{$fields[6]}\">{$alert_ip_src}</td> <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[8]};\" sorttable_customkey=\"{$fields[8]}\">{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[2]};\" sorttable_customkey=\"{$fields[2]}\">{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; $counter++; @@ -622,5 +630,38 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) { document.getElementById("descr").value = ruledescr; } </script> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/snort/snort_alerts.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 97301a0f..087724e3 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without @@ -50,6 +51,21 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['todelete']) { $ip = ""; if ($_POST['ip']) @@ -133,7 +149,6 @@ include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php @@ -214,11 +229,11 @@ if ($savemsg) { <col width="10%" align="center"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number">#</th> <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> - <th class="listhdrr"><?php echo gettext("Remove"); ?></th> + <th class="listhdrr sorttable_nosort"><?php echo gettext("Remove"); ?></th> </tr> </thead> <tbody> @@ -278,20 +293,16 @@ if ($savemsg) { $tmp_ip = str_replace(":", ":​", $blocked_ip); /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ $rdns_link = ""; - if ($pfs_version > 2.0) { - $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $rdns_link .= "<img onclick=\"javascript:resolve_with_ajax('{$blocked_ip}');\" title=\""; + $rdns_link .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $rdns_link.= " style=\"cursor: pointer;\"/>"; + /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <td align=\"center\" valign=\"middle\" class=\"listr\"> <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> </tr>\n"; @@ -325,5 +336,38 @@ if ($savemsg) { <?php include("fend.inc"); ?> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/snort/snort_blocked.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 7f8bc7a1..ff05bdfd 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -251,7 +251,7 @@ include_once("head.inc"); <p style="text-align:center;" class="vexpl"> <font class="red"><b><?php echo gettext("WARNING:");?></b></font> <?php echo gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> + gettext('Visit the ') . '<a href="/snort/snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> <br/></p> <?php else: ?> <br/> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index ca8d03ee..fb573a73 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -176,6 +176,9 @@ if ($_POST["save"] && !$input_errors) { /* if no errors write to conf */ if (!$input_errors) { + /* Most changes don't require a rules rebuild, so default to "off" */ + $rebuild_rules = false; + $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; @@ -360,9 +363,6 @@ if ($_POST["save"] && !$input_errors) { /* Save configuration changes */ write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); - /* Most changes don't require a rules rebuild, so default to "off" */ - $rebuild_rules = false; - /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 849dea8f..195e1a5e 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -219,8 +219,8 @@ if ($input_errors) <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> <tr> <td> </td> - <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> - <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> + <td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> + <a href="https://www.snort.org/products" target="_blank"> <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> </tr> </table> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 5e1e5113..af02261f 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -459,7 +459,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2"; log_error("[Snort] Saving configuration settings in new format..."); write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index f501e0fc..d5b89877 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -39,6 +39,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$pconfig = array(); + if ($_POST['cancel']) { header("Location: /snort/snort_passlist.php"); exit; @@ -52,24 +54,63 @@ $a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item']; if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -elseif (isset($_GET['id']) && is_numericint($_GET['id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) { $id = htmlspecialchars($_GET['id']); +} /* Should never be called without identifying list index, so bail */ if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); + header("Location: /snort/snort_passlist.php"); exit; } +if (isset($id) && isset($a_passlist[$id])) { + /* Retrieve saved settings */ + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['name'] = htmlspecialchars($_GET['name']); + $pconfig['uuid'] = htmlspecialchars($_GET['uuid']); + $pconfig['address'] = htmlspecialchars($_GET['address']); + $pconfig['descr'] = htmlspecialchars($_GET['descr']); + $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; + $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; + $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; + $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; + $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; + $pconfig['vpnips'] = htmlspecialchars($_GET['vpnips'])? 'yes' : 'no'; + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + /* If no entry for this passlist, then create a UUID and treat it like a new list */ -if (!isset($a_passlist[$id]['uuid'])) { +if (!isset($a_passlist[$id]['uuid']) && empty($pconfig['uuid'])) { $passlist_uuid = 0; while ($passlist_uuid > 65535 || $passlist_uuid == 0) { $passlist_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $passlist_uuid; $pconfig['name'] = "passlist_{$passlist_uuid}"; } -} else +} +elseif (!empty($pconfig['uuid'])) { + $passlist_uuid = $pconfig['uuid']; +} +else $passlist_uuid = $a_passlist[$id]['uuid']; /* returns true if $name is a valid name for a pass list file name or ip */ @@ -83,28 +124,6 @@ function is_validpasslistname($name) { return false; } -if (isset($id) && $a_passlist[$id]) { - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_passlist[$id]['name']; - $pconfig['uuid'] = $a_passlist[$id]['uuid']; - $pconfig['detail'] = $a_passlist[$id]['detail']; - $pconfig['address'] = $a_passlist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); - $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; - $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; - $pconfig['vips'] = $a_passlist[$id]['vips']; - $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); -} - if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -126,11 +145,11 @@ if ($_POST['save']) { $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); /* check for name conflicts */ - foreach ($a_passlist as $w_list) { - if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + foreach ($a_passlist as $p_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $p_list)) continue; - if ($w_list['name'] == $_POST['name']) { + if ($p_list['name'] == $_POST['name']) { $input_errors[] = gettext("A Pass List file name with this name already exists."); break; } @@ -141,27 +160,25 @@ if ($_POST['save']) { $input_errors[] = gettext("A valid alias must be provided"); if (!$input_errors) { - $w_list = array(); + $p_list = array(); /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $passlist_uuid; - $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $_POST['address']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; + $p_list['name'] = $_POST['name']; + $p_list['uuid'] = $passlist_uuid; + $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $p_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + $p_list['address'] = $_POST['address']; + $p_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); if (isset($id) && $a_passlist[$id]) - $a_passlist[$id] = $w_list; + $a_passlist[$id] = $p_list; else - $a_passlist[] = $w_list; + $a_passlist[] = $p_list; - write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + write_config("Snort pkg: modified PASS LIST {$p_list['name']}."); /* create pass list and homenet file, then sync files */ sync_snort_package_config(); @@ -284,8 +301,8 @@ if ($savemsg) </td> <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" - title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> @@ -326,6 +343,29 @@ function createAutoSuggest() { setTimeout("createAutoSuggest();", 500); +function selectAlias() { + + var loc; + var fields = [ "name", "descr", "localnets", "wanips", "wangateips", "wandnsips", "vips", "vpnips", "address" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=address&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + </script> <?php include("fend.inc"); ?> </body> diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 25be448a..c1be72cc 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -178,7 +178,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2"; write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index da1c515e..133c0513 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -240,7 +240,17 @@ $disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log"; // Check for returned "selected alias" if action is import if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['sf_portscan'] = htmlspecialchars($_GET['sf_portscan'])? 'on' : 'off'; + $pconfig['pscan_ignore_scanners'] = htmlspecialchars($_GET['pscan_ignore_scanners']); + $pconfig['pscan_protocol'] = htmlspecialchars($_GET['pscan_protocol']); + $pconfig['pscan_type'] = htmlspecialchars($_GET['pscan_type']); + $pconfig['pscan_memcap'] = htmlspecialchars($_GET['pscan_memcap']); + $pconfig['pscan_sense_level'] = htmlspecialchars($_GET['pscan_sense_level']); + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } // Handle deleting of any of the multiple configuration engines @@ -1237,7 +1247,7 @@ if ($savemsg) { value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>"> <?php echo gettext("Leave blank for default. ") . gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td> <td class="vexpl" align="right"> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -2205,6 +2215,29 @@ function wopen(url, name, w, h) win.focus(); } +function selectAlias() { + + var loc; + var fields = [ "sf_portscan", "pscan_protocol", "pscan_type", "pscan_sense_level", "pscan_memcap", "pscan_ignore_scanners" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=pscan_ignore_scanners&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + // Set initial state of form controls enable_change_all(); diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index df17efc0..8d9aa6ba 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -157,12 +157,16 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it back to default if present; otherwise, - // add it to the appropriate modified SID list. - if (isset($enablesid[$gid][$sid])) + // and toggle if present; otherwise, add it to the + // appropriate modified SID list. + if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); - elseif (isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + } + elseif (isset($disablesid[$gid][$sid])) { unset($disablesid[$gid][$sid]); + $enablesid[$gid][$sid] = "enablesid"; + } else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; @@ -198,6 +202,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & /* Update the config.xml file. */ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); + + // Set a scroll-to anchor location $anchor = "rule_{$gid}_{$sid}"; } elseif ($_POST['disable_all'] && !empty($rules_map)) { @@ -237,6 +245,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -274,6 +285,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -313,6 +327,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -322,9 +339,13 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); + clear_subsystem_dirty('snort_rules'); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); @@ -365,6 +386,8 @@ elseif ($_POST['save']) { $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); } + + clear_subsystem_dirty('snort_rules'); } else if ($_POST['apply']) { /* Save new configuration */ @@ -382,9 +405,11 @@ else if ($_POST['apply']) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_rules'); } -require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); @@ -411,6 +436,11 @@ if ($savemsg) { <input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> <input type='hidden' name='sid' id='sid' value=''/> <input type='hidden' name='gid' id='gid' value=''/> + +<?php if (is_subsystem_dirty('snort_rules')): ?><p> +<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -570,8 +600,8 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list sorttable_nosort"> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Proto"); ?></th> @@ -595,7 +625,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -608,7 +638,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -638,7 +668,7 @@ if ($savemsg) { $message = snort_get_msg($v['rule']); // description field $sid_tooltip = gettext("View the raw text for this rule"); - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss} <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; document.getElementById('gid').value='{$gid}';\" src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" @@ -693,8 +723,8 @@ if ($savemsg) { <col align="left" axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list" sorttable_nosort> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Classification"); ?></th> @@ -714,7 +744,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -727,7 +757,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -747,7 +777,7 @@ if ($savemsg) { else $policy = "none"; - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} + echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss} <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; document.getElementById('gid').value='{$gid}';\" src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index d7c18a9d..cbb7b631 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -216,7 +216,7 @@ if ($savemsg) <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> @@ -263,7 +263,7 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "<tr>" . - "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"sorttable_customkey:{$sid};\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" . "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc index 70e149e1..8fb6170f 100644 --- a/config/tinydns/tinydns.inc +++ b/config/tinydns/tinydns.inc @@ -92,10 +92,11 @@ svscan_start () { /usr/bin/env \ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ /usr/sbin/daemon -f /bin/sh -c "\$command \$svscan_servicedir 2>&1 | /usr/local/bin/multilog t \$logdir" > /dev/null + EOD; if ($enableipmonitoring) { $svscan .= <<<EOD - minicron {$refreshinterval} {$g['varrun_path']}/ping_hosts.pid "/etc/ping_hosts.sh; cd {$g['varetc_path']}/tinydns/root && /usr/local/bin/tinydns-data" + /usr/local/bin/minicron {$refreshinterval} {$g['varrun_path']}/ping_hosts.pid "/usr/local/bin/ping_hosts.sh" EOD; } $svscan .= <<<EOD @@ -105,6 +106,7 @@ $svscan .= <<<EOD svscan_stop_post () { echo "Stopping svscan." find -L "\$svscan_servicedir" -mindepth 1 -maxdepth 2 -type d \( \! -path "\$svscan_servicedir/*/*" -or -name 'log' \) -print0 | xargs -0 /usr/local/bin/svc -dx + /bin/pkill -F /var/run/ping_hosts.pid } run_rc_command "\$1" @@ -117,11 +119,12 @@ EOD; $filename = "tinydns.sh"; $start = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP <?php + require_once(\"functions.inc\"); require_once(\"/usr/local/pkg/tinydns.inc\"); tinydns_custom_php_changeip_command(); tinydns_create_zone_file();\n"; if ($enableipmonitoring) { - $start .= "tinydns_setup_ping_items();\n"; + $start .= "tinydns_setup_ping_items();\n"; } $start .= "?> ENDPHP\n"; @@ -140,7 +143,6 @@ ENDPHP\n"; /bin/rm -rf {$g['varetc_path']}/dnscache* 2>/dev/null /bin/rm -rf {$g['varetc_path']}/axfrdns 2>/dev/null /bin/rm -rf {$g['varrun_path']}/axfrdns 2>/dev/null - /bin/pkill -F /var/run/ping_hosts.pid ENDSH; @@ -359,16 +361,16 @@ function tinydns_get_record_status($record, $pingthreshold = "", $wanpingthresho return "UP"; } -function tinydns_get_backup_record($record) { +function tinydns_get_backup_record($record, $recordtype) { global $g, $config; if($config['installedpackages']['tinydnsdomains']) { foreach($config['installedpackages']['tinydnsdomains']['config'] as $domain) { - if($domain['ipaddress'] == $record) { - /* if no failover host exists, simply return original record */ + if($domain['hostname'] == $record && $domain['recordtype'] == $recordtype) { + /* if no failover host exists, simply return original ipaddress */ if(!$domain['row']) - return $record; + return $domain['ipaddress']; foreach($domain['row'] as $row) { - $status = tinydns_get_record_status($row['failoverip']); + $status = tinydns_get_record_status($row['monitorip']); if($status == "UP") return $row['failoverip']; } @@ -398,39 +400,60 @@ function tinydns_setup_ping_items() { * status and create a database of the status information that we can use. */ foreach($config['installedpackages']['tinydnsdomains']['config'] as $domain) { - if(!in_array($domain['ipaddress'], $processed)) { - fwrite($fd, $ip . "|" . $domain['ipaddress'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php\n"); - $processed[] = $domain['ipaddress']; - } - if($domain['monitorip'] <> "") - $monitorip = $domain['monitorip']; + if(!$domain['monitorip']) + continue; + if($domain['recordtype'] == "AAAA") + $inet = "inet6"; + else + $inet = ""; + $monitorip = $domain['monitorip']; + $interface = $domain['interface']; if($domain['row']) { foreach($domain['row'] as $row) { if($row['pingthreshold']) $pingthreshold = $row['pingthreshold']; else - $row['pingthreshold'] = ""; + $pingthreshold = ""; + + if($row['wanpingthreshold']) + $wanpingthreshold = $row['wanpingthreshold']; + else + $wanpingthreshold = ""; + + $info = get_interface_info($row['interface']); + if($domain['recordtype'] == "AAAA") + $ip = $info['ipaddrv6']; + else + $ip = $info['ipaddr']; + if($row['monitorip']) { if(!in_array($row['monitorip'], $processed)) { - fwrite($fd, $ip . "|" . $row['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $row['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $row['monitorip']; } } else { if(!in_array($monitorip, $processed)) { - fwrite($fd, $ip . "|" . $monitorip . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $monitorip . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $monitorip; } } } } + + $info = get_interface_info($domain['interface']); + if($domain['recordtype'] == "AAAA") + $ip = $info['ipaddrv6']; + else + $ip = $info['ipaddr']; + if($domain['monitorip']) { if(!in_array($domain['monitorip'], $processed)) { - fwrite($fd, $ip . "|" . $domain['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $domain['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $domain['monitorip']; } } else { if(!in_array($row['failoverip'], $processed)) { - fwrite($fd, $ip . "|" . $row['failoverip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $row['failoverip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $row['failoverip']; } } @@ -535,7 +558,9 @@ function tinydns_create_zone_file() { for($x=0; $x< count($config['installedpackages']['tinydnsdomains']['config']); $x++) { $domain = $config['installedpackages']['tinydnsdomains']['config'][$x]; $record_data = ""; + $monitorip = ""; $hostname = $domain['hostname']; + $recordtype = $domain['recordtype']; $ipaddress = $domain['ipaddress']; $ttl = $domain['ttl']; $dist = $domain['dist']; @@ -549,9 +574,9 @@ function tinydns_create_zone_file() { if($status == "DOWN") { if($debug) log_error("$ipaddress monitor ip $monitorip is offline."); - $ipaddress = tinydns_get_backup_record($ipaddress); + $ipaddress = tinydns_get_backup_record($hostname, $recordtype); if($debug) - log_error("tinydns_get_backup_record returned $ipaddress "); + log_error("tinydns_get_backup_record for $hostname returned $ipaddress "); } } $record_data = tinydns_get_rowline_data($ipaddress, $domain['recordtype'], $ttl, $hostname, $domain['rdns'], $dist, $domain['src_port'], $domain['src_weight'], $domain['src_priority'], $domain['src_timestamp']); @@ -694,7 +719,8 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) { /* tell tinydns to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/tinydns.inc');\n"; + $execcmd = "require_once('functions.inc');\n"; + $execcmd .= "require_once('/usr/local/pkg/tinydns.inc');\n"; $execcmd .= "tinydns_custom_php_changeip_command();\n"; $execcmd .= "tinydns_create_zone_file();\n"; if ($config['installedpackages']['tinydns']['config'][0]['enableipmonitoring']) { @@ -1099,6 +1125,9 @@ function tinydns_get_dns_record_type($tinydnsrecord) { case($tinydnsrecord[0] == "+"): $rtype = "A"; break; + case($tinydnsrecord[0] == ":"): + $rtype = "AAAA"; + break; case($tinydnsrecord[0] == "@"): $rtype = "MX"; break; diff --git a/config/tinydns/tinydns_domains.xml b/config/tinydns/tinydns_domains.xml index bf2194b3..52d287f5 100644 --- a/config/tinydns/tinydns_domains.xml +++ b/config/tinydns/tinydns_domains.xml @@ -83,6 +83,10 @@ <fieldname>recordtype</fieldname> </columnitem> <columnitem> + <fielddescr>Prio</fielddescr> + <fieldname>dist</fieldname> + </columnitem> + <columnitem> <fielddescr>rDNS</fielddescr> <fieldname>rdns</fieldname> </columnitem> @@ -94,6 +98,10 @@ <fielddescr>TTL</fielddescr> <fieldname>ttl</fieldname> </columnitem> + <columnitem> + <fielddescr>monitoring</fielddescr> + <fieldname>monitorip</fieldname> + </columnitem> </adddeleteeditpagefields> <fields> <field> @@ -250,6 +258,13 @@ <size>35</size> </field> <field> + <fielddescr>Interface</fielddescr> + <description>interface to ping via</description> + <fieldname>interface</fieldname> + <type>interfaces_selection</type> + <size>1</size> + </field> + <field> <fielddescr>Failover hold time</fielddescr> <description>Time in minutes before DNS switches to backup host</description> <fieldname>threshhold</fieldname> @@ -295,6 +310,13 @@ <type>input</type> <size>15</size> </rowhelperfield> + <rowhelperfield> + <fielddescr>interface</fielddescr> + <fieldname>interface</fieldname> + <description>interface to ping via</description> + <type>interfaces_selection</type> + <size>1</size> + </rowhelperfield> </rowhelper> </field> </fields> diff --git a/config/tinydns/tinydns_status.php b/config/tinydns/tinydns_status.php index ba119da9..afc37f1c 100644 --- a/config/tinydns/tinydns_status.php +++ b/config/tinydns/tinydns_status.php @@ -30,6 +30,7 @@ */ require("guiconfig.inc"); +require("tinydns.inc"); /* Defaults to this page but if no settings are present, redirect to setup page */ if(!$config['installedpackages']['tinydnsdomains']['config']) @@ -79,10 +80,11 @@ if ($pf_version < 2.0) <td class="tabcont" > <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td width="55%" class="listhdrr">IP</td> - <td width="15%" class="listhdrr">Status</td> + <td width="45%" class="listhdrr">IP</td> + <td width="10%" class="listhdrr">Status</td> <td width="15%" class="listhdrr">In Service</td> - <td width="25%" class="listhdrr">Response time</td> + <td width="15%" class="listhdrr">Monitor ip</td> + <td width="15%" class="listhdrr">Response time</td> </tr> <?php @@ -104,7 +106,8 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { $status = file_get_contents("/var/db/pingstatus/$monitorip"); else $status = "N/A"; - if(stristr($tinydns_data, "+{$hostname}:{$ipaddress}")) + $ip6 = tinydns_get_ip6_format($ipaddress); + if(stristr($tinydns_data, "+{$hostname}:{$ipaddress}") || stristr($tinydns_data, "={$hostname}:{$ipaddress}") || stristr($tinydns_data, ":{$hostname}:28:{$ip6}")) $inservice = "<FONT COLOR='GREEN'>YES</FONT>"; else $inservice = "<FONT COLOR='BLUE'>NO</FONT>"; @@ -115,8 +118,10 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { echo "<td class=\"listlr\">"; if(stristr($status,"DOWN")) echo "<FONT COLOR='red'>DOWN</FONT>"; - else + else if(stristr($status,"UP")) echo "UP"; + else + echo "N/A"; echo "</td>"; echo "<td class=\"listlr\">"; @@ -130,7 +135,16 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); else $msstatus = "N/A"; - echo "<!-- " . $monitorip . " -->" . $msstatus; + echo $monitorip; + echo "</td>"; + echo "<td class=\"listlr\">"; + if(!$monitorip) + $monitorip = $ipaddress; + if(file_exists("/var/db/pingmsstatus/$monitorip")) + $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); + else + $msstatus = "N/A"; + echo $msstatus; echo "</td>"; echo "</tr>"; @@ -146,7 +160,8 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { echo $ipaddress; if($row['loadbalance']) echo " (LB)"; - if(stristr($tinydns_data, "+{$hostname}:{$row['failoverip']}")) + $ip6 = tinydns_get_ip6_format($row['failoverip']); + if(stristr($tinydns_data, "+{$hostname}:{$row['failoverip']}") || stristr($tinydns_data, "={$hostname}:{$row['failoverip']}") || stristr($tinydns_data, ":{$hostname}:28:{$ip6}")) $inservice = "<FONT COLOR='GREEN'>YES</FONT>"; else $inservice = "<FONT COLOR='BLUE'>NO</FONT>"; @@ -154,8 +169,11 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { echo "<td class=\"listlr\">"; if(stristr($status,"DOWN")) echo "<FONT COLOR='red'>DOWN</FONT>"; - else + else if(stristr($status,"UP")) echo "UP"; + else + echo "N/A"; + echo "</td>"; echo "<td class=\"listlr\">"; @@ -169,8 +187,17 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); else $msstatus = "N/A"; + echo $monitorip; + echo "</td>"; + echo "<td class=\"listlr\">"; + if(!$monitorip) + $monitorip = $ipaddress; + if(file_exists("/var/db/pingmsstatus/$monitorip")) + $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); + else + $msstatus = "N/A"; - echo "<!-- " . $monitorip . " -->" . $msstatus; + echo $msstatus; echo "</td>"; echo "</tr>"; } diff --git a/config/tinydns/tinydns_view_logs.php b/config/tinydns/tinydns_view_logs.php index 57daa02e..4b4f3c3f 100644 --- a/config/tinydns/tinydns_view_logs.php +++ b/config/tinydns/tinydns_view_logs.php @@ -32,7 +32,7 @@ require("guiconfig.inc"); if($_REQUEST['getactivity']) { - $tinydnslogs = `cat /var/run/service/tinydns/log/main/current | /usr/local/bin/tai64nlocal | php -f /usr/local/pkg/tinydns_parse_logs.php | grep -v ":0"`; + $tinydnslogs = `cat /var/run/service/tinydns/log/main/current | /usr/local/bin/tai64nlocal | php -f /usr/local/pkg/tinydns_parse_logs.php | grep -v ":0 "`; echo "TinyDNS Server logs as of " . date("D M j G:i:s T Y") . "\n\n"; echo $tinydnslogs; exit; @@ -53,8 +53,9 @@ include("head.inc"); /* NEED TO FIX */ if ($_POST['clear']) { -// exec("rm /etc/tinydns/log/main/current"); -// exec("touch /etc/tinydns/log/main/current"); + exec("rm /var/etc/tinydns/log/main/current"); + exec("touch /var/etc/tinydns/log/main/current"); + exec("chown Gdnslog /var/etc/tinydns/log/main/current"); } ?> diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 57ef7be3..3d2400ad 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -6,7 +6,7 @@ /* ========================================================================== */ /* zabbix2-agent.xml - part of the Zebedee package for pfSense + part of the Zabbix package for pfSense Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho @@ -41,7 +41,7 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8.1</version> + <version>0.8.3</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index b51d1d6b..00d9b106 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -6,7 +6,7 @@ /* ========================================================================== */ /* zabbix2-proxy.xml - part of the Zebedee package for pfSense + part of the Zabbix package for pfSense Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho @@ -41,7 +41,7 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8.1</version> + <version>0.8.3</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index c2ff4244..13713988 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -3,7 +3,7 @@ /* ========================================================================== */ /* zabbix2-proxy.inc - part of the Zebedee package for pfSense + part of the Zabbix package for pfSense Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho |