diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/snort/NOTES.txt | 13 | ||||
| -rw-r--r-- | config/snort/snort.inc | 669 | ||||
| -rw-r--r-- | config/snort/snort.xml | 15 | ||||
| -rw-r--r-- | config/snort/snort_alerts.php | 24 | ||||
| -rw-r--r-- | config/snort/snort_barnyard.php | 9 | ||||
| -rw-r--r-- | config/snort/snort_blocked.php | 4 | ||||
| -rw-r--r-- | config/snort/snort_check_for_rule_updates.php | 1 | ||||
| -rw-r--r-- | config/snort/snort_define_servers.php | 9 | ||||
| -rw-r--r-- | config/snort/snort_download_rules.php | 8 | ||||
| -rw-r--r-- | config/snort/snort_help_info.php | 4 | ||||
| -rw-r--r-- | config/snort/snort_interfaces.php | 8 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_edit.php | 106 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_global.php | 4 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_whitelist.php | 179 | ||||
| -rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 449 | ||||
| -rw-r--r-- | config/snort/snort_preprocessors.php | 9 | ||||
| -rw-r--r-- | config/snort/snort_rules_edit.php | 4 | ||||
| -rw-r--r-- | config/snort/snort_rulesets.php | 2 | ||||
| -rw-r--r-- | config/snort/snort_whitelist.xml | 117 |
19 files changed, 1302 insertions, 332 deletions
diff --git a/config/snort/NOTES.txt b/config/snort/NOTES.txt index 0bfae161..39d93061 100644 --- a/config/snort/NOTES.txt +++ b/config/snort/NOTES.txt @@ -1,14 +1,15 @@ March 26 2019 -Snort-dev 2.8.5.3 pk v. 18 final +Snort-dev 2.8.5.3 pk v. 22 final -Final day. - -Odds and ends left. - -Pierre POMES code needs to be added. +TODO: +Create Threshold GUI +Pf snort block table should survive reboots. Dont know how Im going to do this. +Create Upload GUI. Use Pierre POMES code. +Use Chroot for snort. +Add log rotation and log dir size display Threshold tab needs to be added. diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 104c1a5a..e6b2fa5c 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -48,6 +48,131 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') /* tell me my theme */ $pfsense_theme_is = $config['theme']; +/* func builds custom whitelests */ +function find_whitelist_key($find_wlist_number) { + global $config, $g; + + $whitelist_array = $config['installedpackages']['snortglobal']['whitelist']['item']; + $w_key = -1; + + foreach ($whitelist_array as $value) { + $w_key += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$w_key]['uuid'] == $find_wlist_number) { + return $w_key; + } + } +} + +/* func builds custom whitelests */ +function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { +global $config, $g; + + /* build an interface array list */ + $int_array = array('lan'); + for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) + if(isset($config['interfaces']['opt' . $j]['enable'])) + if(!$config['interfaces']['opt' . $j]['gateway']) + $int_array[] = "opt{$j}"; + + /* iterate through interface list and write out whitelist items + * and also compile a home_net list for snort. + */ + foreach($int_array as $int) { + /* calculate interface subnet information */ + $ifcfg = &$config['interfaces'][$int]; + $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); + $subnetmask = gen_subnet_mask($ifcfg['subnet']); + if($subnet == "pppoe" or $subnet == "dhcp") { + $subnet = find_interface_ip("ng0"); + if($subnet) + $home_net .= "{$subnet} "; + } else { + if ($subnet) + if($ifcfg['subnet']) + $home_net .= "{$subnet}/{$ifcfg['subnet']} "; + } + } + + if($wanip == 'yes') { + /* add all WAN ips to the whitelist */ + $wan_if = get_real_wan_interface(); + $ip = find_interface_ip($wan_if); + if($ip) + $home_net .= "{$ip} "; + } + + if($wangw == 'yes') { + /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ + $int = convert_friendly_interface_to_real_interface_name2("WAN"); + $gw = get_interface_gateway($int); + if($gw) + $home_net .= "{$gw} "; + } + + if($wandns == 'yes') { + /* Add DNS server for WAN interface to whitelist */ + $dns_servers = get_dns_servers(); + foreach($dns_servers as $dns) { + if($dns) + $home_net .= "{$dns} "; + } + } + + /* Add loopback to whitelist (ftphelper) */ + $home_net .= "127.0.0.1"; + + if($vips == 'yes') { + /* iterate all vips and add to whitelist */ + if($config['virtualip']) + foreach($config['virtualip']['vip'] as $vip) + if($vip['subnet']) + $home_net .= $vip['subnet'] . " "; + } + + /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ + if($vpns == 'yes') + { + if ($pfsense_stable == 'yes') // chk what pfsense version were on + { + $vpns_list = get_vpns_list(); + } + + if ($pfsense_stable == 'no') // chk what pfsense version were on + { + $vpns_list = filter_get_vpns_list(); + } + + $home_net .= "$vpns_list "; + } + + /* never ever compair numbers to words */ + if($userwips > -1) + { + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + + $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address']; + } + + /* this foe whitelistfile, convert spaces to carriage returns */ + $whitelist_home_net = str_replace(" ", " ", $home_net); + $whitelist_home_net = str_replace(" ", "\n", $home_net); + + /* this is for snort.conf */ + $home_net = trim($home_net); + $home_net = str_replace(" ", ",", $home_net); + $home_net = "[{$home_net}]"; + + if($build_netlist == 'netlist') { + return $home_net; + } + + if($build_netlist == 'whitelist') { + return $whitelist_home_net; + } +} + + /* checks to see if snort is running yes/no and stop/start */ function Running_Ck($snort_uuid, $if_real, $id) { global $config; @@ -113,6 +238,9 @@ $pfsense_theme_is = $config['theme']; function Running_Stop($snort_uuid, $if_real, $id) { global $config; + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); @@ -155,17 +283,20 @@ $pfsense_theme_is = $config['theme']; function Running_Start($snort_uuid, $if_real, $id) { global $config; + + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') { - exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}{$if_real}\" -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}{$if_real}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); } /* define snortbarnyardlog_chk */ /* top will have trouble if the uuid is to far back */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '' && $snort_info_chk == 'on') { - exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"); + exec("/usr/local/bin/barnyard2 -f \"snort_{$snort_uuid}_{$if_real}.u2\" -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"); } /* Log Iface stop */ @@ -203,36 +334,138 @@ ini_set('max_input_time', '9999'); /* define oinkid */ if($config['installedpackages']['snortglobal']) $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; + -function snort_postinstall() +/* +this code block is for deleteing logs while keeping the newest file, +snort is linked to these files while running, do not take the easy way out +by touch and rm, snort will lose sync and not log. + +this code needs to be watched. +*/ + +/* list dir files */ +function snort_file_list($snort_log_dir, $snort_log_file) { - global $config; - conf_mount_rw(); + $dir = opendir ("$snort_log_dir"); + while (false !== ($file = readdir($dir))) { + if (strpos($file, "$snort_log_file",1) ) { + $file_list[] = $file; + } + } + return $file_list; +} - if(!file_exists('/var/log/snort/')) { - mwexec('mkdir -p /var/log/snort/'); - mwexec('mkdir -p /var/log/snort/barnyard2'); - } +/* snort dir files */ +function snort_file_sort($snort_file1, $snort_file2) +{ + if ($snort_file1 == $snort_file2) { + return 0; + } + return ($snort_file1 < $snort_file2); // ? -1 : 1; // this flips the array +} - if(!file_exists('/var/log/snort/alert')) { - touch('/var/log/snort/alert'); - }else{ - exec('/bin/rm -rf /var/log/snort/*'); - touch('/var/log/snort/alert'); - } - +/* build files newest first array */ +function snort_build_order($snort_list) +{ + foreach ($snort_list as $value_list) { + $list_order[] = $value_list; + } + return $list_order; +} + +/* keep the newest remove the rest */ +function snort_remove_files($snort_list_rm, $snort_file_safe) +{ + foreach ($snort_list_rm as $value_list) + { + if ($value_list != $snort_file_safe) { + exec("/bin/rm /var/log/snort/$value_list"); + }else{ + exec("/bin/echo '' > /var/log/snort/$snort_file_safe"); + } + } +} + +function post_delete_logs() +{ + global $config, $g; + + + $snort_log_dir = '/var/log/snort'; + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + if ($id == '') { + $id = 0; + } + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + if ($if_real != '' && $snort_uuid != '') + { + if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') + { + $snort_log_file_u2 = "{$snort_uuid}_{$if_real}.u2."; + $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); + if (is_array($snort_list_u2)) { + usort($snort_list_u2, "snort_file_sort"); + $snort_u2_rm_list = snort_build_order($snort_list_u2); + snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); + } + }else{ + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.u2*"); + } + + if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') + { + $snort_log_file_tcpd = "{$snort_uuid}_{$if_real}.tcpdump."; + $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); + if (is_array($snort_list_tcpd)) { + usort($snort_list_tcpd, "snort_file_sort"); + $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); + snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); + } + }else{ + exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}_{$if_real}.tcpdump*"); + } + + /* create barnyard2 configuration file */ + //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') + //create_barnyard2_conf($id, $if_real, $snort_uuid); + + if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) + { + exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}_{$if_real}.stats"); + } + } + } + } +} + +function snort_postinstall() +{ + global $config; + conf_mount_rw(); + /* snort -> advanced features */ $bpfbufsize = $config['installedpackages']['snortglobal']['bpfbufsize']; $bpfmaxbufsize = $config['installedpackages']['snortglobal']['bpfmaxbufsize']; $bpfmaxinsns = $config['installedpackages']['snortglobal']['bpfmaxinsns']; - - /* create a few directories and ensure the sample files are in place */ - exec('/bin/mkdir -p /usr/local/etc/snort'); - exec('/bin/mkdir -p /var/log/snort'); - exec('/bin/mkdir -p /usr/local/etc/snort/rules'); - + /* cleanup default files */ if(file_exists('/usr/local/etc/snort/snort.conf-sample')) { exec('/bin/rm /usr/local/etc/snort/snort.conf-sample'); @@ -248,31 +481,80 @@ function snort_postinstall() exec('/bin/rm /usr/local/etc/rc.d/bardyard2'); } - if(!file_exists('/usr/local/etc/snort/custom_rules')) + /* remove example files */ + if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) { - exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules/'); + exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); } + if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) + { + exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); + } + + /* add snort user and group note: 920 keep the numbers < 2000, above this is reserved in pfSense 2.0 */ exec('/usr/sbin/pw groupadd snort -g 920'); exec('/usr/sbin/pw useradd snort -u 920 -c "Snort User" -d /nonexistent -g snort -s /sbin/nologin'); - exec('/usr/sbin/chown -R snort:snort /var/log/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); - exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); - exec('/bin/chmod -R 755 /var/log/snort'); - exec('/bin/chmod -R 755 /usr/local/etc/snort'); - exec('/bin/chmod -R 755 /usr/local/lib/snort'); + + + /* create a few directories and ensure the sample files are in place */ + if(!file_exists('/usr/local/etc/snort')) + { + exec('/bin/mkdir -p /usr/local/etc/snort'); + } + + if(!file_exists('/usr/local/etc/snort/custom_rules')) + { + exec('/bin/mkdir -p /usr/local/etc/snort/custom_rules/'); + } + if(!file_exists('/usr/local/etc/snort/whitelist')) + { + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); + } - /* remove example files */ - if(file_exists('/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0')) + if(!file_exists('/var/log/snort/run')) { - exec('/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example*'); + exec('/bin/mkdir -p /var/log/snort/run'); } - if(file_exists('/usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so')) + if(!file_exists('/var/log/snort/barnyard2')) { - exec('/bin/rm /usr/local/lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example*'); + exec('/bin/mkdir -p /var/log/snort/barnyard2/'); + } + + if(!file_exists('/var/db/whitelist')) + { + touch('/var/db/whitelist'); + } + + /* if users have old log files delete them */ + if(!file_exists('/var/log/snort/alert')) { + touch('/var/log/snort/alert'); + }else{ + exec('/bin/rm -rf /var/log/snort/*'); + touch('/var/log/snort/alert'); } + + /* important */ + exec('/usr/sbin/chown -R snort:snort /var/log/snort'); + exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); + exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); + exec('/usr/sbin/chown snort:snort /tmp/snort*'); + exec('/usr/sbin/chown snort:snort /var/db/whitelist'); + exec('/bin/chmod 660 /var/log/snort/alert'); + exec('/bin/chmod 660 /var/db/whitelist'); + exec('/bin/chmod -R 660 /usr/local/etc/snort/*'); + exec('/bin/chmod -R 660 /tmp/snort*'); + exec('/bin/chmod -R 660 /var/run/snort*'); + exec('/bin/chmod -R 660 /var/snort/run/*'); + exec('/bin/chmod 770 /usr/local/lib/snort'); + exec('/bin/chmod 770 /usr/local/etc/snort'); + exec('/bin/chmod 770 /usr/local/etc/whitelist'); + exec('/bin/chmod 770 /var/log/snort'); + exec('/bin/chmod 770 /var/log/snort/run'); + exec('/bin/chmod 770 /var/log/snort/barnyard2'); + /* find out if were in 1.2.3-RELEASE */ $pfsense_ver_chk = exec('/bin/cat /etc/version'); @@ -318,20 +600,19 @@ function snort_postinstall() }else{ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/bin/8.0.x86/barnyard2'); } - exec('/bin/chmod 077 /usr/local/bin/barnyard2'); + exec('/bin/chmod 755 /usr/local/bin/barnyard2'); /* back to default */ chdir ("/root/"); - /* make sure snort-pld is deinstalled */ + /* make sure snort-old is deinstalled */ /* remove when snort-old is removed */ unset($config['installedpackages']['snort']); unset($config['installedpackages']['snortdefservers']); unset($config['installedpackages']['snortwhitelist']); unset($config['installedpackages']['snortthreshold']); unset($config['installedpackages']['snortadvanced']); - write_config(); - conf_mount_rw(); + write_config(); conf_mount_ro(); @@ -629,18 +910,45 @@ function sync_snort_package() conf_mount_rw(); /* all new files are for the user snort nologin */ - if(!file_exists("/var/log/snort")) + if(!file_exists('/var/log/snort')) { - exec("/bin/mkdir -p /var/log/snort"); + exec('/bin/mkdir -p /var/log/snort'); } - exec("/usr/sbin/chown -R snort:snort /var/log/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort"); - exec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort"); - exec("/bin/chmod -R 755 /var/log/snort"); - exec("/bin/chmod -R 755 /usr/local/etc/snort"); - exec("/bin/chmod -R 755 /usr/local/lib/snort"); - + if(!file_exists('/var/log/snort/run')) + { + exec('/bin/mkdir -p /var/log/snort/run'); + } + + if(!file_exists('/var/log/snort/barnyard2')) + { + exec('/bin/mkdir -p /var/log/snort/barnyard2'); + } + + /* all new files are for the user snort nologin */ + if(!file_exists('/var/log/snort/alert')) + { + exec('/usr/bin/touch /var/log/snort/alert'); + } + + /* important */ + exec('/usr/sbin/chown -R snort:snort /var/log/snort'); + exec('/usr/sbin/chown -R snort:snort /usr/local/etc/snort'); + exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); + exec('/usr/sbin/chown snort:snort /tmp/snort*'); + exec('/usr/sbin/chown snort:snort /var/db/whitelist'); + exec('/bin/chmod 770 /usr/local/lib/snort'); + exec('/bin/chmod 770 /var/log/snort'); + exec('/bin/chmod 770 /var/log/snort/run'); + exec('/bin/chmod 770 /var/log/snort/barnyard2'); + exec('/bin/chmod 660 /var/log/snort/alert'); + exec('/bin/chmod 660 /var/db/whitelist'); + exec('/bin/chmod -R 660 /usr/local/etc/snort/*'); + exec('/bin/chmod -R 660 /tmp/snort*'); + exec('/bin/chmod -R 660 /var/run/snort*'); + exec('/bin/chmod -R 660 /var/snort/run/*'); + exec('/bin/chmod 770 /usr/local/etc/snort/'); + exec('/bin/chmod 770 /usr/local/etc/whitelist/'); conf_mount_ro(); } @@ -670,13 +978,18 @@ if ($id != '' && $if_real != '') //new $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - + /* create snort configuration file */ create_snort_conf($id, $if_real, $snort_uuid); /* if rules exist cp rules to each iface */ create_rules_iface($id, $if_real, $snort_uuid); - + + /* only build whitelist when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ + create_snort_whitelist($id, $if_real); + } + /* create snort bootup file snort.sh only create once */ create_snort_sh(); @@ -720,11 +1033,17 @@ function sync_snort_package_empty() $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { + /* create snort configuration file */ create_snort_conf($id, $if_real, $snort_uuid); /* if rules exist cp rules to each iface */ create_rules_iface($id, $if_real, $snort_uuid); + + /* only build whitelist when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ + create_snort_whitelist($id, $if_real); + } /* create barnyard2 configuration file */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; @@ -772,8 +1091,14 @@ function sync_snort_package_config() $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; if ($if_real != '' && $snort_uuid != '') { + /* create snort configuration file */ create_snort_conf($id, $if_real, $snort_uuid); + + /* only build whitelist when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ + create_snort_whitelist($id, $if_real); + } /* create barnyard2 configuration file */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; @@ -794,6 +1119,106 @@ function sync_snort_package_config() /* Start of main config files */ /* Start of main config files */ +function create_snort_whitelist($id, $if_real) { + + global $config, $g; + conf_mount_rw(); + + /* make sure dir is there */ + if (!file_exists('/usr/local/etc/snort/whitelist/')) { + exec('/bin/mkdir -p /usr/local/etc/snort/whitelist/'); + } + + if ($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'] == 'default') { + + /* open snort's whitelist for writing */ + $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w"); + if(!$whitelist_w) { + log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing."); + return; + } + + $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); + + }else{ + + preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt); + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt); + + $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]); + + $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype']; + $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips']; + $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips']; + $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips']; + $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips']; + $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips']; + + /* open snort's whitelist for writing */ + $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w"); + if(!$whitelist_w) { + log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing."); + return; + } + + $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w); + + } + + fwrite($whitelist_w, $w_data); + fclose($whitelist_w); + conf_mount_ro(); + +} + +function create_snort_homenet($id, $if_real) { + + global $config, $g; + conf_mount_rw(); + + if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') { + return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); + }else{ + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt); + + $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]); + + $build_netlist_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['snortlisttype']; + $wanip_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wanips']; + $wangw_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wangateips']; + $wandns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['wandnsips']; + $vips_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vips']; + $vpns_h = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_h]['vpnips']; + + return build_base_whitelist($build_netlist_h, $wanip_h, $wangw_h, $wandns_h, $vips_h, $vpns_h, $whitelist_key_h); + + } + + conf_mount_ro(); + +} + +function create_snort_externalnet($id, $if_real) { + + global $config, $g; + conf_mount_rw(); + + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt); + + $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]); + + $build_netlist_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['snortlisttype']; + $wanip_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wanips']; + $wangw_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wangateips']; + $wandns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['wandnsips']; + $vips_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vips']; + $vpns_ex = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_ex]['vpnips']; + + return build_base_whitelist($build_netlist_ex, $wanip_ex, $wangw_ex, $wandns_ex, $vips_ex, $vpns_ex, $whitelist_key_ex); + + conf_mount_ro(); + +} /* open snort.sh for writing" */ function create_snort_sh() @@ -825,7 +1250,7 @@ function create_snort_sh() $snortbarnyardlog_mysql_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; if ($snortbarnyardlog_info_chk == 'on' && $snortbarnyardlog_mysql_info_chk != '') { - $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"; + $start_barnyard2 = "sleep 4;/usr/local/bin/barnyard2 -f snort_{$snort_uuid}_{$if_real}.u2 -u snort -g snort --pid-path /var/log/snort/run -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -w /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo -D -q"; } /* Get all interface startup commands ready */ @@ -842,7 +1267,7 @@ $snort_sh_text2[] = <<<EOD /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid /bin/rm /var/run/snort_{$snort_uuid}_{$if_real}.pid.lck - /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}{$if_real} -D -q -l /var/log/snort -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + /usr/local/bin/snort -u snort -g snort -R {$snort_uuid}{$if_real} -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} $start_barnyard2 /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For {$snort_uuid}_{$if_real}..." @@ -1258,11 +1683,19 @@ snort_rules_up_deinstall_cron(""); function generate_snort_conf($id, $if_real, $snort_uuid) { - global $config, $g; conf_mount_rw(); - + + /* custom home nets */ + $home_net = create_snort_homenet($id, $if_real); + + if ($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'] == 'default'){ + $external_net = '!$HOME_NET'; + }else{ + $external_net = create_snort_externalnet($id, $if_real); + } + /* obtain external interface */ /* XXX: make multi wan friendly */ $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; @@ -1305,20 +1738,24 @@ if ($alertsystemlog_info_chk == on) /* define tcpdumplog */ $tcpdumplog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog']; if ($tcpdumplog_info_chk == on) - $tcpdumplog_type = "output log_tcpdump: snorttcpd.log"; + $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump"; /* define snortunifiedlog */ $snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog']; if ($snortunifiedlog_info_chk == on) - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; /* define spoink (DISABLED)*/ $spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7']; -if ($spoink_info_chk == on) - $spoink_type = "output alert_pf: /var/db/whitelist,snort2c"; - - /* define servers and ports snortdefservers */ - +if ($spoink_info_chk == on) { + + preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_file); + $spoink_whitelist_name = $wlist_name_file[0]; + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c"; + +} + +/* define servers and ports snortdefservers */ /* def DNS_SERVSERS */ $def_dns_servers_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['def_dns_servers']; if ($def_dns_servers_info_chk == "") @@ -1569,111 +2006,7 @@ else else $snort_performance = "ac-bnfa"; - /* open snort's whitelist for writing */ - $whitelist = fopen("/var/db/whitelist", "w"); - if(!$whitelist) { - log_error("Could not open /var/db/whitelist for writing."); - return; - } - /* build an interface array list */ - $int_array = array('lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(!$config['interfaces']['opt' . $j]['gateway']) - $int_array[] = "opt{$j}"; - - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. - */ - foreach($int_array as $int) { - /* calculate interface subnet information */ - $ifcfg = &$config['interfaces'][$int]; - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe" or $subnet == "dhcp") { - $subnet = find_interface_ip("ng0"); - if($subnet) - $home_net .= "{$subnet} "; - } else { - if ($subnet) - if($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; - } - } - - /* add all WAN ips to the whitelist */ - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if($ip) - $home_net .= "{$ip} "; - - /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $int = convert_friendly_interface_to_real_interface_name2("WAN"); - $gw = get_interface_gateway($int); - if($gw) - $home_net .= "{$gw} "; - - /* Add DNS server for WAN interface to whitelist */ - $dns_servers = get_dns_servers(); - foreach($dns_servers as $dns) { - if($dns) - $home_net .= "{$dns} "; - } - - /* Add loopback to whitelist (ftphelper) */ - $home_net .= "127.0.0.1 "; - - /* iterate all vips and add to whitelist */ - - if($config['virtualip']) - foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) - $home_net .= $vip['subnet'] . " "; - - if($config['installedpackages']['snortglobal']['config']) - foreach($config['installedpackages']['snortglobal']['config'] as $snort) - if($snort['ip']) - $home_net .= $snort['ip'] . " "; - - /* write out whitelist, convert spaces to carriage returns */ - $whitelist_home_net = str_replace(" ", " ", $home_net); - $whitelist_home_net = str_replace(" ", "\n", $home_net); - - /* make $home_net presentable to snort */ - $home_net = trim($home_net); - $home_net = str_replace(" ", ",", $home_net); - $home_net = "[{$home_net}]"; - - /* foreach through whitelist, writing out to file */ - $whitelist_split = split("\n", $whitelist_home_net); - foreach($whitelist_split as $wl) - if(trim($wl)) - fwrite($whitelist, trim($wl) . "\n"); - - /* should we whitelist vpns? */ - $whitelistvpns = $config['installedpackages']['snortglobal']['whitelistvpns']; - - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ - if($whitelistvpns) { - if ($pfsense_stable == 'yes') // chk what pfsense version were on - { - $vpns_list = get_vpns_list(); - } - if ($pfsense_stable == 'no') // chk what pfsense version were on - { - $vpns_list = filter_get_vpns_list(); - } - - $whitelist_vpns = split(" ", $vpns_list); - foreach($whitelist_vpns as $wl) - if(trim($wl)) - fwrite($whitelist, trim($wl) . "\n"); - } - - /* close file */ - fclose($whitelist); - /* generate rule sections to load */ $enabled_rulesets = $config['installedpackages']['snortglobal']['rule'][$id]['rulesets']; if($enabled_rulesets) { @@ -1934,7 +2267,7 @@ if ($def_ssl_ports_ignore_info_chk == "") else $def_ssl_ports_ignore_type = "$def_ssl_ports_ignore_info_chk"; -////////////////////////////////////////////////////////////////// + /* build snort configuration file */ /* TODO; feed back from pfsense users to reduce false positives */ $snort_conf_text = <<<EOD @@ -1947,7 +2280,7 @@ else # snort.conf # Snort can be found at http://www.snort.org/ # -# Copyright (C) 2009 Robert Zelaya +# Copyright (C) 2009-2010 Robert Zelaya # part of pfSense # All rights reserved. # @@ -1979,7 +2312,7 @@ else ######################### var HOME_NET {$home_net} -var EXTERNAL_NET !\$HOME_NET +var EXTERNAL_NET {$external_net} ################### # diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 0a3eb7a3..d2603aec 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -99,11 +99,6 @@ <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item> - </additional_files_needed> - <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> @@ -179,6 +174,16 @@ <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/etc/rc.d/</prefix> <chmod>755</chmod> <item>http://www.pfsense.com/packages/config/snort/snort.sh</item> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 4f0ddb03..c135187a 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -85,21 +85,19 @@ if ($_POST['save']) } - if ($_POST['delete']) { - - exec("killall syslogd"); conf_mount_rw(); - if(file_exists("/var/log/snort/alert")) - { - exec('/bin/rm /var/log/snort/*'); - exec('/usr/bin/touch /var/log/snort/alert'); + if(file_exists('/var/log/snort/alert')) + { + exec('/bin/echo "" > /var/log/snort/alert'); + post_delete_logs(); + exec('/usr/sbin/chown snort:snort /var/log/snort/*'); + exec('/bin/chmod 660 /var/log/snort/*'); + sleep(2); + exec('/usr/bin/killall -HUP snort'); } conf_mount_ro(); - system_syslogd_start(); - //exec("/usr/bin/killall -HUP snort"); - } if ($_POST['download']) @@ -332,8 +330,8 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", true, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> </td> @@ -356,7 +354,7 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') <form action="/snort/snort_alerts.php" method="post"> <input name="download" type="submit" class="formbtn" value="Download"> All log files will be saved. - <input name="delete" type="submit" class="formbtn" value="Clear"> + <input name="delete" type="submit" class="formbtn" value="Clear" onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')"> <span class="red"><strong>Warning:</strong></span> all log files will be deleted. </form> </td> diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 103fba0e..d88b354c 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -110,6 +110,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['uuid'] = $a_nat[$id]['uuid']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; + $pconfig['homelistname'] = $a_nat[$id]['homelistname']; + $pconfig['externallistname'] = $a_nat[$id]['externallistname']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; @@ -120,6 +123,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -225,7 +229,10 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } - if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } + if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } + if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } + if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } /* post new options */ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 293679d9..e09e8928 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -259,8 +259,8 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '') $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", true, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> </td> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 3c4e98eb..e22c1b06 100644 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -40,7 +40,6 @@ $pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5"; $pfsense_rules_filename = "pfsense_rules.tar.gz"; require_once("globals.inc"); -require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); /* define checks */ diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 9641b767..974f9cb4 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -111,6 +111,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['uuid'] = $a_nat[$id]['uuid']; $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; + $pconfig['homelistname'] = $a_nat[$id]['homelistname']; + $pconfig['externallistname'] = $a_nat[$id]['externallistname']; $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; @@ -169,7 +172,11 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } - if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } + if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } + if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } + if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + /* post new options */ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index b3b20582..f1970910 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -142,8 +142,8 @@ echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); if ($snort_emrging_info == "stop" && $snort_oinkid_info == "stop") { @@ -267,8 +267,8 @@ setTimeout($.unblockUI, 2000); $tab_array[] = array("Rule Updates", true, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> diff --git a/config/snort/snort_help_info.php b/config/snort/snort_help_info.php index 5355ec77..4c795b6d 100644 --- a/config/snort/snort_help_info.php +++ b/config/snort/snort_help_info.php @@ -86,8 +86,8 @@ clear: both; $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", true, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", true, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> </td> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 5f42725f..07048276 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -328,8 +328,8 @@ padding: 15px 10px 50% 50px; $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> </td></tr> @@ -486,9 +486,9 @@ padding: 15px 10px 50% 50px; <br> Please edit the <strong>Global Settings</strong> tab before adding an interface. <br><br> - <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard. + <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="Add Icon"> icon to add a interface.<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="Start Icon"> icon to <strong>start</strong> snort and barnyard2. <br> - <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard. + <strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="Edit Icon"> icon to edit a interface and settings.<strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="Stop Icon"> icon to <strong>stop</strong> snort and barnyard2. <br> <strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="Delete Icon"> icon to delete a interface and settings. </td> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index b63bbfbd..8cc97a75 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -134,6 +134,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; + $pconfig['homelistname'] = $a_nat[$id]['homelistname']; + $pconfig['externallistname'] = $a_nat[$id]['externallistname']; $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; @@ -233,6 +236,9 @@ if ($_POST["Submit"]) { $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; /* if post = on use on off or rewrite the conf */ if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; + $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; + $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } @@ -306,6 +312,9 @@ if ($_POST["Submit"]) { touch("$d_snortconfdirty_path"); + /* if snort.sh crashed this will remove the pid */ + exec('/bin/rm /tmp/snort.sh.pid'); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -338,7 +347,7 @@ if ($_POST["Submit"]) { if ($_POST["Submit3"]) { - Running_Stop($snort_uuid, $if_real, $id); + Running_Stop($snort_uuid, $if_real, $id); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -562,12 +571,107 @@ if ($a_nat[$id]['interface'] != '') { </span></td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Home net</td> + <td width="78%" class="vtable"> + <select name="homelistname" class="formfld" id="homelistname"> + <?php + /* find whitelist names and filter by type */ + $hlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; + $hid = -1; + if ($pconfig['homelistname'] == 'default'){ $selected = 'selected'; } + $wlist_sub2 = preg_match('/^([a-zA-z0-9]+)/', $pconfig['homelistname'], $hlist_sub); + echo "<option value=\"default\" $selected>default</option> + "; + foreach ($hlist_select as $value): + $hid += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['snortlisttype'] == 'netlist') { + $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['name']; + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$hid]['uuid']; + if ($ilistname == $hlist_sub[0]){ + echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $whitelist_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> + '; + } + endforeach; + ?> + </select><br> + <span class="vexpl">Choose the home net you will like this rule to use. + </span> <span class="red">Note:</span> Default home net adds only local networks.<br> + <span class="red">Hint:</span> Most users add a list of friendly ips that the firewall cant see.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">External net</td> + <td width="78%" class="vtable"> + <select name="externallistname" class="formfld" id="externallistname"> + <?php + /* find whitelist names and filter by type */ + $exlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; + $exid = -1; + if ($pconfig['externallistname'] == 'default'){ $selected = 'selected'; } + preg_match('/^([a-zA-z0-9]+)/', $pconfig['externallistname'], $exlist_sub); + echo "<option value=\"default\" $selected>default</option> + "; + foreach ($exlist_select as $value): + $exid += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['snortlisttype'] == 'netlist') { + $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['name']; + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$exid]['uuid']; + if ($ilistname == $exlist_sub[0]){ + echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $whitelist_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> + '; + } + endforeach; + ?> + </select><br> + <span class="vexpl">Choose the external net you will like this rule to use. + </span> <span class="red">Note:</span> Default external net, networks that are not home net.<br> + <span class="red">Hint:</span> Most users should leave this setting at default.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Block offenders</td> <td width="78%" class="vtable"> <input name="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> Checking this option will automatically block hosts that generate a Snort alert.</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Whitelist</td> + <td width="78%" class="vtable"> + <select name="whitelistname" class="formfld" id="whitelistname"> + <?php + /* find whitelist names and filter by type, make sure to track by uuid */ + $wlist_select = $config['installedpackages']['snortglobal']['whitelist']['item']; + $wid = -1; + if ($pconfig['whitelistname'] == 'default'){ $selected = 'selected'; } + preg_match('/^([a-zA-z0-9]+)/', $pconfig['whitelistname'], $wlist_sub); + echo "<option value=\"default\" $selected>default</option> + "; + foreach ($wlist_select as $value): + $wid += 1; + if ($config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['snortlisttype'] == 'whitelist') { + $ilistname = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['name']; + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$wid]['uuid']; + if ($ilistname == $wlist_sub[0]){ + echo "<option value=\"$ilistname $whitelist_uuid\" selected>"; + }else{ + echo "<option value=\"$ilistname $whitelist_uuid\">"; + } + echo htmlspecialchars($ilistname) . '</option> + '; + } + endforeach; + ?> + </select><br> + <span class="vexpl">Choose the whitelist you will like this rule to use. + </span> <span class="red">Note:</span> Default whitelist adds only local networks.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Send alerts to main System logs</td> <td width="78%" class="vtable"> <input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 3c487ce0..bad5efd1 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -256,8 +256,8 @@ include("head.inc"); $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); - $tab_array[] = array("Whitelists", false, "/pkg.php?xml=/snort/snort_whitelist.xml"); - $tab_array[] = array("Help & Info", false, "/snort/snort_help_info.php"); + $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> </td></tr> <tr> diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php new file mode 100644 index 00000000..c55e0352 --- /dev/null +++ b/config/snort/snort_interfaces_whitelist.php @@ -0,0 +1,179 @@ +<?php
+/* $Id$ */
+/*
+ firewall_aliases.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+//aliases_sort(); << what ?
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+if (isset($config['installedpackages']['snortglobal']['whitelist']['item'])) {
+$id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+}else{
+$id_gen = '0';
+}
+
+$d_whitelistdirty_path = '/var/run/snort_whitelist.dirty';
+
+if ($_POST) {
+
+ $pconfig = $_POST;
+
+ if ($_POST['apply']) {
+ $retval = 0;
+
+ if(stristr($retval, "error") <> true)
+ $savemsg = get_std_save_message($retval);
+ else
+ $savemsg = $retval;
+ if ($retval == 0) {
+ if (file_exists($d_whitelistdirty_path))
+ unlink($d_whitelistdirty_path);
+ }
+ }
+}
+
+if ($_GET['act'] == "del") {
+ if ($a_whitelist[$_GET['id']]) {
+ /* make sure rule is not being referenced by any nat or filter rules */
+
+ unset($a_whitelist[$_GET['id']]);
+ write_config();
+ filter_configure();
+ touch($d_whitelistdirty_path);
+ header("Location: /snort/snort_interfaces_whitelist.php");
+ exit;
+ }
+}
+
+$pgtitle = "Services: Snort: Whitelist";
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("./snort_fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<form action="/snort/snort_interfaces_whitelist.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_whitelistdirty_path)): ?><p>
+<?php print_info_box_np("The white list has been changed.<br>You must apply the changes in order for them to take effect.");?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+<tr>
+<td class="tabcont">
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+
+<tr>
+ <td width="25%" class="listhdrr">File Name</td>
+ <td width="25%" class="listhdrr">Values</td>
+ <td width="25%" class="listhdr">Description</td>
+ <td width="10%" class="list">
+ </td>
+</tr>
+ <?php $i = 0; foreach ($a_whitelist as $list): ?>
+<tr>
+ <td class="listlr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?>
+ </td>
+ <td class="listr" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <?php
+ $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
+ echo $addresses;
+ if(count($addresses) < 10) {
+ echo " ";
+ } else {
+ echo "...";
+ }
+ ?>
+ </td>
+ <td class="listbg" ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF">
+ <?=htmlspecialchars($list['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit whitelist"></a></td>
+ <td><a href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete whitelist"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+ <?php $i++; endforeach; ?>
+<tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17"> </td>
+ <td valign="middle"><a href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+ </td>
+ </tr>
+ </table>
+<br>
+<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+<td width="100%"><span class="vexpl"><span class="red"><strong>Note:</strong></span>
+ <p><span class="vexpl">Here you can create whitelist files for your snort package rules. Please add all the ips or networks you want to protect against snort block decisions. Remember that the default whitelist only includes local networks. Be careful, it is very easy to get locked out of you system.</span></p>
+</td>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php new file mode 100644 index 00000000..41476c9c --- /dev/null +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -0,0 +1,449 @@ +<?php
+/* $Id$ */
+/*
+ firewall_aliases_edit.php
+ Copyright (C) 2004 Scott Ullrich
+ All rights reserved.
+
+ originially part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ modified for the pfsense snort package
+ Copyright (C) 2009-2010 Robert Zelaya.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+aliases_sort();
+$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+
+/* gen uuid for each iface !inportant */
+if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') {
+ //$snort_uuid = gen_snort_uuid(strrev(uniqid(true)));
+$whitelist_uuid = 0;
+while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
+ $whitelist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $whitelist_uuid;
+ }
+}
+
+if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') {
+ $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
+}
+
+$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid";
+
+$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+
+if (isset($id) && $a_whitelist[$id]) {
+
+ /* old settings */
+ $pconfig['name'] = $a_whitelist[$id]['name'];
+ $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
+ $pconfig['detail'] = $a_whitelist[$id]['detail'];
+ $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
+ $pconfig['address'] = $a_whitelist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
+ $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_whitelist[$id]['vips'];
+ $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+
+
+ $addresses = explode(' ', $pconfig['address']);
+ $address = explode(" ", $addresses[0]);
+ if ($address[1])
+ $addresssubnettest = true;
+ else
+ $addresssubnettest = false;
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "name address");
+ $reqdfieldsn = explode(",", "Name,Address");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ $x = is_validwhitelistname($_POST['name']);
+ if (!isset($x)) {
+ $input_errors[] = "Reserved word used for whitelist file name.";
+ } else {
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
+ }
+
+ if (is_validwhitelistname($_POST['address']) == false)
+ $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset.";
+
+
+ /* check for name conflicts */
+ foreach ($a_whitelist as $w_list) {
+ if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
+ continue;
+
+ if ($w_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+
+ $w_list = array();
+ /* post user input */
+ $w_list['name'] = $_POST['name'];
+ $w_list['uuid'] = $whitelist_uuid;
+ $w_list['snortlisttype'] = $_POST['snortlisttype'];
+ $w_list['address'] = $_POST['address'];
+ $w_list['wanips'] = $_POST['wanips']? yes : no;
+ $w_list['wangateips'] = $_POST['wangateips']? yes : no;
+ $w_list['wandnsips'] = $_POST['wandnsips']? yes : no;
+ $w_list['vips'] = $_POST['vips']? yes : no;
+ $w_list['vpnips'] = $_POST['vpnips']? yes : no;
+
+
+ $address = $w_list['address'];
+ $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto");
+ if($final_address_detail <> "") {
+ $final_address_details .= $final_address_detail;
+ } else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
+ $isfirst = 0;
+
+
+ /* add another entry code */
+ for($x=0; $x<299; $x++) {
+ $comd = "\$subnet = \$_POST['address" . $x . "'];";
+ eval($comd);
+ $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];";
+ eval($comd);
+ if($subnet <> "") {
+ $address .= " ";
+ $address .= $subnet;
+ if($subnet_address <> "") $address .= "" . $subnet_address;
+
+ /* Compress in details to a single key, data separated by pipes.
+ Pulling details here lets us only pull in details for valid
+ address entries, saving us from having to track which ones to
+ process later. */
+ $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');";
+ eval($comd);
+ if($final_address_detail <> "") {
+ $final_address_details .= $final_address_detail;
+ } else {
+ $final_address_details .= "Entry added" . " ";
+ $final_address_details .= date('r');
+ }
+ $final_address_details .= "||";
+ }
+ }
+
+ if (!$input_errors) {
+ $w_list['address'] = $address;
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['detail'] = $final_address_details;
+
+ if (isset($id) && $a_whitelist[$id])
+ $a_whitelist[$id] = $w_list;
+ else
+ $a_whitelist[] = $w_list;
+
+ touch($d_snort_whitelist_dirty_path);
+
+ write_config();
+
+ header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id");
+ exit;
+ }
+ //we received input errors, copy data to prevent retype
+ else
+ {
+ $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $pconfig['address'] = $address;
+ $pconfig['detail'] = $final_address_details;
+ }
+}
+
+include("head.inc");
+
+
+
+
+$description_str = gettext("Description");
+$hosts_str = gettext("IP or CIDR items");
+$ip_str = gettext("IP");
+
+$update_freq_str = gettext("Update Freq.");
+
+
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php
+ include("./snort_fbegin.inc");
+ echo $jscriptstr;
+?>
+
+<script type="text/javascript" src="../row_helper.js"></script>
+<input type='hidden' name='address_type' value='textbox' />
+<script type="text/javascript">
+ rowname[0] = "address";
+ rowtype[0] = "textbox";
+ rowsize[0] = "30";
+
+ rowname[1] = "detail";
+ rowtype[1] = "textbox";
+ rowsize[1] = "50";
+</script>
+
+<p class="pgtitle"><?=$pgtitle?></p>
+
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="inputerrors"></div>
+
+<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php");
+ $tab_array[] = array("Global Settings", false, "/snort/snort_interfaces_global.php");
+ $tab_array[] = array("Rule Updates", false, "/snort/snort_download_rules.php");
+ $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php");
+ $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php");
+ $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[] = array("Help", false, "/snort/snort_help_info.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+<tr>
+<td class="tabcont">
+
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+<?php if(is_alias_inuse($pconfig['name']) == true): ?>
+ <tr>
+ <td valign="top" class="vncellreq">Name</td>
+ <td class="vtable"> <input name="name" type="hidden" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
+ <?php echo $pconfig['name']; ?>
+ <p>
+ <span class="vexpl">NOTE: This list is in use so the name may not be modified!</span>
+ </p>
+ </td>
+ </tr>
+<?php else: ?>
+ <tr>
+ <td valign="top" class="vncellreq">Name</td>
+ <td class="vtable">
+ <input name="name" type="text" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
+ <br />
+ <span class="vexpl">
+ The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces.
+ </span>
+ </td>
+ </tr>
+<?php endif; ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
+ <br />
+ <span class="vexpl">
+ You may enter a description here for your reference (not parsed).
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">List Type</td>
+ <td width="78%" class="vtable">
+ <select name="snortlisttype" class="formfld" id="snortlisttype">
+ <?php
+ $interfaces4 = array('whitelist' => 'WHITELIST', 'netlist' => 'NETLIST');
+ foreach ($interfaces4 as $iface4 => $ifacename4): ?>
+ <option value="<?=$iface4;?>" <?php if ($iface4 == $pconfig['snortlisttype']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename4);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make.
+ </span> <span class="red">Note:</span> NETLIST's are only for defining snort.conf's external or home NETS.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">WAN IPs</td>
+ <td width="78%" class="vtable">
+ <input name="wanips" type="checkbox" id="wanips" size="40" value="yes" <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add WAN IPs to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Wan Gateways</td>
+ <td width="78%" class="vtable">
+ <input name="wangateips" type="checkbox" id="wangateips" size="40" value="yes" <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add WAN Gateways to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Wan DNS servers</td>
+ <td width="78%" class="vtable">
+ <input name="wandnsips" type="checkbox" id="wandnsips" size="40" value="yes" <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add WAN DNS servers to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Virtual IP Addresses</td>
+ <td width="78%" class="vtable">
+ <input name="vips" type="checkbox" id="vips" size="40" value="yes" <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add Virtual IP Addresses to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">VPNs</td>
+ <td width="78%" class="vtable">
+ <input name="vpnips" type="checkbox" id="vpnips" size="40" value="yes" <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?>/>
+ <span class="vexpl">
+ Add VPN Addresses to the list.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><div id="addressnetworkport">IP or CIDR items</div></td>
+ <td width="78%" class="vtable">
+ <table id="maintable">
+ <tbody>
+ <tr>
+ <td colspan="4">
+ <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp">
+ Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24</div>
+ </td>
+ </tr>
+ <tr>
+ <td><div id="onecolumn">IP or CIDR</div></td>
+ <td><div id="threecolumn">Add a Description or leave blank and a date will be added.</div></td>
+ </tr>
+
+ <?php
+ /* cleanup code */
+ $counter = 0;
+ $address = $pconfig['address'];
+ $item = explode(" ", $address);
+ $item3 = explode("||", $pconfig['detail']);
+ foreach($item as $ww) {
+ $address = $item[$counter];
+ $item4 = $item3[$counter];
+ if($counter > 0) $tracker = $counter + 1;
+ ?>
+ <tr>
+ <td>
+ <input name="address<?php echo $tracker; ?>" type="text" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" />
+ </td>
+ <td>
+ <input name="detail<?php echo $tracker; ?>" type="text" id="detail<?php echo $tracker; ?>" size="50" value="<?=$item4;?>" />
+ </td>
+ <td>
+ <?php
+ if($counter > 0)
+ echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />";
+ ?>
+ </td>
+ </tr>
+ <?php
+ $counter++;
+
+ } // end foreach
+ ?>
+ </tbody>
+ </table>
+ <a onclick="javascript:addRowTo('maintable'); typesel_change(); return false;" href="#">
+ <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" />
+ </a>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" />
+ <?php if (isset($id) && $a_whitelist[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" />
+ <?php endif; ?>
+ </td>
+ </tr>
+</table>
+ </td>
+ </tr>
+ </table>
+</form>
+
+<script type="text/javascript">
+ /* row and col adjust when you add extra entries */
+ field_counter_js = 2;
+ rows = 1;
+ totalrows = <?php echo $counter; ?>;
+ loaded = <?php echo $counter; ?>;
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
\ No newline at end of file diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 1d3abf0b..5875ab70 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -104,6 +104,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['uuid'] = $a_nat[$id]['uuid']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; + $pconfig['homelistname'] = $a_nat[$id]['homelistname']; + $pconfig['externallistname'] = $a_nat[$id]['externallistname']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; @@ -202,7 +205,11 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - + if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } + if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } + if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + + /* post new options */ $natent['perform_stat'] = $_POST['perform_stat']; if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 759193c8..d1239d25 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -38,8 +38,8 @@ */ require_once("guiconfig.inc"); -require_once("config.inc"); - +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index d232c097..6d5d7332 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -29,8 +29,6 @@ */ require("guiconfig.inc"); -//require_once("filter.inc"); -//require_once("service-utils.inc"); include_once("/usr/local/pkg/snort/snort.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); diff --git a/config/snort/snort_whitelist.xml b/config/snort/snort_whitelist.xml deleted file mode 100644 index d98f83fa..00000000 --- a/config/snort/snort_whitelist.xml +++ /dev/null @@ -1,117 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>snortglobal</name> - <version>0.1.0</version> - <title>Snort: Whitelist</title> - <include_file>/usr/local/pkg/snort/snort.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <tabs> - <tab> - <text>Snort Interfaces</text> - <url>/snort/snort_interfaces.php</url> - </tab> - <tab> - <text>Global Settings</text> - <url>/snort/snort_interfaces_global.php</url> - </tab> - <tab> - <text>Rule Updates</text> - <url>/snort/snort_download_rules.php</url> - </tab> - <tab> - <text>Alerts</text> - <url>/snort/snort_alerts.php</url> - </tab> - <tab> - <text>Blocked</text> - <url>/snort/snort_blocked.php</url> - </tab> - <tab> - <text>Whitelist</text> - <url>/pkg.php?xml=/snort/snort_whitelist.xml</url> - <active/> - </tab> - <tab> - <text>Help Info</text> - <url>/snort/snort_help_info.php</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Whitelisted IP</fielddescr> - <fieldname>ip</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Whitelisted IP</fielddescr> - <fieldname>ip</fieldname> - <description>Enter the IP or network to whitelist from snort blocking. Network items should be expressed in CIDR notation. Example: 0.0.0.0/24 or 0.0.0.0/32</description> - <type>input</type> - <size>40</size> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this item</description> - <type>input</type> - <size>60</size> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_php_resync_config_command> - sync_snort_package_empty(); - </custom_php_resync_config_command> -</packagegui> |